PingOne Advanced Services

Creating custom user attributes

Create custom user attributes that you will use to authenticate users. You can use the P1AS Customer Tenant Configuration Postman collection, or add the attributes manually.

If you’re using Postman

Steps

  1. Navigate to the first step in the collection: P1AS Customer Tenant Configuration → Tenant Configuration → Step 1. Create User Custom Attributes

  2. Drag and drop the step into the Run order window.

  3. Click Run and determine if issues exist.

If you’re creating attributes manually

Steps

  1. Go to Directory → User Attributes.

  2. Click the icon, select Declared as the attribute type, and click Next.

  3. Add the ArgoCD attribute:

    1. In the Name field, enter P1ASArgoCDRoles.

    2. In the Display Name field, enter P1AS ArgoCD Roles.

    3. In the Description field, enter P1AS app roles for ArgoCD.

    4. Select the Allow multiple values option.

    5. Select the Enumerated values option and enter argo-configteam in the corresponding field.

    6. Click Save.

  4. Add the Grafana attribute:

    1. In the Name field, enter P1ASGrafanaRoles.

    2. In the Display Name field, enter P1AS Grafana Roles.

    3. In the Description field, enter P1AS app roles for Grafana.

    4. Select the Allow multiple values option.

    5. Select the Enumerated values option and enter the appropriate administrative role attribute mappings for each of your environments. You can find a complete list of available mappings in Grafana roles.

      For example, if you want to provide Grafana editor access to the development environment, enter dev-graf-editor in the corresponding field. To set it up for production and staging environments, enter prod-graf-editor and stage-graf-editor.

    6. Click Save.

  5. Add the Opensearch attribute:

    1. In the Name field, enter p1asOpensearchRoles.

    2. In the Display Name field, enter P1AS Opensearch Roles.

    3. In the Description field, enter P1AS app roles for Opensearch.

    4. Select the Allow multiple values option.

    5. Select the Enumerated values option and enter os-configteam in the corresponding field.

    6. Click Save.

  6. Add the PingAccess attribute:

    1. In the Name field, enter P1ASPingAccessRoles.

    2. In the Display Name field, enter P1AS PingAccess Roles.

    3. In the Description field, enter P1AS app roles for Grafana.

    4. Select the Allow multiple values option.

    5. Select the Enumerated values option and enter the appropriate administrative role attribute mappings for each of your environments. You can find a complete list of available mappings in PingAccess roles.

      For example, if you want to provide PingAccess admin access to the development environment, enter dev-pa-admin in the corresponding field. To set it up for production and staging environments, enter prod-pa-admin and stage-pa-admin.

    6. Click Save.

  7. Add the PingFederate attribute:

    1. In the Name field, enter P1ASPingFederateRoles.

    2. In the Display Name field, enter P1AS PingFederate Roles.

    3. In the Description field, enter P1AS app roles for PingFederate.

    4. Select the Allow multiple values option.

    5. Select the Enumerated values option and enter the appropriate administrative role attribute mappings for each of your environments. You can find a complete list of available mappings in PingFederate roles.

      For example, if you want to provide PingFederate audit access to the development environment, enter dev-pf-audit in the corresponding field. To set it up for production and staging environments, enter prod-pf-audit and stage-pf-audit.

    6. Click Save.

  8. Add the Prometheus attribute:

    1. In the Name field, enter P1ASPrometheusRoles.

    2. In the Display Name field, enter P1AS Prometheus Roles.

    3. In the Description field, enter P1AS app roles for Prometheus.

    4. Select the Allow multiple values option.

    5. Select the Enumerated values option and enter prom in the corresponding field.

    6. Click Save.

  9. Add the Self-Service attribute:

    1. In the Name field, enter p1asSelfServiceRoles.

    2. In the Display Name field, enter P1AS Self-Service Roles.

    3. In the Description field, enter P1AS app roles for Self-Service.

    4. Select the Allow multiple values option.

    5. Select the Enumerated values option and enter the appropriate administrative role attribute mappings for each of your environments. You can find a complete list of available mappings in Self-Service roles.

      For example, if you want to provide TLS self-service admin access to the development environment, enter dev-tls-admin in the corresponding field. To set it up for production and staging environments, enter prod-tls-admin and stage-tls-admin.

    6. Click Save.