PingOne

Adding an authorization attribute

Add attributes to map your organization’s data to a form that authorization policies can evaluate. Attributes serve as the data inputs that PingOne Authorize resolves and uses when making policy decisions.

Before you begin

Before adding attributes:

  • Plan how you want to organize them in the Attributes tree. You can nest attributes under parent attributes to group related attributes together.

  • Establish naming conventions for your attributes to make them easier to identify and understand. For example, you might prefix attributes that resolve from the same data source with the same string.

Steps

  1. Add a new attribute:

    1. In the PingOne admin console, go to Authorization > Trust Framework.

    2. On the Attributes tab, click the icon.

  2. Define general information for the attribute:

    1. Enter a unique Name for the attribute.

      To ensure that PingOne Authorize can resolve attribute references, the following characters aren’t allowed in the name:

      • Period (.)

      • Curly brackets ({ })

      • Pipe (|)

    2. (Optional) In the Description field, enter information that describes the attribute’s purpose.

      The description is only visible on the Attributes tab, but it can help policy authors understand how to use the attribute in policies.

    3. (Optional) To nest the attribute under a parent in the tree, select a Parent attribute.

      Nesting groups related attributes together. You can move an attribute to another location in the tree by selecting a different parent attribute. To remove nesting, click the Delete icon and leave the Parent blank.

  3. (Optional) To define where the attribute pulls information from, add resolvers.

  4. (Optional) Add value processors that transform the attribute’s value.

  5. (Optional) Add value settings that define the attribute’s data type and default value.

  6. Click Save changes.

    You can copy an attribute for reuse by selecting Make Copy from the hamburger menu of that attribute. You can’t copy a portion of an attribute definition, with the exception of resolvers. You must copy the whole attribute definition to duplicate any of its content or manually copy the content between definitions.

    If you copy an attribute with child attributes, only the parent is duplicated.

Next steps

After saving the attribute, you can add repetition settings to resolve the attribute’s values from a collection.