Configuring the self-service portal

You can configure what information appears to end users in Self Service, also known as the PingOne Self-Service - MyAccount app. Learn more in System applications. You can also choose the sign-off method that PingOne uses when end users sign off from the MyAccount app.

Steps

In the PingOne admin console, go to User Experience > Self Service.
Click the Pencil icon.

Select or clear the following options as appropriate for your organization:

Setting

Description

Branding and Themes

Apply Active Theme

Apply the branding and themes configured for the environment to the MyAccount app.

Show Footer

Show the theme’s footer at the bottom of the MyAccount app.

Self Service Section

Manage Profile

Allow end users to edit their own profile attributes. If this option is enabled, end users can modify their profile details, such as name, address, and phone number. The specific attributes vary depending on the environment configuration.

Manage Authentication

Allow end users to manage their authentication methods, such as email, security key, text message, or authenticator app.

Users should always include the country code when pairing a device. Phone formats across the globe are constantly expanding and changing. If the country code isn’t included, issues might occur with message delivery.

Choose from the following options:

Enable or Disable MFA: Allow end users to enable or disable multi-factor authentication (MFA) for their account. This option is relevant for Customer Identity and Access Management (CIAM) users.

Manage PingID Devices via MyAccount: Allow PingID users to manage their devices from the MyAccount app. This option is relevant for PingID workforce users from environments that are converged with PingOne.

Selecting Manage PingID Devices via My account also:

Enables the Allow user actions according to granted authentication scopes option in the MyAccount app Resources tab. This option provides users with a limited set of scopes until they authenticate.
Adds the MyAccount app to all PingID policies that already include Device Management.
- To allow PingID users to manage their account with limited scopes, you must also ensure an MFA policy or MFA DaVinci flow policy is added to the MyAccount app.
- To add a policy to the app, refer to Associating an authentication policy with a web app.
- To disable reduced scopes, refer to Editing scopes for an application.
- Learn more about PingOne API scopes and their function in PingOne Self-management scopes.

None: Do not enable either option.

Change Password

Allow end users to change their own passwords.

Manage Linked Accounts

Allow end users to manage the linked accounts that are used during authentication.

Manage Sessions

Allow end users to view or sign off from PingOne sessions.

View Agreements

Allow users to see the agreements to which they’ve consented.

Manage OAuth Consents

Allow users to view and revoke OAuth consents to which they’ve agreed.

Sign Off Method

Determine which sign-off method PingOne uses when users sign off from the MyAccount app. Choose either of the following options:

OIDC Logout (default): Allow the end user to sign off from the MyAccount app using OpenID Connect (OIDC) relying party (RP)-initiated logout. This option invalidates access tokens, refresh tokens, and ID tokens associated with the session. When selected, PingOne doesn’t send SAML 2.0 single logout requests to SAML identity providers or applications.

Learn more in the OIDC RP-Initiated Logout 1.0 documentation.
SAML 2.0 Single Logout: Initiate SAML 2.0 single logout when the user signs off from the MyAccount app. Access tokens, refresh tokens, and ID tokens obtained during the session remain valid until they expire or are revoked.

Click Save.