You can define the global attribute mappings and scopes for the OpenID Connect resource.
These mappings are inherited by all OIDC applications by default. Applications can override
the inherited global attributes with custom attributes. See Customizing OIDC attributes for an application.
-
Go to .
-
Click the OpenID Connect entry to open the details
panel.
-
Click the Attributes tab, and then click the pencil icon
to edit.
-
Review the OIDC attributes and their mapping to PingOne attributes.
- To add an attribute, click the + Add button.
Enter an OIDC attribute and the desired PingOne mapping. Click
the gears icon to use advanced expressions. See Using the expression builder.
- To delete an attribute, click the trash can icon for the appropriate
attribute.
Note:
Attributes with a blue background are part of the OIDC specification.
You cannot delete the default attributes, but you can map them to new
attributes in PingOne. PingOne will ignore an attribute if the PingOne mapping is
blank.
-
Select the delivery method:
- ID token. The attribute will be delivered to the
application in the ID token.
- UserInfo. The attribute will be delivered to the
application from the UserInfo endpoint.
-
Click the Scopes tab.
- To add a scope, click + Add scope. Enter the
Scope Name and
Description, and then select
Mapped Attributes to assign to the
scope.
- To edit a scope, click the pencil icon for the appropriate scope. Select
Mapped Attributes to assign to the
scope.
Note:
Assigning attributes to a scope allows an application to inherit
these attributes, if the application has the resource and scope
added to it. See Editing an application - OIDC.
-
Click Save.