---
title: Adding a custom resource
description: Use the Resources page to add a custom resource to PingOne.
component: pingone
page_id: pingone:applications:p1_adding_custom_resource
canonical_url: https://docs.pingidentity.com/pingone/applications/p1_adding_custom_resource.html
revdate: January 10, 2025
section_ids:
  steps: Steps
  next-steps: Next steps
---

# Adding a custom resource

Use the **Resources** page to add a custom resource to PingOne.

## Steps

1. In the PingOne admin console, go to **Applications > Resources**.

2. In the **Create Resource Profile** step, enter the following information:

   * **Resource Name**: A unique identifier for the resource.

   * **Audience** (optional): The intended audience for the resource. If you don't provide a value, PingOne will default to the resource name.

   * **Description** (optional): A brief description of the resource.

   * **Access token time to live (seconds)**: The maximum time that the access token will be valid for use in the application, in seconds.

3. Click **Next**.

4. In the **Attributes** step, map resource attributes to user attributes in PingOne.

   Resources can use JSON attributes in their attribute mappings. You can use these attributes to pass complex information to applications through an access token. Learn more in [Adding user attributes](../directory/p1_adduserattributes.html).

   1. Enter a resource attribute and then select the corresponding PingOne attribute in the list.

      For example, you could map the `OIDC family_name` attribute to the PingOne `Family Name` attribute.

   2. (Optional) Click the **Gear** icon ([icon: gear, set=fa]) to use advanced expressions. Learn more in [Using the expression builder](../pingone_expression_language/p1_use_expression_builder.html).

   3. (Optional) Select the **Required** checkbox to make the attribute required.

      * For any attributes except the `sub` attribute

        If it can't find a value for an attribute set as required, PingOne doesn't issue an access token for the resource and instead issues an error message in the token response.

      * For the `sub` attribute

        The following table lists how PingOne handles the `sub` attribute based on whether it's set as required and what grant type the application is using:

        | `sub` set as required? | Application grant type                                                | If PingOne can't find an attribute mapping value?                                                                 |
        | ---------------------- | --------------------------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------- |
        | Yes                    | Any grant type requiring user interaction, such as authorization code | PingOne doesn't issue an access token for the resource and instead issues an error message in the token response. |
        | Yes                    | Client credentials                                                    | PingOne doesn't issue an access token for the resource and instead issues an error message in the token response. |
        | No                     | Any grant type requiring user interaction                             | PingOne populates the `sub` attribute with the PingOne user ID of the authenticated user.                         |
        | No                     | Client credentials                                                    | PingOne returns an access token without including the `sub` attribute.                                            |

   4. To add more attributes, click **[icon: plus, set=fa]Add** and enter an attribute and the corresponding PingOne mapping.

   5. To delete an attribute, click the **Delete** icon ([icon: trash, set=fa]) for the appropriate attribute.

      ![A screen capture of the Attributes step when adding a custom resource.](_images/p1-add-custom-resource.png)

5. Click **Next**.

6. In the **Scopes** step, configure the appropriate scopes for the resource. Each resource can have one or more scopes.

   To add a scope, click **[icon: plus, set=fa]Add Scope** and enter the following:

   * **Scope Name**: The name of the scope to be used for this resource. Scopes are defined by the resource server.

   * **Description** (optional): A brief description of the scope.

7. Click **Save**.

## Next steps

* You can add more scopes to the custom resource. Learn more in [Editing a resource](p1_editresource.html).

* With PingOne Authorize, you can define application resources and permissions to set up role-based access control for the custom resource. Learn more in [Application permissions](p1_application_permissions.html) and [Editing a resource](p1_editresource.html).

* You can enable an OIDC-based application to request scopes from multiple resources in a single request. Learn more about the **Request scopes to access multiple resources** option in [Editing an application - OIDC](p1_edit_application_oidc.html).