To configure Delegated Admin as a new client, perform the following steps:

  1. Click Create new client.
  2. For both the Client ID and Name, specify dadmin.
    Note: Do not configure authentication.
  3. Define the redirect URI as "https://${directoryServer:httpPort}/delegator/*", using the host name and HTTPS listener port for PingDirectory Server.
  4. Make the following selections:
    • Select Bypass Authorization Approval.
    • Select Allow Exclusive Scopes, and then select urn:pingidentity:directory-delegated-admin.
    • For the Grant Type, select Implicit.
    • Select the default ATM that was created previously for Delegated Admin.
    • Select the OIDC policy that was created previously.
  5. Click Save.
  6. Click OAuth Server > Authorization Server Settings > Allowed Origin Settings.
  7. Add "https://${directoryServer:httpPort}" to the Allowed origins, using the host name and HTTPS listener port for PingDirectory Server.
  8. Click Save.