Connectors

PingOne Scope Consent Connector

The PingOne Scope Consent connector lets you view consent records on an application or user basis, revoke or update user consent records, or prompt users to provide or decline consent to sign-on policies and record these decisions.

You can use the PingOne Scope Consent connector to:

  • View a list of application consent records a user has granted, declined, or revoked

  • Determine whether a user has granted consent for an application

  • Accept or decline consent for an application on behalf of a user

  • Update the application consent record as revoked

  • Check, prompt for, and record user decisions regarding consent for an application

Setup

Resources

For information and setup help, see the following sections of the PingOne documentation:

Requirements

To use the connector, you’ll need:

Setting up PingOne

Setting up your PingOne environment

See Getting started with PingOne.

Adding a Worker application

Add a Worker application in the PingOne console before setting up the PingOne connector in DaVinci:

  1. In the PingOne console, add a Worker app. See Adding an application.

    Attribute mappings are not required.

  2. Ensure that you set the authentication method as Client secret basic.

    The PingOne connector receives a token using your application’s credentials.

  3. Enable the application. See Enabling or disabling an application.

    The capabilities in the PingOne connector call endpoints in PingOne with a token received using the application’s credentials. To enable all capabilities, your application needs the required role assignments for the associated capability. If the application doesn’t have the required role assignment, you’ll see error messages stating that the required authorization isn’t configured.

Assigning Roles to the application

To use the appropriate capabilities, the Worker app used by the connector needs the Environment Admin and Identity Data Admin roles.

The user that creates the Worker app must have the Environment Admin and Identity Data Admin roles to assign the roles to a Worker app.

  1. In your PingOne environment, go to Applications → Applications.

    If you haven’t added the application yet, see Adding an application.

  2. Locate the appropriate application and click it to open the details panel.

  3. Click the Roles tab and then click the Pencil icon to edit the roles.

  4. Review the assigned roles to ensure that they include Environment Admin and Identity Data Admin roles. If not, click Add role to assign them.

Getting your application credentials

Get the Client ID and Client secret from the PingOne console before setting up the PingOne connector in DaVinci:

  1. In your PingOne environment, go to Applications → Applications.

    If you haven’t added the application yet, see Adding an application.

  2. Locate the appropriate application and click it to open the details panel.

  3. On the Configuration tab, expand General and locate the Client ID and Client secret. Copy these values to a secure location.

Getting your environment details

Get your Environment ID and Region before setting up the PingOne connector in DaVinci:

  1. In your PingOne environment, go to Settings → Environment Properties.

  2. Locate the Environment ID and Region. Copy these values to a secure location.

Setting up the PingOne connector configuration

In DaVinci, add a PingOne connection. For help, see Adding an application.

Connector configuration

Environment ID

The unique identifier for the appropriate PingOne environment. To find the environment ID, see Environment properties.

Client ID

The unique public identifier for the PingOne application. To find the client ID, see Viewing application details.

Client secret

The cryptographic secret that is known only to the application and the authorization server. To find the client secret, see Viewing a client secret.

Region

The geographic region that hosts your PingOne tenant. To find the region, see Environment properties.

Using the connector in a flow

You can use the PingOne Scope Consent connector to view and manage user consent to an application as part of a DaVinci flow policy.

No special configuration is needed. Add the capability and populate its properties according to the help text.

Use one of the following capabilities to view information about consent records:

  • Read User Consent: Use to view a list of all application consent records a specific user has granted, declined, or revoked.

  • Check User Consent: Use to determine whether a user has granted consent for a specific application.

Use one of the following capabilities to manage and update user consent records:

  • Save User Consent: Use to accept or decline consent for an application on behalf of a user.

  • Revoke User Consent: Use to update the application consent record for a user as revoked.

Use Get User Consent to check, prompt for, and record user decisions regarding consent to application as part of a DaVinci flow policy. Use this capability in a flow at the point where you want to prompt the user for their consent. Use the Custom Screens tab to edit the HTML and CSS to customize the appearance and text of the prompt that is displayed to the user. For example, change Do you approve the request? to Do you accept this request? or change the buttons from Approve and Decline to Yes and No.

Capabilities

Read User Consent

Find information about consent users have granted for all applications.

Show details

  • Properties

  • Input Schema

  • Output Schema

User Attribute dropDown required

Select the attribute you want to use to locate a user.

  • User ID

  • Username

  • Email

User Identifier textField required

Enter the user ID, username, or email address of the user you want to locate.

  • default object

    • properties object

      • matchUserAttribute string required

      PingOne user attribute to identify a user with.

      • userIdentifier string required

    User attribute to match user.

  • output object

    • consents array

    • properties object

      • application object

      • properties object

        • id string

        • name string

        • type string

      • consentId string

      • consentStatus string

      • consentScopes array

    • rawResponse object

      • _embedded object

        • consents array

      • count number

      • size number

    • statusCode number

    • headers object

Check User Consent

Indicate whether users have granted consent for an application.

Show details

  • Properties

  • Input Schema

  • Output Schema

User Attribute dropDown required

Select the attribute you want to use to locate a user.

  • User ID

  • Username

  • Email

User Identifier textField required

Enter the user ID, username, or email address of the user you want to locate.

Application Attribute dropDown required

Select the application attribute that you want to use to locate an application.

  • Application ID

  • Application Name

Application Identifier textField required

Enter the application ID or name of the application you want to locate.

  • default object

    • properties object

      • matchUserAttribute string required

        PingOne user attribute to identify a user with.

      • userIdentifier string required

        User attribute to match user.

      • matchApplicationAttribute string required

      PingOne application attribute to identify an application with.

      • applicationIdentifier string required

    Application attribute to match application.

  • output object

    • application object

      • id string

      • name string

      • type string

    • consentId string

    • consentStatus string

    • consentScopes array

    • rawResponse object

      • _embedded object

        • consents array

      • count number

      • size number

    • statusCode number

    • headers object

Save User Consent

Accept or decline user consent for an application. It replaces the existing consent for the application if there is one.

Show details

  • Properties

  • Input Schema

  • Output Schema

User Attribute dropDown required

Select the attribute you want to use to locate a user.

  • User ID

  • Username

  • Email

User Identifier textField required

Enter the user ID, username, or email address of the user you want to locate.

Application Attribute dropDown required

Select the application attribute that you want to use to locate an application.

  • Application ID

  • Application Name

Application Identifier textField required

Enter the application ID or name of the application you want to locate.

Scopes textField required

Enter the space-separated list of scopes that have been requested. These scopes are validated against the allowed scopes assigned to the PingOne application.

Consent Result textField required

The accept or decline consent result from the user and indicated by "true", “false, “yes”, “no”, "accepted", or "declined".

  • default object

    • userAgent string

      User Agent

    • ip string

      Client IP Address

    • properties object

      • matchUserAttribute string required

        PingOne user attribute to identify a user with.

      • userIdentifier string required

        User attribute to match user.

      • matchApplicationAttribute string required

        PingOne application attribute to identify an application with.

      • applicationIdentifier string required

        Application attribute to match application.

      • scopesUnconditionalRequired string required

      Scopes.

      • consentResult string required

    Consent Result.

  • output object

    • application object

      • id string

      • name string

      • type string

    • consentId string

    • consentStatus string

    • consentScopes array

    • rawResponse object

    • statusCode number

    • headers object

Revoke User Consent

Revoke and remove user consent for an application.

Show details

  • Properties

  • Input Schema

  • Output Schema

User Attribute dropDown required

Select the attribute you want to use to locate a user.

  • User ID

  • Username

  • Email

User Identifier textField required

Enter the user ID, username, or email address of the user you want to locate.

Consent Attribute dropDown required

Enter the consent ID, application ID, or application name of the consent record you want to locate.

  • Consent ID

  • Application ID

  • Application Name

Consent Identifier textField required

A unique identifier for the consent record.

  • default object

    • properties object

      • matchUserAttribute string required

        PingOne user attribute to identify a user with.

      • userIdentifier string required

        User attribute to match user.

      • matchConsentAttribute string required

      PingOne consent attribute to identify an consent with.

      • consentIdentifier string required

    Consent attribute to match consent.

  • output object

    • application object

      • id string

      • name string

      • type string

    • consentId string

    • consentStatus string

    • consentScopes array

    • rawResponse object

    • statusCode number

    • headers object

Get User Consent

This capability facilitates application consent by checking, prompting, and recording user decisions regarding consent. This action includes the HTML template and other resources like CSS. You can customize them under the Custom Screens tab.

Show details

  • Properties

  • Output Schema

Always Prompt for Consent toggleSwitch required

Indicates whether the user will always be prompted to consent to the application’s request. If disabled, users will only be prompted to consent to these requests if they have not already done so.

User Attribute dropDown required

Select the attribute you want to use to locate a user.

  • User ID

  • Username

  • Email

User Identifier textField required

Enter the user ID, username, or email address of the user you want to locate.

Application Attribute dropDown required

Select the application or specify an application identifier that will be used to check, prompt and store consent for the user.

  • Application ID

  • Application Name

Application Identifier textField required

Enter the unique identifier of the application that will be used to check, prompt and store consent for the user.

Application Name textField required

Enter the name of the application that will be used to check, prompt and store consent for the user.

Scopes textField required

Scopes define the user information that the application wants to access and the user will need to consent to allowing, such as the user’s name, email address, and phone number. You must provide at least one scope. You may provide multiple scopes, each separated by a space.

Scopes textField required

Enter the space-separated list of scopes that have been requested. These scopes are validated against the allowed scopes assigned to the PingOne application.

Scopes textField required

Enter the space-separated list of scopes that have been requested. These scopes are validated against the allowed scopes assigned to the PingOne application.

appConsentHtmlConfig

  • output object

    • matchedUser object

    • application object

      • id string

      • name string

      • type string

    • consentId string

    • consentStatus string

    • consentScopes array

    • rawResponse object

    • statusCode number

    • headers object