You add these extended properties on the Extended Properties page as described in Defining extended properties. When adding an extended property, you can define it as a single-value property or a multivalued property. These extended properties become available to all connections and clients and, if defined, will be passed to all applicable velocity templates and as a request context parameter in the authentication API. As you create or update a connection or a client, you can populate values for any of them. For OAuth clients, if dynamic client registration is configured and enabled, developers can populate extended property values by including them in the client registrations.

Authentication policies

You can leverage extended properties to drive authentication experience and requirements by configuring an instance of the Extended Property Authentication Selector for each property that matters, placing this selector instance in an authentication policy, and defining a policy path for each selector result value. At runtime, PingFederate routes browser-based single sign-on (SSO) requests, OAuth authorization requests, and OAuth grant management requests to the desired authentication sources based on the applicable policy.

For more information, see Configuring the Extended Property Authentication Selector.

OAuth attributes fulfillment and issuance criteria

You can use extended properties as attribute sources when fulfilling persistent grants and token contracts. You can also define issuance criteria to verify extended property values.