PingOne Authorize automatically resolves a generated attribute against the parent attribute or service and adds a JSON Path processor that extracts the JSON schema property.

You can generate attributes by selecting them in any field that allows attribute selection. If an attribute hasn’t been generated for a property yet, the property is grayed out.

If the parent attribute has nested JSON properties, you must generate attributes one level at a time. Generate the parent-level attribute first, then generate the child. For example, to generate a risk level attribute, you have to generate the result attribute first.

Screen capture showing the grayed-out result and level properties nested under an automatically generated Risk attribute.

Nested attributes always resolve against the parent attribute directly above them in the tree, instead of the root-level attribute.


If the JSON schema changes in the parent attribute, you must manually update any generated child attributes. PingOne Authorize does not do this automatically.

Connector attributes

When you connect to a PingOne service, PingOne Authorize automatically creates an attribute that resolves against the service. This attribute contains a JSON schema that you can use to generate additional attributes.

Connector attributes are nested under the Connectors parent attribute on the Attributes tab. PingOne Authorize owns the Connector parent attribute and the attributes nested directly under it that resolve against a service.

The Shield (Screen capture of the shield icon.) icon indicates that these attributes are system-owned and editing restrictions apply. You can’t move, update, or delete these attributes. This ensures that connector attributes are configured correctly and always available.

You can nest your own attributes under connector attributes. When you delete a connector service, the generated attribute that resolves against the service is also deleted.

The following image shows an example of a system-owned connector attribute that resolves against the PingOne Risk service with additional child attributes that extract the risk level.

Screen capture showing an automatically generated attribute with a service resolver and JSON schema from the Risk service.