---
title: Adding an identity provider - PayPal
description: Add PayPal as an external identity provider in PingOne to allow users to sign on with PayPal when accessing your application.
component: pingone
page_id: pingone:integrations:p1_add_idp_paypal
canonical_url: https://docs.pingidentity.com/pingone/integrations/p1_add_idp_paypal.html
revdate: May 29, 2025
page_aliases: ["p1_register_app_paypal.adoc", "p1_configure_scopes_paypal.adoc", "p1_add_the_idp_p1.adoc", "p1_register_return_url_paypal.adoc"]
section_ids:
  before-you-begin: Before you begin
  registering-your-application-with-paypal: Registering your application with PayPal
  before-you-begin-2: Before you begin
  steps: Steps
  configuring-scopes-and-options: Configuring scopes and options
  steps-2: Steps
  adding-paypal-as-an-identity-provider-in-pingone: Adding PayPal as an identity provider in PingOne
  steps-3: Steps
  registering-the-callback-url-with-paypal: Registering the callback URL with PayPal
  before-you-begin-3: Before you begin
  steps-4: Steps
  next-steps: Next steps
---

# Adding an identity provider - PayPal

Adding PayPal as an external identity provider (IdP) *(tooltip: \<div class="paragraph">
\<p>A service that manages identity information and provides authentication services to relying clients or SPs within a federated or distributed network.\</p>
\</div>)* gives your users the option to sign on with PayPal when accessing your application.

## Before you begin

Ensure that you have:

* A PingOne organization with an environment added. Learn more in [Starting a PingOne trial](../getting_started_with_pingone/p1_start_a_p1_trial.html).

* Added your application to PingOne. Learn more in [Adding an application](../applications/p1_applications_add_applications.html).

* A Paypal account

## Registering your application with PayPal

Create your application with PayPal, and then copy the client ID and client secret.

### Before you begin

Ensure that you have a PayPal account with an active subscription.

### Steps

1. Go to [PayPal for Developers](https://developer.paypal.com) and sign on to your account.

   If you don't have a PayPal account, you can create one now.

2. In the **My apps and credentials** section, click **Sandbox**.

3. In the **Rest API apps** section, click **Create app**.

4. In the **Application details** field, enter a name for the application, and then click **Create app**.

5. In the **Sandbox API credentials** section, copy the **Client ID** to a secure location.

6. In the **Secret** section, click **Show**.

7. Copy the client secret to a secure location.

8. In the **App feature options** section, select **Connect with PayPal**.

   You can clear the other options, unless your organization has a specific need for them.

9. Click **Save**.

## Configuring scopes and options

On the PayPal for Developers site, configure the options for scope attributes, permissions, and customer consent.

### Steps

1. Go to [PayPal for Developers](https://developer.paypal.com).

2. In the **Rest API apps** section, click your application name.

3. In the **Connect with PayPal** section, click **Advanced options**.

4. Select the following scope attributes:

   * `Full name`

   * `Email`

   * `Street address`

   * `City`

   * `State`

   * `Country`

   * `Postal code`

   * `Account verification status`

   * `PayPal account ID`

5. Under **Links shown on customer consent page**, enter the following:

   * **Privacy policy URL**: (Optional). The location of your organization's privacy policy.

   * **User agreement URL**: (Optional). The location of your organization's user agreement.

6. In the **Additional PayPal permissions** section, select **Enable customers who have not yet confirmed their email with PayPal to log in to your app**.

7. Click **Save**.

## Adding PayPal as an identity provider in PingOne

Configure the IdP connection in PingOne.

### Steps

1. In the PingOne admin console, go to **Integrations > External IdPs** and click **[icon: plus, set=fa]**.

2. Click **PayPal**.

3. Click **Next**.

4. On the **Add External Identity Provider** page, enter the following information:

   * **Name**: A unique identifier for the IdP

   * **Description** (optional): A brief description of the IdP.

   * **Population**: A population that overrides the authentication policy's registration population and enables just-in-time registration from the IdP.

     |   |                                                                                                         |
     | - | ------------------------------------------------------------------------------------------------------- |
     |   | You can't change the **Icon** and **Sign-on Button** in accordance with the provider's brand standards. |

5. Click **Next**.

6. Configure the connection and enter the following information:

   * **Client ID**: The application ID from the IdP that you copied earlier. You can find this information on the [PayPal for Developers site](https://developer.paypal.com).

   * **Client secret**: The application secret from the IdP that you copied earlier. You can find this information on the [PayPal for Developers site](https://developer.paypal.com).

   * **Environment**: The environment the configuration connects to. Click **live** or **sandbox**

   * **Callback URL**: Copy the **Callback URL** to a secure location. You'll provide this value to the IdP later.

7. Click **Next**.

8. Define how the PingOne user attributes are mapped to identity provider attributes. Learn more in [Mapping attributes](../directory/p1_editsamlattributemapping.html).

   * Enter the PingOne user profile attribute and the external IdP attribute. Learn more about attribute syntax in [Identity provider attributes](p1_idp_attributes.html).

   * To add an attribute, click **[icon: plus, set=fa]Add**.

   * To use the advanced expression builder, click the **Gear** icon. Learn more in [Using the expression builder](../pingone_expression_language/p1_use_expression_builder.html).

   * Select the update condition, which determines how PingOne updates its user directory with the values from the IdP. The options are:

     * **Empty only**: Update the PingOne attribute only if the existing attribute is empty.

     * **Always**: Always update the PingOne directory attribute.

9. Click **Save**.

10. To enable the IdP, click the toggle at the top of the details panel to the right (blue).

    |   |                                                                    |
    | - | ------------------------------------------------------------------ |
    |   | You can disable the IdP by clicking the toggle to the left (gray). |

## Registering the callback URL with PayPal

Copy the callback URL value from the PingOne admin console and enter it into the PayPal for Developers site.

### Before you begin

Ensure that you have the callback URL from the PingOne admin console.

### Steps

1. In the PingOne admin console, go to **Integrations > External IdPs** and browse or search for the appropriate IdP.

2. Click the IdP to open the details panel.

3. Click the **Connection** tab.

4. Copy the **Callback URL** and paste it in a secure location.

5. Go to [PayPal for Developers](https://developer.paypal.com).

6. In the **Rest API apps** section, click your application name.

7. In the **Sandbox app settings** section, locate **Return URL**.

8. Click **Show**.

9. For **Return URL**, enter the callback URL value that you copied from the PingOne admin console.

10. Click **Save**.

### Next steps

* [Add the IdP to your authentication policy](../authentication/p1_edit_auth_policy.html).

* [Apply the authentication policy to your application](../applications/p1_apply_auth_policy_to_applications.html) and ensure that registration is enabled in the authentication policy.