Using the administrative console

  1. In the PingAuthorize administrative console, go to Configuration > Data Sources > External Servers.
  2. Click New External Server and select Policy External Server.
  3. In the New Policy External Server window, specify the following information:
    • Name
    • Base URL
    • Shared Secret
    • Decision Node
    • Branch

    Screen capture of the New Policy External Server window.
  4. Click Save.
  5. Go to Authorization and Policies > Policy Decision Service.
  6. Set PDP Mode to external.
  7. Set Policy Server to the name you gave to the policy external server in a previous step.

    Screen capture of the Edit Policy Decision Service window.
  8. Click Save To PingAuthorize Server Cluster.

Using dsconfig

dsconfig create-external-server \
  --server-name "Policy Editor" \
  --type policy \
  --set "base-url:https://<pap-hostname>:<pap-port>" \
  --set "shared-secret:pingauthorize" \
  --set "branch:Default Policies" \
  --set "decision-node:<your decision node ID value>"

dsconfig set-policy-decision-service-prop \
  --set pdp-mode:external \
  --set "policy-server:Policy Editor"

In the previous example, the shared-secret value corresponds to the shared secret chosen or generated while installing the Policy Editor. The branch is the name of a policy branch in the Policy Editor, and the decision-node value is the ID of a node in the policy tree that will be considered first during policy processing.

To find a decision node:

  1. In the Policy Editor, go to Policies.
  2. Select the node that you want to use as the root node.

    This is typically the top-level node of your policy tree.

  3. Click the hamburger menu and select Copy ID to clipboard.
Screen capture of the Polices tab showing the Copy ID to clipboard option.