To configure the new application:

  1. On the Configuration tab, click the Pencil icon to update the configuration.
  2. In the Grant Type > PKCE enforcement field, select S256_REQUIRED.
  3. In the Token Endpoint Authentication Method field, select None.
  4. Click Save.
  5. On the Resources tab, click the Pencil icon to update the scopes allowed.
  6. Select the email and profile scopes and click Save.
  7. Optional: Apply access policies to the application:
    1. On the Policies tab, click the Pencil icon to update the policies applied. If you have a PingOne DaVinci license, DaVinci policies are available on the DaVinci Policies tab. If you do not, you will only see policies on the PingOne Policies tab.

      You can apply DaVinci policies or PingOne policies to the application, but not both.

    2. Select the policies that you want to apply and click Save.
  8. Optional: Provide access to specific user groups:
    1. On the Access tab, click the Pencil icon to update user access.
    2. Select the Application Portal Display option if you want the application to be accessible from the application portal.
    3. Select the Admin Only Access option if you only want administrators to be able to access the application. These administrators must have one of these roles:
      • Organization Admin
      • Environment Admin
      • Identity Data Admin
      • Client Application Developer
    4. If you want to provide access to specific user groups, select the groups from the list.
    5. Click Save.
  9. Enable the application by clicking the slider icon at the top of the page.

    Keep the PingOne SSO browser window open.