Managing IdP adapter grant mapping

Use the IdP Adapter Grant Mapping to map authentication source values into persistent grants.

Persistent grants and any associated attributes and their values remain valid until the grants expire or until PingFederate explicitly revokes or cleans them up.

About this task

The USER_KEY attribute is the identifier of the persistent grants.

The USER_NAME attribute presents the name shown to the resource owner on OAuth user-facing pages.

If extended attributes are defined in System → OAuth Settings → Authorization Server Settings, configure a mapping for each attribute.

You can optionally set up datastore queries to supplement values returned from the source.

This mapping configuration is suitable for the Authorization Code and Implicit grant types.

Steps

Go to Authentication → OAuth → IdP Adapter Grant Mapping and perform one of the following actions.

Action

Steps

Create a mapping

Select the source of the attributes from the list and click Add Mapping.

Modify an existing mapping

Select your mapping under Mappings.

Remove an existing mapping or cancel the removal request

Click Delete or Undelete under Action.

Before removing a mapping from your configuration, ensure that it is not used by your OAuth use cases. Any corresponding entries defined in Applications → OAuth → Access Token Mapping will also be removed.

Mapping OAuth attributes

PingFederate Server

Managing IdP adapter grant mapping

About this task

Steps

Related links