Client registration policies can provide additional control over which registrations and configurations are accepted and stored for each client created via the OAuth 2.0 Dynamic Client Registration protocol. If multiple policies are configured, PingFederate executes all of them based on the display order. If PingFederate completes the current policy, it moves on to the next one; otherwise it returns an error message to the developers.


PingFederate must be able to complete all policies successfully before a client can be created via the OAuth 2.0 Dynamic Client Registration protocol.

  1. Go to the OAuth Server > Client Settings > Client Registration Policies screen.
  2. Optional: Select a Client Registration Policy instance from the Available Policies list and click Add.

    Although optional, it is recommend to select this option to add a layer of protection against unwanted client registrations.

    If you have not yet defined the desired Client Registration Policy instance, click Manage Client Registration Policies to do so.

  3. Optional: Repeat the last step to add other Client Registration Policy instances.
    Add as many Client Registration Policy instances as necessary. Use the up and down arrows to adjust the execution order. Use the Delete and Undelete workflow to remove an existing instance or cancel the removal request.