Ping Identity's shared flow for Apigee extends Apigee’s authorization capabilities through an external authorization policy runtime service.
Integration with Apigee allows identity and access management (IAM) administrators to centrally manage access control and application protection in PingAccess, while enforcement is delegated to Apigee.
Use this guide to install and configure the shared flow in Apigee. After installation and configuration, you can manage access control rules, identity mappings, and other application protection features in PingAccess.
The following diagram shows how traffic flows through Apigee and PingAccess.
- The API client makes a request to the API gateway.
- The shared flow extracts fields from the API client’s request and sends them to PingAccess for authorization.
- PingAccess evaluates the request, validates the authorization, then responds to Apigee. The response could be an authentication or authorization error that should be immediately sent back to the client, or it could be a modified request that Apigee will send to the API target.
- If authorized to proceed, Apigee passes the original or modified API request to the API target.
- The API service responds with the requested resource or with the result of the operation.
- The shared flow extracts fields from the API target’s response and sends them to PingAccess for processing.
- PingAccess responds to the processing request. The API response can be modified by the web session configuration and processing rules in PingAccess.
- Apigee responds to the API client with the original API response received from the API target or the modified response received from PingAccess.
Before you begin
The Ping Identity shared flow for Apigee supports Apigee Edge, Apigee Private Cloud, and Apigee X. Before you begin, ensure that you have the following:
- A supported Apigee environment
- PingAccess installed and started
- The PingAuth shared flow bundle .zip file (sharedflowbundle.zip)