Service connections in PingOne Authorize enable you to augment authorization events with real-time data. For example, you might use signals from a risk service in policies to determine if a device requires step-up authentication.

You can integrate with HTTP services, PingOne Connector services, and LDAP Gateway services.

  1. To add a new service, go to Authorization > Trust Framework.
  2. On the Services tab, click the + icon and select Add New Service.
  3. Define the general information for the service:
    1. Enter a unique Name for the service.

      The following characters are not allowed in the name:

      • Period (.)
      • Curly bracket ({ })
      • Pipe (|)
    2. Optional: For Description, enter a description of the service’s purpose.

      The description is only visible on the Services tab, but it can help policy authors understand how to use the service in policies.

    3. Optional: To nest the service under a parent in the tree, in the Parent list, select a parent service.

      Nesting helps group related services together. You can move the service to another location in the tree by selecting a different parent service. To remove nesting, click the Delete icon and leave Parent blank.

  4. Select a Service Type.
    • None: This is for a parent service. Nest other services under a parent to help organize services in the tree structure. There are no additional settings to complete for this type of service. If you select None, skip to step 9.
    • HTTP: Connects to HTTP endpoints accessible over the public internet. Learn more about HTTP service settings in Connecting an HTTP service.
    • Connector: Connects to PingOne services. Learn more about Connector service settings in Connecting to PingOne Protect.
    • LDAP Gateway: Connects to an external LDAP directory, such as PingDirectory, Microsoft Active Directory, or ForgeRock Identity Cloud. Learn more about LDAP Gateway service settings in Connecting an LDAP Gateway service.

  5. Optional: In the Value Settings section, define the data Type for the data returned by the service.

    The default data type for HTTP services is String. Because Connector services always return JSON, the default data type is JSON, and you cannot change it. LDAP Gateway services return JSON.

  6. Optional: In the Timeout Settings section, enter a Request Timeout value if you want to change the number of milliseconds that PingOne Authorize waits for a service request to complete.

    The default timeout is 2000 milliseconds. If the timeout elapses before there is a successful service response, the service request is canceled, resulting in a timeout error.

  7. Optional: In the Rate Limits section, enter a Requests per Second value to change the maximum number of requests that decision points can make to the service per second.

    The default value is 1000000.


    The Concurrent Requests field has been deprecated and changing it has no effect.

  8. Optional: Enable caching for the service.

    Caching improves system performance by storing data returned from a service and reusing it on subsequent service requests until the cache expires.

    Screen capture showing the Enable Caching check box and Time to Live field in service Cache Settings.
    1. Select the Enable Caching check box.
    2. For Time to Live, enter the number of minutes that you want to store data retrieved from the service in the cache.

      The maximum value is 1440 minutes or 1 day.

  9. Click Save Changes.

    You can copy a service for reuse by selecting Make Copy from the hamburger menu of that service. If you copy a service with children, only the parent is duplicated.

Test the service connection.