You can define the global attribute mappings and scopes for the OpenID Connect resource. These mappings are inherited by all OIDC applications by default. Applications can override the inherited global attributes with custom attributes. See Customizing OIDC attributes for an application.
- Go to .
- Click the OpenID Connect entry to open the details panel.
- Click the Attributes tab, and then click the pencil icon to edit.
Review the OIDC attributes and their mapping to PingOne attributes.
- To add an attribute, click the + Add button. Enter an OIDC attribute and the desired PingOne mapping. Click the gears icon to use advanced expressions. See Using the expression builder.
- To delete an attribute, click the trash can icon for the appropriate attribute.
Attributes with a blue background are part of the OIDC specification. You cannot delete the default attributes, but you can map them to new attributes in PingOne. PingOne will ignore an attribute if the PingOne mapping is blank.
Select the delivery method:
- ID token. The attribute will be delivered to the application in the ID token.
- UserInfo. The attribute will be delivered to the application from the UserInfo endpoint.
Click the Scopes tab.
- To add a scope, click + Add scope. Enter the Scope Name and Description, and then select Mapped Attributes to assign to the scope.
- To edit a scope, click the pencil icon for the appropriate scope. Select
Mapped Attributes to assign to the
Assigning attributes to a scope allows an application to inherit these attributes, if the application has the resource and scope added to it. See Editing an application - OIDC.
- Click Save.