The OAuth client will be associated with an OIDC Policy, which could be the default policy. This policy must map an attribute into the expected claim to signify the user’s PingCentral role, which is defined in the Attribute Contract, Attribute Sources & User Lookup, and Contract Fulfillment in PingFederate.
If the default PingCentral role claim name and values need to be altered to
match the OIDC policy, update the
For more information, see Configuring SSO.