The PingOne Scope Consent connector lets you view consent records on an application or user basis, revoke or update user consent records, or prompt users to provide or decline consent to sign-on policies and record these decisions.
You can use the PingOne Scope Consent connector to:
- View a list of application consent records a user has granted, declined, or revoked
- Determine whether a user has granted consent for an application
- Accept or decline consent for an application on behalf of a user
- Update the application consent record as revoked
- Check, prompt for, and record user decisions regarding consent for an application
Setup
Resources
For information and setup help, see the following sections of the PingOne documentation:
Requirements
To use the connector, you'll need:
- A PingOne license (Try PingOne for free)
- A PingOne environment with a configured Worker app
Setting up PingOne
Setting up your PingOne environment
Adding a Worker application
Add a Worker application in the PingOne console before setting up the PingOne connector in DaVinci:
- In the PingOne console, add a Worker app. See
Adding an application. Note:
Attribute mappings are not required.
- Ensure that you set the authentication method as
Client secret basic.
The PingOne connector receives a token using your application’s credentials.
- Enable the application. See Enabling or disabling an
application.
The capabilities in the PingOne connector call endpoints in PingOne with a token received using the application’s credentials. To enable all capabilities, your application needs the required role assignments for the associated capability. If the application doesn't have the required role assignment, you'll see error messages stating that the required authorization isn't configured.
Assigning Roles to the application
To use the appropriate capabilities, the Worker app used by the connector needs the Environment Admin and Identity Data Admin roles.
The user that creates the Worker app must have the Environment Admin and Identity Data Admin roles to assign the roles to a Worker app.
- In your PingOne environment, go to .
If you haven't added the application yet, see Adding an application.
- Locate the appropriate application and click it to open the details panel.
- Click the Roles tab and then click the Pencil icon to edit the roles.
- Review the assigned roles to ensure that they include Environment Admin and Identity Data Admin roles. If not, click + Add role to assign them.
Getting your application credentials
Get the Client ID and Client secret from the PingOne console before setting up the PingOne connector in DaVinci:
- In your PingOne environment, go to .
If you haven't added the application yet, see Adding an application.
- Locate the appropriate application and click it to open the details panel.
- On the Configuration tab, expand General and locate the Client ID and Client secret. Copy these values to a secure location.
Getting your environment details
Get your Environment ID and Region before setting up the PingOne connector in DaVinci:
- In your PingOne environment, go to .
- Locate the Environment ID and Region. Copy these values to a secure location.
Setting up the PingOne connector configuration
In DaVinci, add a PingOne connection. For help, see Adding a connector.
Connector configuration
Environment ID
Client ID
Client secret
Region
Using the connector in a flow
Manage user consent
No special flow configuration is needed. Add the capability and populate its properties according to the help text.
Use one of the following capabilities to view information about consent records:
- Read User Consent: Use to view a list of all application consent records a specific user has granted, declined, or revoked.
- Check User Consent: Use to determine whether a user has granted consent for a specific application.
Use one of the following capabilities to manage and update user consent records:
- Save User Consent: Use to accept or decline consent for an application on behalf of a user.
- Revoke User Consent: Use to update the application consent record for a user as revoked.
Use Get User Consent to check, prompt for, and record user decisions regarding consent to application as part of a DaVinci flow policy. Use this capability in a flow at the point where you want to prompt the user for their consent. Use the Custom Screens tab to edit the HTML and CSS to customize the appearance and text of the prompt that is displayed to the user. For example, change Do you approve the request? to Do you accept this request? or change the buttons from Approve and Decline to Yes and No.
Capabilities
- Read User Consent
-
Find information about consent users have granted for all applications.
Details - Check User Consent
-
Indicate whether users have granted consent for an application.
Details - Save User Consent
-
Accept or decline user consent for an application. It replaces the existing consent for the application if there is one.
Details - Revoke User Consent
-
Revoke and remove user consent for an application.
Details - Get User Consent
-
This capability facilitates application consent by checking, prompting, and recording user decisions regarding consent. This action includes the HTML template and other resources like CSS. You can customize them under the Custom Screens tab.
Details