The PingAuthorize Policy Editor provides the ability to generate smart identity classifications.
The purpose of these classifications is to abstract the underlying identity providers (IdPs) from their presumed level of trust. The outcome is that you will be able to build policies that target levels of trust instead of specific IdPs.
Defining trust levels has the following distinct parts:
- Identity properties
- Use the Identity Properties window to define objects and
elements to attach to specific IdPs.
You use these properties later to map IdPs to specific identity classification levels.
- Identity providers
- Use the Identity Providers window to define different IdPs
and to attach identity properties to them.
This task might appear irrelevant when your enterprise expects to use only one or two IdPs, but it provides significant abstraction for more complicated ecosystems in which tens or hundreds of IdPs participate.
- Identity classifications
- Use the Identity Classes window to create different levels
For each classification level, attach the properties that an IdP must have to be in that level.