---
title: Scopes
description: In addition to OAuth, PIngFederate supports the use of scopes to constrain and define access privileges.
component: pingfederate
version: 13.1
page_id: pingfederate:introduction_to_pingfederate:pf_scopes
canonical_url: https://docs.pingidentity.com/pingfederate/13.1/introduction_to_pingfederate/pf_scopes.html
llms_txt: https://docs.pingidentity.com/pingfederate/llms.txt
docs_for_agents: https://developer.pingidentity.com/build-with-ai/docs-for-agents.md
revdate: July 5, 2022
section_ids:
  static-scopes-and-dynamic-scopes: Static scopes and dynamic scopes
  related-links: Related links
---

# Scopes

In addition to OAuth, PIngFederate supports the use of scopes to constrain and define access privileges.

OAuth provides a mechanism to constrain the privileges associated with an access token, whereas scopes provide a way to more specifically define the privileges requested and granted. Generally, a client specifies the desired scopes when sending an authorization request to the authorization server. If the user approves, the authorization server issues an access token with these scopes.

Scopes are configured globally using the **System > OAuth Settings > Scope Management** configuration wizard. Once defined, you can manage the availability of scopes on a client-by-client basis.

## Static scopes and dynamic scopes

As an authorization server, PingFederate supports the concepts of static scopes and dynamic scopes. To define a static scope, use a text value such as `read_bank_account`. To define a dynamic scope, use a text value with a variable component represented by a wildcard, such as `read_bank_account_txn:*`. As illustrated, dynamic scopes allow clients to request authorization using scope values with a variable component from one request to another.

## Related links

* [Scopes and scope management](../administrators_reference_guide/pf_scopes_and_scope_management.html)