To prepare for creating a policy based on whether the user’s email address comes from a generic domain, create an attribute in the Trust Framework for the email address of the user authenticated to the application.

  1. In PingOne, go to Authorize > Trust Framework and click the Attributes tab.
  2. Click the + icon and select Add new Attribute.
  3. For the attribute Name, enter Game player email address.
    Screen capture of the Details tab for a new attribute showing the Name, Description, and Parent settings.
  4. Verify that there is no Parent selected. If a parent exists, click the Delete icon to remove it.
  5. In the Resolvers section, click + Add Resolver.
  6. For the Resolver Type, select PingOne User, and then select the PingOne > User > ID attribute.

    This resolver returns the user object for the current user, including properties such as the user's email address. For more information, see Resolvers.

    Screen capture showing a Resolver type of PingOne User with the PingOne.User.ID attribute.
  7. Click Value Processors and then click + Add Processor.
  8. Make sure the Processor type is JSON Path.

    This is the default option.

  9. Enter $.email in the input box for the JSON Path Processor.

    This processor extracts the user's email address from the user object. For more information, see Processors.

    Screen capture showing a JSON Path processor with a value of $.email and a Value type of String.
  10. Click Save Changes.

You’ve added an attribute in the Trust Framework for the email address of the authenticated user.

Next, you’ll continue preparation for your fine-grained policy by adding an attribute for the invitee list of other game players.