PingOne Advanced Identity Cloud

PingOne Authorize node

The PingOne Authorize node sends a decision request to a specified decision endpoint in your PingOne Authorize environment. These authorizations include:

Advanced Identity Cloud provides the PingOne Service to enable the PingOne Authorize node:

Compatibility

Product Compatible?

Advanced Identity Cloud

Yes

PingAM (self-managed)

Yes

Ping Identity Platform (self-managed)

Yes

Inputs

This node retrieves the attribute map from the shared state.

Additionally, the node first attempts to locate in shared state the PingOne Authorize Policy Attribute(s) defined in the policy that corresponds to the active decision endpoint.

Dependencies

You must set up the following before using the PingOne Authorize node:

Configuration

Property Usage

PingOne Worker Service

Service for specific PingOne Worker application.

Decision Endpoint ID

The Decision Endpoint ID from the PingOne Authorize service.

Attribute Map

The attribute map is to overcome the name differences between shared state attributes in Advanced Identity Cloud and the request parameters in PingOne. For example, if the shared store firstName refers to givenName in PingOne, then the Attribute Map entry would be: firstName ⇒ givenName.

Statement Codes

Set the node outcomes based on the statements from the PingOne Authorize decision.

Continue

Use the Continue toggle for a single outcome case.

Outputs

This node produces no outputs.

Outcomes

Permit

Satisfied the active policy’s permit condition and authorized the user.

Deny

Satisfied the active policy’s deny condition and did not authorize the user.

Indeterminate

Does not satisfy the active policy’s permit or deny conditions.

Error

There was an error during the authorization process.

Troubleshooting

If this node logs an error, review the log messages to find the reason for the error and address the issue appropriately.

Example

The following example journey illustrates how to use the PingOne Authorize node:

PingOne Authorize node example

The PingOne Authorize node gets the username from Username Collector node and evaluates the level authorization for the user. Based on the authorization level, further action is taken.