1. Sign on to the PingAuthorize Policy Editor using the URL and credentials from Accessing the GUIs.
  2. Click Policies.
  3. Highlight Permitted Scopes.
  4. Click + Add Rule.
  5. For the name, replace Untitled with Scope: scimAdmin (retrieve).
  6. From the Effect list, select Permit.
  7. In the Condition section, perform the following steps:
    1. Click + Comparison.
    2. In the first field, select HttpRequest.AccessToken.scope.
    3. From the comparator list, select Contains.
    4. In the final field, type scimAdmin.
  8. Within the rule, click Show "Applies to".
  9. Click Components.
  10. From the Actions section, drag retrieve to the Add definitions and targets, or drag from Components box.
  11. Within the rule, click Show Advice and Obligations.
  12. Click + next to Advice and Obligations.
  13. From the Advice section, drag Include all attributes to the Advice and Obligations section.
  14. Click Save changes.
After completing the configuration, you will have a new scope for the scimAdmin retrieve rule, that should look like the following.
Screen capture of the ScimAdmin Retrieve rule.