Publishing authorization policy versions to Authorize gateways
To publish policy and Trust Framework versions to an Authorize gateway, use Version History or edit the gateway.
Publishing a version is like saving a snapshot of your policies and Trust Framework definitions. The published version reflects the state of these objects at a specific point in time. Learn more in Authorization policy version history.
|
You can also publish authorization policy versions to cloud-based decision endpoints. However, decision endpoints don’t provide the data residency and reduced latency benefits of gateway instances deployed in your organization’s infrastructure. |
Each gateway instance associated with the same Authorize gateway uses the authorization policy version published to that gateway. Publishing a version to an Authorize gateway downloads and stores the authorization policy version deployment configuration locally in the gateway instances in your infrastructure.
|
Publishing could fail if policies include features that aren’t compatible with gateway instances, such as version differences or unsupported features. Learn more about unsupported features in Policies published to Authorize gateways. To take advantage of the latest policy features, upgrade your gateway instance. |
Before you begin
-
Build your authorization policies in PingOne. Learn more in Policies.
-
If your authorization policies include PingOne user details, group membership checks, or risk scores from the PingOne Protect Connector, you must assign built-in or custom administrator roles to the Authorize gateway to give it additional permissions in PingOne. Learn more in Managing Authorize gateway roles.
-
Version History
Publish a version in Version History
You can use Version History to publish authorization policy versions to gateway instances. This method enables you to view which versions are published to particular Authorize gateways.
Steps
-
In the PingOne admin console, go to Authorization > Version History.
-
Click the More Options (⋮) icon next to the version you want to publish and select Publish Version.
In this example, the Prod Gateway, Test Gateway, and Dev Gateway Authorize gateways were created using the Bootstrap authorization policy version. You can also see that the Prod and Test cloud-based decision endpoints use the Bootstrap version, and that the Dev decision endpoint uses the latest authorization policy version by default. You’ll publish versions to Authorize gateways and not to cloud-based decision endpoints.
-
In the Publish to list, select an Authorize gateway.
-
If you’re publishing the latest version, which is unnamed, enter a Name that makes the version easy to identify.
If you’re publishing a version that’s already named, you can use the existing name or change it.
-
Click Publish.
Result:
The latest version is renamed and it is now published to the Dev Gateway, in addition to the Dev decision endpoint.
Select a version in an Authorize gateway
This method for publishing authorization policy versions provides a convenient way to change the version when you’re editing a gateway.
Steps
-
In the PingOne admin console, make sure that you’ve named an authorization policy version.
As an example, you’ll use the Payment checks version that’s published to the Dev Gateway and promote it to the Test Gateway.
-
Go to Integrations > Gateways and click the Authorize gateway you want to work with.
-
On the Configuration tab, click Edit.
-
Select an Authorization Version.
-
Click Save.
This updates the authorization policy version that the gateway will download and deploy to any associated gateway instances.
Version History also reflects which authorization policy version the Authorize gateway is using.
