You should configure access control scopes to include specific attributes explicitly, rather than using the default settings that allow all attributes, even new ones, to be read and updated. You can do this by creating sub-scopes for attributes that you want to allow, and assigning individual attributes to that scope.

  1. Go to Applications > Resources.
  2. Click the PingOne API entry to open the details panel.
  3. Click the Scopes tab.
  4. Locate an existing scope to edit and then click the pencil icon.
  5. Select the attributes that the end user will be able to access.
    To add a sub-scope, click + Add scope under the appropriate scope name and enter the scope suffix, such as emailonly, for the scope name, and then select the attributes that the end user will be able to access.
  6. Click Save.