Configuring Apigee for PingOne Authorize integration
Install the PingAuth shared flow bundle in Apigee and configure it to integrate with PingOne Authorize.
Before you begin
Ensure you have:
-
A supported Apigee environment. The Ping Identity shared flow for Apigee supports Apigee Edge, Apigee Private Cloud, and Apigee X.
-
The PingAuth Shared Flow Bundle
.zip
archive. Download the integration kit for Apigee from the Ping Identity Integration Directory.
Steps
-
Upload the shared flow bundle:
-
In Apigee, go to Develop → Shared Flows and do one of the following:
-
In Apigee X, click Upload Bundle.
-
In Apigee Edge or Apigee Private Cloud, click +Shared Flow, and then click Upload Bundle.
-
-
For the shared flow Name, enter
PingAuth
. -
In File Picker, browse to the PingAuth shared flow bundle zip file and select it.
-
Click Create.
-
-
In Apigee X, configure the connection to PingOne Authorize.
Skip this step if you are using Apigee Edge or Apigee Private Cloud.
Apigee X doesn’t currently support managing the configuration values stored in key value maps in the Apigee interface. You must add these configuration values to the key value map policy. The key value map is created and the configuration values are added the first time the PingAuth shared flow is executed at runtime.
-
To access the PingAuth shared flow, go to Develop → Shared Flows → PingAuth.
-
Click the Develop tab and examine Revisions to make sure you are on the latest revision.
-
In the Policies panel on the left, click the Load KVM Config policy.
-
In the policy editor panel, remove the comment lines above and below the
InitialEntries
element. -
Edit values for
service_host_port
andservice_base_path
to match the Service URL from the API Gateway you added in PingOne Authorize.For example, for Service URL:
https://api.pingone.com/v1/environments/78b2c5b5-dead-f00d-beef-9f0ca3ae4486
The
service_host_port
isapi.pingone.com
.The
service_base_path
is/v1/environments/78b2c5b5-dead-f00d-beef-9f0ca3ae4486
. -
Edit the value for
shared_secret
to match the API Gateway credential you created in PingOne Authorize. -
Click Save.
-
-
In Apigee Edge or Apigee Private Cloud, configure the connection to PingOne Authorize.
Apigee Edge stores environment-specific configuration values in key value maps. This allows you to use the same policies across multiple deployment environments without any changes to the policies.
-
Go to Environment → Key Value Maps and click +Key Value Map.
-
Edit the key value map and click Add Entry.
-
Add values using the key names
service_host_port
andservice_base_path
that match the Service URL from the API Gateway you added in PingOne Authorize.For example, for Service URL:
https://api.pingone.com/v1/environments/78b2c5b5-dead-f00d-beef-9f0ca3ae4486
The
service_host_port
isapi.pingone.com
.The
service_base_path
is/v1/environments/78b2c5b5-dead-f00d-beef-9f0ca3ae4486
. -
Add a value using the key name
shared_secret
that matches the API Gateway credential you created in PingOne Authorize. -
Click Save.
-
-
Deploy the shared flow:
-
To access the PingAuth shared flow, go to Develop → Shared Flows → PingAuth.
-
Deploy the most recent revision of the shared flow to your environment.
-