Roles determine which permissions a user has. A user can perform an action on an application resource if they have a role with the associated permission.


You can add up to 128 application roles in each PingOne environment.

  1. Go to Authorization > Roles.
  2. Click the + icon next to Application Roles.
  3. Enter a unique Application Role Name and an optional Description. Click Next.

    For example, you might add an Invoicing Processor role for the BizPro invoicing application.

    Screen capture showing the Application Role Name and Description fields in the Add Application Role window.
  4. Select the permissions that you want to assign to the role.

    Permission names list the application resource and action separated by a colon. For reference, the PingOne resource associated with the application resource is displayed next to the check box.

    Screen capture showing selected permission check boxes in the Assign Permissions window.
  5. Click Next.
  6. Select the users that you want to assign to the role.

    Selected users will have the permissions that are assigned to the role.

    Screen capture showing selected user check boxes in the Add User window.
  7. Click Save.

Add additional roles and assign users to grant them the permissions assigned to the roles. For example, you might add a Billing Supervisor role and assign the Invoices:Read and Invoices:Void permissions to it.