---
title: The <code>auth.profile.json</code> file
description: To use auth.profile.json, copy the file from /path/to/openidm/samples/example-configurations/self-service/ to your project's conf/ directory.
component: pingidm
version: 7.5
page_id: pingidm:self-service-reference:pp-authprofile-json
canonical_url: https://docs.pingidentity.com/pingidm/7.5/self-service-reference/pp-authprofile-json.html
keywords: ["JSON", "Configuration", "Authentication", "Self-Service", "User Self-Service"]
---

# The `auth.profile.json` file

|   |                                                                                                                                                                                                                      |
| - | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
|   | Progressive profiling is deprecated and will be removed in a future release of IDM. For more information, refer to [Deprecation](../release-notes/deprecated-functionality.html#deprecated-standalone-prog-profile). |

|   |                                                                                                                                                     |
| - | --------------------------------------------------------------------------------------------------------------------------------------------------- |
|   | To use `auth.profile.json`, copy the file from `/path/to/openidm/samples/example-configurations/self-service/` to your project's `conf/` directory. |

In some circumstances, you may wish to create a temporary role for users who are in the middle of progressive profile completion, such as if you wish to enable access to an endpoint, while prohibiting access to other parts of the End User UI (as well as the rest of IDM).

To do this, you may optionally define an `authenticationRole` in `auth.profile.json`, which you can use as a role assignment in `access.json` or elsewhere.

For example, if you wished to assign access to a custom endpoint for users who have incomplete profiles, you could modify `auth.profile.json` to include a custom `authenticationRole` called `incomplete-profile`:

```json
{
    "profileEnhancementProcesses": [
        "selfservice/termsAndConditions",
        "selfservice/kbaUpdate",
        "selfservice/profile"
    ],
    "authenticationRole": "incomplete-profile",
    "authorizationRole": "internal/role/openidm-authorized"
}
```

You could then give access to this role to your custom endpoint in `access.json`:

```json
{
    "pattern"    : "endpoint/extra-steps",
    "roles"      : "incomplete-profile",
    "methods"    : "read",
    ...
},
```

Access for these and other roles is governed by the `access.json` script. For more information, refer to [Configure Access Control in access.json](../auth-guide/authorization-and-roles.html#access-json).

The role specified in `authenticationRole` can be an existing role, or it can be a placeholder string. If it is a placeholder, it will not function as a real role, but can still be used for access in `access.json`, and will appear in access and authentication log files in the `openidim/audit` directory.