Application roles are collections of application permissions. When you assign a user to a role, you grant the user all of the permissions for that role.


PingOne administrator roles are collections of permissions that give PingOne admins access to resources in the PingOne admin console, such as organizations, environments, and identities.

Application roles help you manage access to the application resources developed by your organization’s engineering teams.

You can assign the same permission to multiple roles. For example, at a bank, both an account administrator and loan officer could have permission to view accounts.

You can also assign multiple roles to the same user. For example, at a small regional bank, Jim might be both an account administrator and a loan officer.

You can assign users to roles when you create an application role or when you edit a user. Learn more in Adding an application role and Managing user roles.


Roles and permissions are currently scoped to an environment in PingOne.