In the PingAuthorize Policy Editor, define a policy in which each rule specifies an allowed client.

  1. Go to Policies > Policies.
  2. Expand Global Decision Point and SCIM Policy Set.
  3. Highlight Token Policies and click + and then Add Policy.
  4. For the name, replace Untitled with Permitted Clients.
  5. From the Combining Algorithm list, select Unless one decision is permit, the decision will be deny.
  6. Click + Add Rule.
  7. For the name, replace Untitled with Client: client1.
  8. From the Effect list, select Permit.
  9. In the Condition section:
    1. Click + Comparison.
    2. From the Select an Attribute list, select HttpRequest.AccessToken.client_id.
    3. From the middle, comparison-type list, select Equals.
    4. In the final field, type client1.
  10. Click + Add Rule.
  11. For the name, replace Untitled with Client: client2.
  12. From the Effect list, select Permit.
  13. In the Condition section:
    1. Click + Comparison.
    2. In the A field, from the Select an Attribute list, select HttpRequest.AccessToken.client_id.
    3. From the Contains list, select Equals.
    4. In the C field, enter client2.
  14. Expand + Advice and Obligations.
    Note:

    Do not click Show Advice and Obligations within the client1 or client2 rules.

  15. Click Components.
  16. From Advice, drag Unauthorized Client to the Advice and Obligations box.
  17. Click Save changes.
The completed configuration should resemble the following image.

A screen capture of the Permitted Clients configuration window.