Creating a policy for permitted access token scopes
The first policy defines the access token scopes that PingAuthorize Server accepts for SCIM requests.
About this task
The following table defines these scopes.
Scope | Allowed actions | Applies to |
---|---|---|
scimAdmin |
search, retrieve, create/modify, delete |
Any data |
retrieve |
Requester’s email attributes |
|
profile |
retrieve |
Requester’s profile attributes |
To create the policy and add rules to define the scopes, perform the following steps:
Steps
-
Sign on to the PingAuthorize Policy Editor using the URL and credentials from Accessing the GUIs.
-
Click Policies.
-
Expand Global Decision Point, SCIM Policy Set, and Token Policies.
-
Select Scope Policies.
-
Next to Statements, click .
-
Click Components.
-
From the Statements list, drag Insufficient Scope to the area immediately following the Statements section. A box appears for you to drop the item into.
-
Click Save changes.
-
Click Policies to the left of Components.
-
Select Scope Policies.
-
From the menu, select Add Policy.
-
For the name, replace Untitled with
Permitted Scopes
. -
Change the combining algorithm to A single deny will override any permit decisions.
-
Click Save changes.