Authenticate with a browser

When you authenticate to Advanced Identity Cloud using a browser, you can specify the realm and the authentication parameters in the URL, to customize the user’s authentication experience.

Specify the realm in the URL

Specify the realm as the value of the realm parameter in the URL. Preface the realm name with a forward slash (/); for example:

https://<tenant-env-fqdn>/am/login/?realm=/alpha

Authentication parameters

PingOne Advanced Identity Cloud accepts the following parameters in the URL query string.

arg=newsession: Request that PingOne Advanced Identity Cloud end the user’s current session and start a new session.
ForceAuth: If ForceAuth=true, request that PingOne Advanced Identity Cloud force the user to authenticate even if they already have a valid session.

On successful authentication, PingOne Advanced Identity Cloud issues new session tokens to reauthenticating users, even if the current session already meets the security requirements.
goto: On successful authentication, or successful logout, request that PingOne Advanced Identity Cloud redirect the user to the specified location. Values must be URL-encoded.

For details, refer to Success and failure redirection URLs.
gotoOnFail: On authentication failure, request that PingOne Advanced Identity Cloud redirect the user to the specified location. Values must be URL-encoded.

For details, refer to Success and failure redirection URLs.
locale: Request that PingOne Advanced Identity Cloud display the user interface in the specified, supported locale. The locale can also be set in the user’s profile, in the HTTP header from their browser, or configured in PingOne Advanced Identity Cloud.
realm: Request that PingOne Advanced Identity Cloud authenticate the user to the specified realm.
resource: Set this parameter to true to request resource-based authentication.
service: Request that PingOne Advanced Identity Cloud authenticate the user with the specified authentication journey.

Example UI login URLs

Use any of the options listed in Authentication parameters as URL parameters. Note that URL parameters must appear before any occurrences of the pound or hash character (#).

The following are example URLs with parameters:

Table 1. Example UI Login URLs
Description	Example URL
Log in to the `alpha` realm, requesting that PingOne Advanced Identity Cloud display the user interface in German.	`https://<tenant-env-fqdn>/am/XUI/?realm=/alpha&locale=de#login`
Log in to the `alpha` realm using the `myJourney` authentication journey, requesting that PingOne Advanced Identity Cloud display the user interface in German.	`https://<tenant-env-fqdn>/am/XUI/?realm=/alpha&locale=de&service=myJourney#login`