Defining the profile scope - PingAuthorize

Defining the profile scope - PingAuthorize - 9.1

PingAuthorize

bundle

pingauthorize-91

ft:publication_title

PingAuthorize

Product_Version_ce

PingAuthorize 9.1

category

ContentType

Product

Productdocumentation

paz-91

pingauthorize

ContentType_ce

Product documentation

Page created: 17 Feb 2022 |

Page updated: 29 Jul 2022

| 1 min read

Product PingAuthorize 9.1 Content Type Product documentation Administration User task

Define a permitted access token scope to retrieve profile attributes.

Sign on to the PingAuthorize Policy Editor using the URL and credentials from Accessing the GUIs.
Click Policies.
Expand Global Decision Point, SCIM Policy Set, Token Policies, and Scope Policies.
Highlight Permitted Scopes.
Click Components.
From the Rules list, drag Permitted SCIM scope for user to the Rules section.
To the right of the copied rule, click the hamburger menu.
Click Replace with clone.
Change the name to Scope: profile.
To expand the rule, click +.
Change the description to Rule that permits a SCIM user to access a subset of its own profile attributes if the access token contains the profile scope.
In the HttpRequest.AccessToken.scope row of the Condition section, type profile in the CHANGEME field.
Within the rule, click Show "Applies to".
From the Actions section, drag retrieve to the Add definitions and targets, or drag from Components box.
Within the rule, click Show Advice and Obligations.
Next to Advice and Obligations, click +.
From the Advice section, drag Include profile attributes to the Advice and Obligations section.

Note:
This predefined advice includes a payload. If the condition for this rule is satisfied, the response includes the uid, sn, givenName, and description attributes.
Click Save changes.

After completing the configuration, you will have a new profile scope, which should look like the following.