Creating a policy to dynamically modify a resource based on the SCIM resource type - PingAuthorize

Page created: 17 Feb 2022 |

Page updated: 29 Jul 2022

| 2 min read

Product PingAuthorize 9.1 Content Type Product documentation Administration

Given an attribute defined in multiple resource types, modify the attribute differently depending on the resource type. In particular, this policy focuses on the retrieve action and changes the cn attribute to one value for the Users resource type and to another value for the Devices resource type.

In the Policy Editor, go to Policies in the left pane and then click Policies along the top.
From the + menu, select Add Policy.
For the name, replace Untitled with Modify cn attribute based on the resource type.
Click the + next to Applies to.
Click Add definitions and targets, or drag from Components and add the retrieve action.
Set Combining Algorithm to Unless one decision is deny, the decision will be permit.
You should have a screen similar to the following one for the policy so far.
Add a rule for the Users resource.
1. Click + Add Rule.
2. For the name, replace Untitled with If resource type is Users.
3. Click + Comparison.
4. From the Select an Attribute list, select the SCIM2.resource.meta.resourceType attribute.
5. In the second field, select Equals.
6. In the third field, specify Users as the constant.
7. Add advice to modify attributes.
  1. Within the rule, click Show Advice and Obligations.
  2. Click + next to Advice and Obligations.
  3. Click + Add Advice > Modify Attributes.
  4. For the name, specify Modify cn for users resource.
  5. Set Applies To to Permit.
  6. Set the Payload field to {"cn":"USERS_MOD"}.
8. Click Save changes.
  Your rule should be similar to the following one.
Add a rule for the Devices resource.
1. Click + Add Rule.
2. For the name, replace Untitled with If resource type is Devices.
3. Click + Comparison.
4. From the Select an Attribute list, select the SCIM2.resource.meta.resourceType attribute.
5. In the second field, select Equals.
6. In the third field, specify Devices as the constant.
7. Add advice to modify attributes.
  1. Within the rule, click Show Advice and Obligations.
  2. Click + next to Advice and Obligations.
  3. Click + Add Advice > Modify Attributes.
  4. For the name, specify Modify cn for devices resource.
  5. Set Applies To to Permit.
  6. Set the Payload field to {"cn":"DEVICES_MOD"}.
8. Click Save changes.
  Your rule should be similar to the following one.
Send test requests to the SCIM service and verify data using the Policy Editor's Decision Visualiser.