PingOne Authorize node

The PingOne Authorize node sends a decision request to a specified decision endpoint in your PingOne Authorize environment. These authorizations include:

Advanced Identity Cloud provides the PingOne Service to enable the PingOne Authorize node:

Compatibility

Product	Compatible?
Advanced Identity Cloud	Yes
PingAM (self-managed)	Yes
Ping Identity Platform (self-managed)	Yes

Product

Compatible?

Advanced Identity Cloud

Yes

PingAM (self-managed)

Yes

Ping Identity Platform (self-managed)

Yes

Inputs

This node retrieves the attribute map from shared state.

Additionally, the node first attempts to locate in shared state the PingOne Authorize Policy Attribute(s) defined in the policy that corresponds to the active decision endpoint.

Dependencies

You must set up the following before using the PingOne Authorize node:

Create an authorize policy
Create a worker application
- Requires Identity Data Admin role
PingOne Worker service

Configuration

Property Usage

Property	Usage
PingOne Worker Service	Service for specific PingOne Worker application.
Decision Endpoint ID	The Decision Endpoint ID from the PingOne Authorize service.
Attribute Map	The attribute map is to overcome thename differences between shared state attributes in Advanced Identity Cloud and the equest parameters in PingOne. For example, if the shared store `firstName` and it refers to `givenName` in PingOne, then the `Attribute Aap` entry would be: `firstName ⇒ givenName`.
Statement Codes	Sets the node outcomes based on the statements from the PingOne Authorize decision.
Continue	Use the `Continue` toggle for a single outcome case.

PingOne Worker Service

Service for specific PingOne Worker application.

Decision Endpoint ID

The Decision Endpoint ID from the PingOne Authorize service.

Attribute Map

The attribute map is to overcome thename differences between shared state attributes in Advanced Identity Cloud and the equest parameters in PingOne. For example, if the shared store firstName and it refers to givenName in PingOne, then the Attribute Aap entry would be: firstName ⇒ givenName.

Statement Codes

Sets the node outcomes based on the statements from the PingOne Authorize decision.

Continue

Use the Continue toggle for a single outcome case.

Outputs

This node produces no outputs.

Outcomes

Permit: Satisfied the active policy’s permit condition and authorized the user.
Deny: Satisfied the active policy’s deny condition and did not authorize the user.
Indeterminate: Does not satisfy the active policy’s permit or deny conditions.
Error: There was an error during the authorization process.

Troubleshooting

If this node logs an error, review the log messages to find the reason for the error and address the issue appropriately.

Example

The following example journey illustrates a use of the PingOne Authorize node:

The PingOne Authorize node gets the username from Username Collector node and evaluates the level authorization for the user. Based on the authorization level, further action is taken.

PingOne Advanced Identity Cloud