Services connect PingOne Authorize with data sources, such as APIs and information points, that provide information used to make context-aware authorization decisions.
Service connections augment authorization events with real-time data. Policy authors don't use information from a service directly in policies. Instead, services are a source of data for the attributes used in policy evaluations.
After you connect a service to PingOne Authorize, make sure that you add or generate attributes that store values resolved from the service. For more information, see Authorization attributes.
Service types
PingOne Authorize supports the following types of service connections:
- HTTP services
-
These services connect to HTTP endpoints accessible over the public internet.
HTTP services can send and receive text, JSON, and XML content. You can send custom headers with any request, and configure basic, bearer token, or OAuth 2.0 Client Credentials authentication methods for service-to-service authentication.
- Connector services
-
These services consume information from other services provided by the PingOne platform. For information about attributes that are automatically generated when you connect to a PingOne service, see Generating an attribute.
The PingOne Protect connector pulls in risk signals for use in authorization policies.
Note:This connector requires a PingOne Protect license.
- Gateway services
-
These services connect to user information stored in external LDAP directories, such as PingDirectory, Microsoft Active Directory, or ForgeRock Identity Cloud. You can use a gateway service for use cases such as:
- Retrieving a user’s profile information
- Retrieving a user’s groups
PingOne Authorize converts information received from an LDAP directory to JSON, making it easy to use this information in attributes and authorization policies.
Testing service integrations
On the Test tab for a service, you can test service integrations to validate output values.