When using embedded PDP mode, policy configuration keys are stored in the PingAuthorize Server configuration, and the server provides the policy configuration key values to the policy engine at runtime. You can use either the administrative console or dsconfig to define policy configuration keys.


Policy configuration key values are stored in encrypted form in the PingAuthorize Server configuration, so they are suitable for storing sensitive values such as server credentials.

Define policy configuration keys using the administrative console by following these steps:

  1. In the administrative console, under Authorization and Policies, click Policy Decision Service.
  2. Click New Policy Configuration Key.
    1. For Name, enter ConsentBaseUri.
    2. For Policy Configuration Value, type the base URI. For example, https://consent-us-east.example.com/consent/v1.
    Screen capture of the New Policy Configuration Key window with the specified values and the Save To cluster_example Cluster button in the upper right of the screen
  3. Save the policy configuration key.
  4. Repeat the previous steps for the policy configuration keys ConsentUsername and ConsentPassword.

The following example shows how to use dsconfig to create a policy configuration key named ConsentServiceBaseUri with the value https://example.com/consent/v1.

dsconfig create-policy-configuration-key \
 --key-name ConsentServiceBaseUri \
 --set policy-configuration-value:https://example.com/consent/v1