When you define an application in PingOne and specify its allowed scopes, you identify the resources that users can access when they sign on to that application.


Connections to external resources must use open standards protocols.


You can map PingOne user attributes to attributes in your resource. Learn more in Mapping attributes.


Resources have scopes, and applications can request an access token that's associated with specific scopes when the token is granted. The endpoint enforces access through the encoded representation of the scopes in the access token. The endpoint decodes the token to determine the permissions allowed for the application.

Learn more about predefined PingOne resources in Resource scopes.


Resources can have application permissions that control the kinds of actions users can perform on protected endpoints. Learn more inApplication permissions.