PingOne

Customizing OIDC attributes for an application

About this task

In your PingOne Admin console, use the application details panel to customize the current attribute mappings for an OIDC application. Applications can override the inherited global attributes with custom attributes that you want included during runtime.

For example, if you’re adding an OIDC app to PingOne, and the application owner requires the user’s birthdate, which isn’t a default mapping value, you can add birthdate to the OIDC application’s Attribute Mappings configuration, sourcing it from something such as a custom user attribute that you’ve defined. Then, when the application asks for the profile OIDC scope at runtime, PingOne can include birthdate in the ID token and the UserInfo response.

Steps

  1. Go to Applications → Applications.

  2. Locate the application you want to view. You can browse or search for applications, or narrow your search to a particular application type

  3. Click the application entry to open the details panel.

  4. Click the Attribute mappings tab and then click the pencil icon to edit.

    PingOne shows the current attribute mappings for the OIDC application.

    Custom attributes

    Attributes that are mapped for the OIDC application. Applications can override the inherited global attributes with custom attributes.

    Inherited global attributes

    Attributes that are mapped as part of the OIDC resource on the Resource page. You can create custom attributes as a global setting, and applications will inherit the attribute mappings for any claims they need. Applications can override the inherited global attributes with custom attributes.

  5. Do one or more of the following:

    • To edit an existing attribute, select the OIDC attribute and the desired PingOne mapping.

      Attributes with a blue background are part of the OIDC specification. You cannot delete the default attributes, but you can map them to new attributes in PingOne. PingOne will ignore an attribute if the PingOne mapping is blank.

    • To add an attribute, click the Add button. Enter an OIDC attribute and the desired PingOne mapping. Click the gears icon to use advanced expressions. See Using the expression builder.

    • To delete an attribute, click the trash can icon for the appropriate attribute.

    • To use the advanced configuration editor, click Advanced configuration. See Using the advanced configuration editor.

  6. Click Save.