Configuring PingOne for PingAuthorize policy administration
About this task
The following configuration allows PingOne to authorize external access to the PingAuthorize Policy Editor.
Steps
-
Sign on to PingOne and click your environment.
Choose from:
-
If you have an account, go to the URL for your environment. Each environment has a unique URL for signing in. It follows the format https://console.pingone.com/?env=<environmentID>.
-
If you do not already have an account, create one at Try Ping.
-
-
To create an application in PingOne to represent the PingAuthorize Policy Editor, go to Connections → Applications and click the icon.
-
Enter a name for the application, such as
PingAuthorize Policy Editor
. -
Optional: Enter a description and add an icon.
-
Click OIDC Web App, and then click Save.
-
On the Configuration tab, click the Pencil icon to edit the settings.
-
From the PKCE Enforcement list in the Grant Type section, select S256_REQUIRED.
-
In the Redirect URIs field, enter a redirect URL that follows the format
https://<pap.hostname:port>/idp-callback
. -
In the Token Endpoint Authentication Method section, click None.
-
Click Save.
-
On the Resources tab, click the pencil icon to edit the settings.
-
In the Scopes list, click the icon to add the email and profile scopes to the Allowed Scopes list.
-
Click Save.
-
To enable the application, click the toggle.
-
Copy the following IDs:
-
Client ID: To find the Client ID, go to the application’s Profile tab.
-
Environment ID: To find the Environment ID, click Environment in the left navigation pane.
You’ll need them when you configure the Policy Editor to use PingOne.
-