On the System > Extended Properties screen, you can optionally add any number of extended properties to store additional information about connections, OAuth clients, or both. When adding an extended property, you can define it as a single-value property or a multivalued property. Once added, such extended properties become available to all connections and clients. As you create or update a connection or a client, you may populate values for any of them. For OAuth clients, if dynamic client registration is configured and enabled, developers can populate extended property values by including them in the client registrations.

Authentication policies

You can leverage extended properties to drive authentication experience and requirements by configuring an instance of the Extended Property Authentication Selector for each property that matters, placing this selector instance in an authentication policy, and defining a policy path for each selector result value. At runtime, PingFederate routes browser-based SSO requests, OAuth authorization requests, and OAuth grant management requests to the desired authentication sources based on the applicable policy.

For more information, see Configuring the Extended Property Authentication Selector.

OAuth attributes fulfillment and issuance criteria

You can use extended properties as attribute sources when fulfilling persistent grants and token contracts. Additionally, you may define issuance criteria to verify extended property values.