Add web session scope rules, which examine the contents of the PingFederate validation response and determine whether to grant access to a backend target site based on a match found between the scopes of the validation response and the scope specified in the rule.
Support for the web session support rule might require the PingFederate access token to contain the scope superuser
. To configure this,
see Configuring access token attributes for superuser scope in PingFederate.