Adding an identity provider - PayPal
Adding PayPal as an external identity provider (IdP) gives your users the option to sign in with their PayPal accounts when accessing your application.
Before you begin
Ensure that you have:
-
A PingOne organization with an environment added. Learn more in Starting a PingOne trial.
-
Added your application to PingOne. Learn more in Adding an application.
Registering your application with PayPal
Create your application with PayPal, and then copy the client ID and client secret.
Before you begin
Ensure that you have a PayPal account with an active subscription.
Steps
-
Go to PayPal for Developers at developer.paypal.com.
-
In the upper right, click Log into Dashboard.
If you don’t have a PayPal account, you can create one now.
-
In the My apps and credentials section, click Sandbox.
-
In the Rest API apps section, click Create app.
-
In the Application details field, enter a name for the application, and then click Create app.
-
In the Sandbox API credentials section, copy the Client ID to a secure location.
-
In the Secret section, click Show.
-
Copy the client secret to a secure location.
-
In the App feature options section, select Connect with PayPal.
You can clear the other options, unless your organization has a specific need for them.
-
Click Save.
Configuring scopes and options
On the PayPal for Developers site, configure the options for scope attributes, permissions, and customer consent.
Steps
-
Go to PayPal for Developers at developer.paypal.com.
-
In the Rest API apps section, click your application name.
-
In the Connect with PayPal section, click Advanced options.
-
Select the following scope attributes:
-
Full name -
Email -
Street address -
City -
State -
Country -
Postal code -
Account verification status -
PayPal account ID
-
-
Under Links shown on customer consent page, enter the following:
-
Privacy policy URL: (Optional). The location of your organization’s privacy policy.
-
User agreement URL: (Optional). The location of your organization’s user agreement.
-
-
In the Additional PayPal permissions section, select Enable customers who have not yet confirmed their email with PayPal to log in to your app.
-
Click Save.
Adding PayPal as an identity provider in PingOne
Configure the identity provider connection in PingOne.
Steps
-
In PingOne, go to Integrations → External IdPs.
-
Click Add Provider.
-
Click PayPal.
-
On the Create Profile page, enter the following information:
-
Name: A unique identifier for the IdP
-
Description: (Optional). A brief description of the identity provider.
You cannot change the icon and login button, in accordance with the provider’s brand standards.
-
-
Click Next.
-
On the Configure Connection page, enter the following information:
-
Client ID: The application ID from the IdP that you copied earlier. You can find this information on the PayPal for Developers site.
-
Client secret: The application secret from the IdP that you copied earlier. You can find this information on the PayPal for Developers site.
-
-
Click Save and Continue.
-
On the Map Attributes page, define how the PingOne user attributes are mapped to identity provider attributes. For more information, see Mapping attributes.
-
Enter the PingOne user profile attribute and the external IdP attribute. For more information about attribute syntax, see Identity provider attributes.
-
To add an attribute, click Add attribute.
-
To use the expression builder, click Build and test or Advanced Expression. See Using the expression builder.
-
Select the update condition, which determines how PingOne updates its user directory with the values from the identity provider. The options are:
-
Empty only: Update the PingOne attribute only if the existing attribute is empty.
-
Always: Always update the PingOne directory attribute.
-
-
-
Click Save and Finish.
Registering the return URL with PayPal
Copy the value for Return URL and enter it into the PayPal for Developers site.
Before you begin
Ensure that you have the Callback URL from the PingOne console.
Steps
-
In PingOne, go to Integrations → External IdPs.
-
Locate the appropriate IdP and then click the details icon to expand the IdP.
-
Click the Connection tab.
-
Copy the callback URL and paste it in a secure location.
-
Go to PayPal for Developers at developer.paypal.com.
-
In the Rest API apps section, click your application name.
-
In the Sandbox app settings section, locate Return URL.
-
Click Show.
-
For Return URL, enter the value that you copied from the PingOne console.
-
Click Save.
Next steps
-
Enable the external IdP. See Enabling or disabling an identity provider.
-
Add the iIdP to your authentication policy. Ensure that registration is enabled in the authentication policy. See Editing an authentication policy.
-
Add the authentication policy to your application. Ensure that registration is enabled in the authentication policy. See Applications.