Adding the identity provider in PingOne - PingOne - PingOne Cloud Platform

• Name: A unique identifier for the IdP.
• Description: (Optional). A brief characterization of the IdP.
  Note:

  You cannot change the icon and login button, in accordance with the provider's brand standards.

• Client ID: (App ID). The application ID that you copied earlier from the identity provider. You can find this information on the Apple Developers site.
• Client secret signing key: The application secret that you copied earlier from the identity provider. You can find this information on the Apple Developers site.
• Team ID: A unique 10-character string generated by Apple that identifies your organization. The team ID is the prefix of the App ID.
• Private key ID: Identifies the private key in the JSON web token (JWT). This JSON object is the Client Secret in PingOne.
• Callback URL: The URL to which the user will be redirected after authenticating. This value is read-only. You’ll provide this value to the identity provider later.

• Enter the PingOne user profile attribute and the external IdP attribute. For more information about attribute syntax, see Identity provider attributes.
• To add an attribute, click + Add attribute.
• To use the expression builder, click Build and test or Advanced Expression. See Using the expression builder.
• Select the update condition, which determines how PingOne updates its user directory with the values from the identity provider. The options are:
  • Empty only: Update the PingOne attribute only if the existing attribute is empty.
  • Always: Always update the PingOne directory attribute.

You can map only attributes that are in the ID token, such as iss, iat, expt, aud, sub, nonce, nonce_supported, email, and email_verified.