---
title: Requirements for Authorize gateways
description: Before you deploy Authorize gateway instances in your organization's infrastructure, ensure that your systems meet the following requirements.
component: pingone
page_id: pingone:integrations:p1_authz_gateway_requirements
canonical_url: https://docs.pingidentity.com/pingone/integrations/p1_authz_gateway_requirements.html
section_ids:
  pingone-privileges: PingOne privileges
  administrator-permissions: Administrator permissions
  gateway-permissions: Gateway permissions
  pingone-environment: PingOne environment
  docker: Docker
  system-requirements: System requirements
  p1_authz_gateway_access: Gateway access
---

# Requirements for Authorize gateways

Before you deploy Authorize gateway instances in your organization's infrastructure, ensure that your systems meet the following requirements.

## PingOne privileges

### Administrator permissions

The administrator setting up Authorize gateways must have the **Environment Admin** role in PingOne. This grants the **Read Authorize Gateway Deployment** permission required for working with Authorize gateways.

|   |                                                                                                                                                                                  |
| - | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
|   | To confirm your roles, in the PingOne **Administrators** environment, go to **Directory > Users**, click the administrator identity, and confirm the roles on the **Roles** tab. |

### Gateway permissions

Authorize gateways have the **Authorize Gateway Policy Evaluator** role by default. This role grants the minimum permissions required for Authorize gateways to interact with PingOne. Depending on the policy features required by your use case, you might need to grant additional roles to the gateway. Learn more in [Managing Authorize gateway roles](p1_manage_authz_gateway_roles.html).

## PingOne environment

Make sure the PingOne environment that you're using for self-managed deployments includes the PingOne SSO and PingOne Authorize services.

Learn more about setting up environments in [Creating an environment](../getting_started_with_pingone/p1_getting_started_adding_environment.html).

## Docker

To run a containerized Authorize gateway instance, you must have Docker installed on the machine that will run the gateway instance.

## System requirements

The Docker environment that will run the Authorize gateway instance must have the following resources dedicated to the gateway instance:

| Resource  | Requirement            |
| --------- | ---------------------- |
| Processor | 2 CPUs or virtual CPUs |
| RAM       | 1 GB                   |
| Storage   | 1 GB                   |

## Gateway access

The Authorize gateway instance requires the ability to initiate outbound requests over the internet to establish a WebSocket Secure connection and HTTPS connections to PingOne.

The WebSocket Secure address varies depending on your geography. Ensure that the gateway instance can access the WebSocket Secure address for your geography:

| Geography                                                                   | Address                                                                                                           | API Endpoints                         |
| --------------------------------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------- | ------------------------------------- |
| Australia                                                                   | wss\://gateways.pingone.com.au/wss\://gateways-ap-southeast-2.pingone.com.au/                                     | auth.pingone.com.auapi.pingone.com.au |
| Canada                                                                      | wss\://gateways.pingone.ca/wss\://gateways-ca-central-1a.pingone.ca/wss\://gateways-ca-central-1b.pingone.ca/     | auth.pingone.caapi.pingone.ca         |
| Europe                                                                      | wss\://gateways.pingone.eu/wss\://gateways-eu-central-1.pingone.eu/wss\://gateways-eu-west-1.pingone.eu/          | auth.pingone.euapi.pingone.eu         |
| North America (US)                                                          | wss\://gateways.pingone.com/wss\://gateways-us-east-2.pingone.com/wss\://gateways-us-west-2.pingone.com/          | auth.pingone.comapi.pingone.com       |
| Singapore                                                                   | wss\://gateways.pingone.sg/wss\://gateways-ap-southeast-1y.pingone.sg/wss\://gateways-ap-southeast-1z.pingone.sg/ | auth.pingone.sgapi.pingone.sg         |
| Asia Pacific (legacy)&#xA;&#xA;Available only for existing .asia customers. | wss\://gateways.pingone.asia/wss\://gateways-ap-southeast-2.pingone.asia/                                         | auth.pingone.asiaapi.pingone.asia     |