1. Sign on to the PingAuthorize Policy Editor using the URL and credentials from Accessing the GUIs.
  2. Click Policies.
  3. Select Permitted Scopes.
  4. Click + Add Rule.
  5. For the name, replace Untitled with Scope: scimAdmin (retrieve).
  6. From the Effect list, select Permit.
  7. In the Condition section, perform the following steps:
    1. Click + Comparison.
    2. In the first field, select HttpRequest.AccessToken.scope.
    3. From the comparator list, select Contains.
    4. In the final field, type scimAdmin.
  8. Within the rule, click Show "Applies to".
  9. Click Components.
  10. From the Actions section, drag retrieve to the Add definitions and targets, or drag from Components box.
  11. Within the rule, click Show Statements.
  12. Click + next to Statements.
  13. From the Statements list, drag Include all attributes to the Statements section of the rule.
  14. Click Save changes.
You now have a new scope for the scimAdmin retrieve rule, which should look like the following.
Screen capture of the Scope: scimAdmin (retrieve) rule with a permit effect and configured as specified with an Applies To target, a comparison Condition, and the Include all attributes statement, flagged as Obligatory