Authorization services
Services connect PingOne Authorize with data sources, such as APIs and information points, that provide information used to make context-aware authorization decisions.
Service connections augment authorization events with real-time data. Policy authors don’t use information from a service directly in policies. Instead, services are a source of data for the attributes used in policy evaluations.
After you connect a service to PingOne Authorize, make sure that you add or generate attributes that store values resolved from the service. Learn more in Authorization attributes.
Service types
PingOne Authorize supports the following types of service connections.
HTTP services
These services connect to HTTP endpoints accessible over the public internet.
HTTP services can send and receive text, JSON, and XML content. You can send custom headers with any request, and configure basic, bearer token, or OAuth 2.0 Client Credentials authentication methods for service-to-service authentication.
Connector services
These services consume information from other services provided by the PingOne platform. Learn more about attributes that are automatically generated when you connect to a PingOne service in Generating an attribute.
The PingOne Protect Connector service pulls in risk signals for use in authorization policies.
|
This Connector service requires a PingOne Protect license. |
LDAP Gateway services
These services connect to user information stored in external LDAP directories, such as PingDirectory, PingOne Advanced Identity Cloud (formerly ForgeRock Identity Cloud), or Microsoft Active Directory. You can use LDAP Gateway services for use cases such as:
-
Retrieving a user’s profile information
-
Retrieving a user’s groups
PingOne Authorize converts information received from an LDAP directory to JSON, making it easy to use this information in attributes and authorization policies.