Policies published to Authorize gateways
Keep the following best practices in mind as you build policies and the Trust Framework configuration that you plan to publish to Authorize gateways.
The following features aren’t currently supported for Authorize gateway deployments:
-
Calls to gateway instances from the PingOne Authorize DaVinci connector
-
API Access Management in PingOne Authorize
-
The Authorization Dashboard doesn’t track metrics for decision evaluations made by gateway instances.
Policies
You can use many of the policy authoring features available in PingOne Authorize. However, the following features aren’t currently supported:
-
The Has Permissions condition comparator in policies and rules
-
Attributes listed under PingOne > API Access Management on the Attributes tab
Policy features that rely on PingOne might increase decision request latency. These include:
-
PingOne User and PingOne User ID attribute resolvers
-
Is Member Of and Is Not Member Of condition comparators
-
PingOne Protect Connector services that provide risk information to gateway instances
If your policies include these features, you must assign a built-in or custom administrator role to the Authorize gateway to give it additional permissions in PingOne. Learn more in Managing Authorize gateway roles.
Information points
You can make calls to information points and on-premise services directly from gateway instances. When you set up an HTTP service in PingOne, use URLs for your local or private services instead of public URLs.
The following features aren’t supported:
-
You can’t use an LDAP Gateway type service to access user information stored in an on-premise LDAP directory.
-
When testing services, you can’t test calls to your local or private services. However, you can use overrides to mock the service response.