PingOne

Adding an Authorize gateway

Use an Authorize gateway to deploy authorization policy versions to gateway instances in your infrastructure and keep them up to date.

The Authorize gateway communicates between PingOne and gateway instances. The Authorize gateway consists of a PingOne cloud component and one or more gateway instances deployed in your organization’s infrastructure. The downloadable runtime is available after you’ve added an Authorize gateway.

You can use separate Authorize gateways to represent your development, testing, and production environments for deploying authorization policies.

Steps

  1. In PingOne, go to Integrations > Gateways and click the icon to add a gateway.

    A screen capture of the Add Gateway page with the name set to Dev Gateway, Authorize selected, and a description entered.

  2. Enter the following:

    • Name: A name for the gateway. The name must be unique in this environment.

    • Gateway Type: Select Authorize.

    • Description (optional): A brief description of the gateway.

  3. Click Next.

  4. Select an Authorization Version.

    This is the policy and Trust Framework configuration that will be published to gateway instances and used to make authorization decisions. Each gateway instance associated with this Authorize gateway will use this authorization version.

    If you haven’t set up policies and the Trust Framework yet, select Bootstrap.

    A screen capture of the Authorization Version page as part of the Add Gateway process, with Boostrap selected.

  5. Click Save.

    PingOne generates a gateway credential. The gateway instance in your organization’s infrastructure uses this credential to authenticate with PingOne.

    A gateway credential is like a password, so keep it protected. For security reasons, PingOne does not store generated gateway credentials, but you can always create a new one in PingOne.

    Multiple gateway instances can use the same gateway credential, and the credential doesn’t expire.

    To revoke a credential, click the Delete icon.

  6. Copy the credential and save it in a secure location for later use.

    You’ll use the credential later to connect gateway instances to PingOne.

    A screen capture of the New Credential Created message.

  7. Click Show me the Docker command and copy the command to a secure location.

    You’ll use the Docker command later to start a gateway instance.

  8. Click Done.

    Your new Authorize gateway displays an alert reminding you that no gateway instances are connected yet.

    A screen capture of an Authorize gateway with an alert displaying.

Result

Explore the settings available for your new gateway:

  • Header area: The toggle next to the gateway name allows you to enable or disable the gateway. Use the More Options (⋮) icon to edit gateway settings or delete the gateway.

  • Overview tab: Allows you to add or delete gateway credentials. After you start a gateway instance, this tab also shows you the status and version of your gateway instances.

    A screen capture of the gateway Overview tab.

  • Configuration tab: Allows you to edit the policy and Trust Framework version deployed to gateway instances.

    A screen capture of the gateway Configuration tab.

  • Download tab: Provides instructions and a command for running the gateway as a Docker container.

    A screen capture of the gateway Download tab.

Next steps

Starting an Authorize gateway instance.