ping-identity

Use this skill whenever the task involves writing code or wiring an SDK to integrate Ping Identity into an application. Triggers: Android, iOS, or React/JavaScript SDK integration; embedding DaVinci flows or AIC journeys in a web or mobile app; OIDC authorization code + PKCE flow wiring; server-side backend OIDC (Node.js, Java, Python, .NET); token validation, refresh, and session management; client credentials (M2M) and token exchange patterns; redirect_uri_mismatch, CORS, token refresh failures, push MFA not delivering; migrating from ForgeRock SDK to Ping SDK; embedding a Ping service SDK (Protect JavaScript signals SDK, Verify mobile SDK) in app code; on-prem PingFederate or PingAccess agent integration. NOT for: configuring or invoking PingOne Verify, Protect, IGA, or Authorize at the service/policy level (use ping-universal-services); platform admin (use ping-foundation); flow design (use ping-orchestration). Also invoke with /ping-app-integration.

Use this skill whenever the task involves setting up, configuring, or administering any Ping Identity platform — PingOne (multi-tenant cloud), PingOne Advanced Identity Cloud (AIC), PingFederate, PingAccess, PingDirectory, or PingID. Triggers: create or manage environments, tenants, realms; register OIDC, SAML, WS-Federation, or OAuth 2.0 apps; configure SSO, Platform SSO, or workforce single sign-on; manage directories, LDAP, user populations, or schema; configure sign-on policies, authentication policies, or step-up MFA policy settings at the platform level; configure MFA methods or PingID in PingFederate; branding, custom domains, or notification templates; administer on-premises Ping software; advisory questions like 'how should I structure my tenant' or 'what grant type should I use'. Prerequisite — a specific platform must be named or clearly implied; 'add a user to Ping' or 'create a user in Ping' without a named platform belongs in ping-quickstart first. Also invoke with /ping-foundation.

Use this skill whenever the task involves an AI agent, LLM, or agentic workflow interacting with Ping Identity. Triggers: giving an AI agent or LLM a verified machine identity; securing agent-to-API access with client credentials or short-lived tokens; Verified Trust signals or verifiable credentials for AI apps; Identity for AI 5-pillar architecture (Agent Identity, Agent Security, Agent Gateway, Agent Detection, Verified Trust); PingGateway as an MCP gateway for AI agents; CIBA human-in-the-loop approvals for high-risk agent actions; bot detection and AI agent detection with PingOne Protect; delegated tokens for helpdesk AI or workforce AI assistants; 'how do I give my AI agent an identity', 'secure my MCP server', 'token rotation for an autonomous agent'. If the request says 'automated process', 'scheduled job', or 'service account' WITHOUT mentioning AI, LLM, or agent — ask a clarifying question before routing here. If the prompt says only 'agent' or 'authenticate an agent' with no AI/LLM/agentic context — ask a clarifying question, as 'agent' is ambiguous (could mean AI agent, Ping integration agent, or browser user-agent). Also invoke with /ping-identity-for-ai.

Use this skill whenever the task involves designing, building, or advising on authentication flows, journeys, or orchestration logic in Ping Identity. Triggers: DaVinci flows, PingOne Advanced Identity Cloud (AIC) journeys, PingAM authentication trees, scripted decision nodes; login, registration, recovery, MFA, or step-up journey design; passwordless authentication (passkeys, FIDO2, magic links, biometric); authenticator app enrollment, TOTP, push MFA flows; transaction approvals via email or push notification (CIBA, out-of-band step-up); progressive profiling, social login, consent; flow troubleshooting; 'what nodes do I need', 'design a flow for', 'build a journey that'. When the user asks 'journey vs DaVinci flow?', 'AIC or DaVinci?', 'which orchestration platform should we use?', or 'where do I configure MFA in Ping?' without stating both a use case (workforce / CIAM / B2B) AND a platform — you MUST ask one clarifying question before recommending. Do not guess. Also invoke with /ping-orchestration.

Use this skill BEFORE any more specialised Ping skill whenever the user is in orientation mode — phrases like 'where do we start', 'where do I start', 'where do we begin', 'how do we begin', 'we want to add X — where do we start', 'we are evaluating', 'we are migrating from ForgeRock / Okta / Auth0', 'I am new to Ping', 'I inherited a Ping deployment', 'help me choose', 'PingOne vs AIC vs PingFederate', 'which Ping product do I need', 'recommended starting point', 'test this end to end / validate my Ping setup'. Even when a specific feature, service, or product is mentioned (KYC, MFA, Verify, DaVinci, etc.), if the framing is 'where do we start' or 'we are evaluating' or 'we are migrating' — route here FIRST. Also triggers on bare user-management commands with no platform named: 'Add a user to Ping', 'Create a user in Ping', 'Manage users in Ping' — Ping has many products with separate user populations (PingOne, PingOne Advanced Identity Cloud / AIC, PingFederate, PingDirectory); for these prompts you MUST respond with action 'clarify' asking which platform, not 'route'. Catch-all front door when platform or starting point is unclear. Also invoke with /ping-quickstart.