Define a permitted access token scope to retrieve email attributes.
- Sign on to the PingAuthorize Policy Editor using the URL and credentials from Accessing the GUIs.
- Click Policies.
- Expand Global Decision Point, SCIM Policy Set, Token Policies, and Scope Policies.
Select Permitted Scopes.
- Click Components.
- From the Rules list, drag Permitted SCIM scope for user to the Rules section.
- To the right of the copied rule, click the hamburger menu.
- Click Replace with clone.
- Change the name to Scope: email.
- To expand the rule, click +.
- Change the description to Rule that permits a SCIM user to access its own mail attribute if the access token contains the email scope.
- In the HttpRequest.AccessToken.scope row of the Condition section, type email in the CHANGEME field.
- Within the rule, click Show "Applies to".
From the Actions section, drag
retrieve to the Add definitions and targets, or
drag from Components box.
This task uses different actions from the previous gateway example.
- Within the rule, click Show Statements.
- Click + next to Statements.
From the Statements list, drag Include email
attributes to the Statements section of the
This predefined statement includes a payload. If the condition for this rule is satisfied, the response includes the
- Click Save changes.
You now have a new email scope, which should look like the following.