Register Scopes in the Central Auth Server
The PingFederate administrator must collaborate with the resource provider administrator to ensure the scopes registered in PingFederate match the scopes that are defined in the resource provider. For example, if you define a scope in Windchill and want to use it in ThingWorx to request the resource, then the scope must be registered in PingFederate. Make a note of these scopes, you will need to provide them to service provider administrators. Depending on your organization structure, service provider administrators may not have administrative access to PingFederate to be able to look up registered scopes.
1. In PingFederate, navigate to the OAuth Server page.
2. Under Authorization Server > Scope Management, add a scope name (value) and scope description for each scope that is used between the resource and service providers. The description is presented to users when they are asked to authorize the scope, so provide a meaningful description of access requests. Scope name values are dependent on the restrictions of the participating applications. For example, Windchill, ThingWorx, and PingFederate do not recognize scope names with spaces.
Remember the scope name that is being registered in PingFederate (CAS). The name is used later in the Windchill and ThingWorx scope registration. For example, SCOPE NAME = WINDCHILL_READ.
Was this helpful?