---
title: Configuring Delegated Admin as a new client (create OAuth client for Delegated Admin)
description: The following task configures Delegated Admin as a new client and outlines how to create an OAuth client for Delegated Admin.
component: pingdirectory
version: 11.0
page_id: pingdirectory:delegated_admin_application_guide:pd_da_config_delegated_admin_new_client
canonical_url: https://docs.pingidentity.com/pingdirectory/11.0/delegated_admin_application_guide/pd_da_config_delegated_admin_new_client.html
revdate: October 3, 2023
section_ids:
  about-this-task: About this task
  steps: Steps
  next-steps: Next steps
---

# Configuring Delegated Admin as a new client (create OAuth client for Delegated Admin)

The following task configures Delegated Admin as a new client and outlines how to create an OAuth *(tooltip: \<div class="paragraph">
\<p>A standard framework that enables an application (OAuth client) to obtain access tokens from an OAuth authorization server for the purpose of retrieving protected resources on a resource server.\</p>
\</div>)* client for Delegated Admin.

## About this task

To configure Delegated Admin as a new client:

## Steps

1. Sign on to the PingFederate admin console.

2. Go to **Applications → OAuth → Clients**.

3. Click **Add Client**.

4. For both the **Client ID** and **Name**, specify `dadmin`.

5. Set **Client Authentication** to **None**.

   |   |                             |
   | - | --------------------------- |
   |   | Do not set a client secret. |

6. For **Redirect URIS**, enter the appropriate URI for your environment based on the following table and then click **Add**.

   |                                                                              |                                                   |
   | ---------------------------------------------------------------------------- | ------------------------------------------------- |
   | For Delegated Admin on a PingDirectory server or a PingDirectoryProxy server | `https://<server-host>:<server-port>/delegator/*` |
   | For Delegated Admin on a web server hosted locally                           | `http://localhost:<server-port>/*`                |

7. Make the following selections:

   1. In the **Bypass Authorization Approval** section, select **Bypass**.

   2. In the **Exclusive Scopes** section, select **Allow Exclusive Scopes** and then select **urn:pingidentity:directory-delegated-admin**.

   3. In the **Allowed Grant Types** section, select **Authorization Code**.

   4. In the **Default Access Token Manager** list, select the token manager that you created in step 3 of [Configuring the OAuth server](pd_da_config_oauth_server.html).

   5. Select the check box for **Require Proof Key for Code Exchange (PKCE)**.

   6. In the **OpenID Connect** section, select the OpenID Connect (OIDC) policy that you created in step 5 of [Configuring the OAuth server](pd_da_config_oauth_server.html).

8. Click **Save**.

## Next steps

After completing the previous steps, configure the following settings to display the name of the administrator who is signed on to the client application:

1. Add the `profile` scope and ensure it is available to the OAuth client used for the Delegated Admin application.

2. Add and fulfill the `name` attribute as part of the contract for both the access token and the ID token supplied to the Delegated Admin application.

3. Set the `PROFILE_SCOPE_ENABLED` configuration variable for Delegated Admin in the `config.js` file to `true`.

   ```
   /**
    * Configuration wrapper object for Delegated Admin
    */
   window.PD_DADMIN_CONFIG = {
     /**
      * Set to true if the "profile" scope is supported for the Delegated Admin OIDC client on
      * PingFederate and you wish to use it to show the current user's name in the navigation.
      * DEFAULT: false
      */
     PROFILE_SCOPE_ENABLED: true,
   };
   ```