PingOne

Connecting a service

Connect PingOne Authorize to HTTP, PingOne Connector, or LDAP Gateway services to define data integrations.

Service connections in PingOne Authorize enable you to augment authorization events with real-time data. For example, you can use signals obtained from a risk service connection in a policy that determines whether a device requires step-up authentication.

Steps

  1. In the PingOne admin console, go to Authorization > Trust Framework.

  2. On the Services tab, click the icon and select Add New Service.

  3. Define general information for the service:

    1. Enter a unique Name for the service.

      The following characters are not allowed in the name:

      • Period (.)

      • Curly bracket ({ })

      • Pipe (|)

    2. (Optional) For Description, enter a description of the service’s purpose.

      The description is only visible on the Services tab, but it can help policy authors understand how to use the service in policies.

    3. (Optional) To nest the service under a parent in the tree, in the Parent list, select a parent service.

      Nesting helps group related services together. You can move the service to another location in the tree by selecting a different parent service. To remove nesting, click the Delete icon and leave Parent blank.

  4. Select a Service Type.

    Choose from:

    • None: This is for a parent service. Nest other services under a parent to help organize services in the tree structure. There are no additional settings to complete for this type of service. If you select None, skip to step 9.

    • HTTP: Connects to HTTP endpoints accessible over the public internet. Learn more about HTTP service settings in Connecting an HTTP service.

    • Connector: Connects to PingOne services. Learn more about Connector service settings in Connecting to PingOne Protect.

    • LDAP Gateway: Connects to an external LDAP directory, such as PingDirectory, PingOne Advanced Identity Cloud, or Microsoft Active Directory. Learn more about LDAP Gateway service settings in Connecting an LDAP Gateway service.

  5. (Optional) In the Value Settings section, define the data Type for the data returned by the service.

    • The default data type for HTTP services is String.

    • Because Connector services always return JSON, the default data type is JSON, and you cannot change it.

    • LDAP Gateway services return JSON.

  6. (Optional) In the Timeout Settings section, enter a Request Timeout value if you want to change the number of milliseconds that PingOne Authorize waits for a service request to complete.

    The request timeout range is 0 - 3000 milliseconds and the default is 2000 milliseconds. If the timeout elapses before there is a successful service response, the service request is canceled, resulting in a timeout error.

  7. (Optional) In the Rate Limits section, enter a Requests per Second value to change the maximum number of requests that decision points can make to the service per second.

    The default value is 1000000.

    The Concurrent Requests field has been deprecated and changing it has no effect.

  8. (Optional) Enable caching for the service.

    Caching improves system performance by storing data returned from a service and reusing it on subsequent service requests until the cache expires.

    Screen capture showing the Enable Caching checkbox and Time to Live field in service Cache Settings.
    1. Select the Enable Caching checkbox.

    2. For Time to Live, enter the number of minutes that you want to store data retrieved from the service in the cache.

      The maximum value is 1440 minutes or 1 day.

  9. Click Save Changes.

    You can copy a service for reuse by selecting Make Copy in the service’s hamburger menu. If you copy a service with children, only the parent is duplicated.

Next steps

Test the service connection. Learn more in Testing Trust Framework elements.