PingOne Advanced Identity Cloud

Authenticate with a browser

When you authenticate to Advanced Identity Cloud using a browser, you can specify the realm and the authentication parameters in the URL, to customize the user’s authentication experience.

Specify the realm in the URL

Specify the realm as the value of the realm parameter in the URL. Preface the realm name with a forward slash (/); for example:

https://<tenant-env-fqdn>/am/login/?realm=/alpha

Authentication parameters

PingOne Advanced Identity Cloud accepts the following parameters in the URL query string.

arg=newsession

Request that PingOne Advanced Identity Cloud end the user’s current session and start a new session.

ForceAuth

If ForceAuth=true, request that PingOne Advanced Identity Cloud force the user to authenticate even if they already have a valid session.

On successful authentication, PingOne Advanced Identity Cloud issues new session tokens to reauthenticating users, even if the current session already meets the security requirements.

goto

On successful authentication, or successful logout, request that PingOne Advanced Identity Cloud redirect the user to the specified location. Values must be URL-encoded.

For details, refer to Success and failure redirection URLs.

gotoOnFail

On authentication failure, request that PingOne Advanced Identity Cloud redirect the user to the specified location. Values must be URL-encoded.

For details, refer to Success and failure redirection URLs.

locale

Request that PingOne Advanced Identity Cloud display the user interface in the specified, supported locale. The locale can also be set in the user’s profile, in the HTTP header from their browser, or configured in PingOne Advanced Identity Cloud.

realm

Request that PingOne Advanced Identity Cloud authenticate the user to the specified realm.

resource

Set this parameter to true to request resource-based authentication.

service

Request that PingOne Advanced Identity Cloud authenticate the user with the specified authentication journey.

Example UI login URLs

Use any of the options listed in Authentication parameters as URL parameters. Note that URL parameters must appear before any occurrences of the pound or hash character (#).

The following are example URLs with parameters:

Table 1. Example UI Login URLs
Description Example URL

Log in to the alpha realm, requesting that PingOne Advanced Identity Cloud display the user interface in German.

https://<tenant-env-fqdn>/am/XUI/?realm=/alpha&locale=de#login

Log in to the alpha realm using the myJourney authentication journey, requesting that PingOne Advanced Identity Cloud display the user interface in German.

https://<tenant-env-fqdn>/am/XUI/?realm=/alpha&locale=de&service=myJourney#login

Copyright © 2010-2024 ForgeRock, all rights reserved.