• Create a third-party service with PingAuthorize configured as the target. For more information, see Adding third-party services.
  • Confirm that you are not using the agent model. PingAuthorize access control rules aren't available for agent deployments.

An access control rule can grant or deny access, and can modify the request, based on the response from the PingAuthorize request API.


The PingAuthorize sideband API cannot accept gzipped data from upstream server responses. Ensure that upstream server requests add or replace the Accept-Encoding header with Accept-Encoding: identity to prevent the upstream server from sending compressed responses.

To add a PingAuthorize access control rule:

  1. Click Access and then go to Rules > Rules.
  2. Click + Add Rule.
  3. In the Name field, enter a unique name, up to 64 characters long.

    Special characters and spaces are allowed.

  4. In the Type list, select PingAuthorize Access Control.
  5. In the Third Party Service list, select your PingAuthorize service.
  6. In the Shared Secret field, enter the shared secret from PingAuthorize.
  7. Optional: To include access token data in the request to PingAuthorize, select the Include Identity Attributes check box.

    This option is selected by default.

  8. Optional: To configure advanced options, click Show Advanced.
    1. Optional: In the Sideband Endpoint field, enter the sideband API endpoint location.
    2. Optional: In the Shared secret header name field, enter a header in which to send the shared secret.
  9. Click Save.