Creating a policy for permitted access token scopes - PingAuthorize - 9.1

PingAuthorize
bundle
pingauthorize-91
ft:publication_title
PingAuthorize
Product_Version_ce
PingAuthorize 9.1
category
ContentType
Product
Productdocumentation
paz-91
pingauthorize
ContentType_ce
Product documentation

The first policy defines the access token scopes that PingAuthorize Server accepts for System for Cross-domain Identity Management (SCIM) requests.

The following table defines these scopes.

Scope Allowed actions Applies to
scimAdmin search, retrieve, create/modify, delete Any data
email retrieve Requester's email attributes
profile retrieve Requester's profile attributes

To create the policy and add rules to define the scopes, perform the following steps:

  1. Sign on to the PingAuthorize Policy Editor using the URL and credentials from Accessing the GUIs.
  2. Click Policies.
  3. Expand Global Decision Point, SCIM Policy Set, and Token Policies.
  4. Highlight Scope Policies.
  5. Next to Advice and Obligations, click +.
  6. Click Components.
  7. From the Advice list, drag Insufficient Scope to the area immediately following Advice and Obligations. A box appears for you to drop the item into.
  8. Click Save changes.
  9. Click Policies to the left of Components.
  10. Highlight Scope Policies.
  11. From the + menu, select Add Policy.
  12. For the name, replace Untitled with Permitted Scopes.
  13. Change the combining algorithm to A single deny will override any permit decisions.
  14. Click Save changes.