PingOne Authorize node

The PingOne Authorize node sends a decision request to a specified decision endpoint in your PingOne Authorize environment. These authorizations include:

To use the PingOne Authorize node, you must first set up the PingOne Service.

Compatibility

Product	Compatible
Advanced Identity Cloud	Yes
PingAM (self-managed)	Yes (download from Marketplace)
Ping Identity Platform (self-managed)	Yes (download from Marketplace)

Product

Compatible

Advanced Identity Cloud

Yes

PingAM (self-managed)

Yes (download from Marketplace)

Ping Identity Platform (self-managed)

Yes (download from Marketplace)

Inputs

This node retrieves the attribute map from the shared state.

Additionally, the node first attempts to locate in shared state the PingOne Authorize Policy Attribute(s) defined in the policy that corresponds to the active decision endpoint.

Dependencies

You must set up the following before using the PingOne Authorize node:

Create an authorization policy
Create a worker application
- Requires Identity Data Admin role
PingOne Worker service

Configuration

Property Usage

Property	Usage
PingOne Worker Service	Service for specific PingOne Worker application.
Decision Endpoint ID	The Decision Endpoint ID from the PingOne Authorize service.
Attribute Map	The attribute map is to overcome the name differences between shared state attributes in Advanced Identity Cloud and the request parameters in PingOne. For example, if the shared store `firstName` refers to `givenName` in PingOne, then the `Attribute Map` entry would be: `firstName ⇒ givenName`.
Statement Codes	Set the node outcomes based on the statements from the PingOne Authorize decision.
Continue	Use the `Continue` toggle for a single outcome case.

PingOne Worker Service

Service for specific PingOne Worker application.

Decision Endpoint ID

The Decision Endpoint ID from the PingOne Authorize service.

Attribute Map

The attribute map is to overcome the name differences between shared state attributes in Advanced Identity Cloud and the request parameters in PingOne. For example, if the shared store firstName refers to givenName in PingOne, then the Attribute Map entry would be: firstName ⇒ givenName.

Statement Codes

Set the node outcomes based on the statements from the PingOne Authorize decision.

Continue

Use the Continue toggle for a single outcome case.

Outputs

This node produces no outputs.

Outcomes

Permit: Satisfied the active policy’s permit condition and authorized the user.
Deny: Satisfied the active policy’s deny condition and did not authorize the user.
Indeterminate: Does not satisfy the active policy’s permit or deny conditions.
Error: There was an error during the authorization process.

Troubleshooting

If this node logs an error, review the log messages to find the reason for the error and address the issue appropriately.

Example

The following example journey illustrates how to use the PingOne Authorize node:

The PingOne Authorize node gets the username from Username Collector node and evaluates the level authorization for the user. Based on the authorization level, further action is taken.

PingOne Advanced Identity Cloud