Page created: 9 Feb 2021
|
Page updated: 11 Nov 2021
| 1 min read
PingAuthorize 8.3 Product Administration User task Product documentation Content Type
Define a permitted access token scope to retrieve email attributes.
- Sign on to the PingAuthorize Policy Editor using the URL and credentials from Accessing the GUIs.
- Click Policies.
- Expand Global Decision Point, SCIM Policy Set, Token Policies, and Scope Policies.
-
Highlight Permitted Scopes.
- Click Components.
- From the Rules list, drag Permitted SCIM scope for user to the Rules section.
- To the right of the copied rule, click the three-line menu.
- Click Replace with clone.
- Change the name to Scope: email.
- To expand the rule, click +.
- Change the description to Rule that permits a SCIM user to access its own mail attribute if the access token contains the email scope.
- In the HttpRequest.AccessToken.scope row of the Condition section, type email in the CHANGEME field.
- Within the rule, click Show "Applies to".
-
From the Actions section, drag
retrieve to the Add definitions and targets, or
drag from Components box.
Note:
This task uses different actions from the previous gateway example.
- Within the rule, click Show Advice and Obligations.
- Click + next to Advice and Obligations.
-
From the Advice section, drag Include email
attributes to the Advice and Obligations
section.
Note:
This predefined advice includes a payload. If the condition for this rule is satisfied, the response includes the
mail
attribute. - Click Save changes.
After completing the configuration, you will have a new email scope, which should look like the following.