Editing an OIDC resource
You can define the global attribute mappings and scopes for the OpenID Connect (OIDC) resource. These mappings are inherited by all OIDC applications by default. Applications can override the inherited global attributes with custom attributes that you want included during runtime. Learn more in Customizing OIDC attributes for an application.
Steps
-
In the PingOne admin console, go to Applications > Resources.
-
Click the OpenID Connect entry to open the details panel.
-
On the Attributes tab, click the Pencil icon ().
-
Review the OIDC attributes and their mapping to PingOne attributes.
-
To add an attribute, click the Add button.
-
Enter an OIDC attribute and the desired PingOne mapping.
-
Click the Gear icon () to use advanced expressions. Learn more in Using the expression builder.
-
-
To delete an attribute, click the Delete icon ().
Attributes with a blue background are part of the OIDC specification. You cannot delete the default attributes, but you can map them to new attributes in PingOne. PingOne will ignore an attribute if the PingOne mapping is blank.
-
-
Select the delivery method:
-
ID Token: The attribute is delivered to the application in the ID token.
-
UserInfo: The attribute is delivered to the application from the UserInfo endpoint.
PingOne enforces an ID token limitation of 25 values for a multivalued attribute. When this occurs, PingOne populates
[SIZE_LIMIT_EXCEEDED]as the attribute value.Use UserInfo to retrieve the data as needed.
-
-
Click Save.
-
On the Scopes tab:
-
To add a scope, click Add scope.
-
Enter a Scope Name and Description.
-
Select Mapped Attributes to assign to the scope.
-
-
To edit a scope, click and select Mapped Attributes to assign to the scope.
Assigning attributes to a scope allows an application to inherit these attributes, if the application has the resource and scope added to it. Learn more in Editing an application - OIDC.
-
-
Click Save.