Service connections augment authorization events with real-time data. Policy authors don't use information from a service directly in policies. Instead, services are a source of data for the attributes used in policy evaluations.

After you connect a service to PingOne Authorize, make sure that you add or generate attributes that store values resolved from the service. For more information, see Authorization attributes.

Service types

PingOne Authorize supports the following types of service connections:

HTTP services

These services connect to HTTP endpoints accessible over the public internet.

HTTP services can send and receive text, JSON, and XML content. You can send custom headers with any request, and configure basic, bearer token, or OAuth 2.0 Client Credentials authentication methods for service-to-service authentication.

Connector services

These services consume information from other services provided by the PingOne platform. For information about attributes that are automatically generated when you connect to a PingOne service, see Generating an attribute.

The PingOne Protect connector pulls in risk signals for use in authorization policies.

Note:

This connector requires a PingOne Protect license.

Gateway services

These services connect to user information stored in external LDAP directories, such as PingDirectory, Microsoft Active Directory, or ForgeRock Identity Cloud. You can use a gateway service for use cases such as:

  • Retrieving a user’s profile information
  • Retrieving a user’s groups

PingOne Authorize converts information received from an LDAP directory to JSON, making it easy to use this information in attributes and authorization policies.

Testing service integrations

On the Test tab for a service, you can test service integrations to validate output values.