PingAuthorize

Identity classifications and IdP support

The PingAuthorize Policy Editor provides the ability to generate smart identity classifications.

The purpose of these classifications is to abstract the underlying identity providers (IdPs) from their presumed level of trust. The outcome is that you will be able to build policies that target levels of trust instead of specific IdPs.

Defining trust levels has the following distinct parts:

Identity properties

Use the Identity Properties window to define objects and elements to attach to specific IdPs.

You use these properties later to map IdPs to specific identity classification levels.

Identity providers

Use the Identity Providers window to define different IdPs and to attach identity properties to them.

This task might appear irrelevant when your enterprise expects to use only one or two IdPs, but it provides significant abstraction for more complicated ecosystems in which tens or hundreds of IdPs participate.

Identity classifications

Use the Identity Classes window to create different levels of classification.

For each classification level, attach the properties that an IdP must have to be in that level.