Main Content

Configure Application Access Control Using PingFederate

MATLAB® Production Server™ administrators can use PingFederate® from Ping Identity® to restrict access to deployed applications to only certain users or groups of users. To enable application access control, configure PingFederate and specify access control policy rules, in consultation with the PingFederate administrator.

Prerequisites

Refer to the PingFederate documentation to configure OAuth use cases, clients and endpoints, and to configure OpenID® provider information:

Configure PingFederate in Dashboard

  1. After you register the application with PingFederate, create a configuration for PingFederate in the Application Access Control tab of the dashboard. Click Create and select PingFederate.

  2. In Create Identity Provider for Application Access Control, enter application-specific and identity provider-specific values. Click Create. If the server is running on a Windows® virtual machine, saving the values can take up to 30 seconds.

    The following table describes the values that you must enter.

    FieldValue
    Name

    Name for your PingFederate configuration.

    App IDIntended recipient of the JWT. The recipient helps in validating the aud claim in the JWT.
    JWT IssuerJWT issuer metadata of the identity provider. The metadata string must match the iss claim in the JWT.
    JWKS URIURI to retrieve the JSON Web Key Set (JWKS).

Specify Access Control Policy Rules

Specify the applications that certain users or user groups can access by defining access control policy rules. To define a rule, click Add Rule under Access Control Policy in the Application Access Control tab of the dashboard. Then, specify the following information.

FieldValue
Rule ID

Name for the rule

DescriptionDescription for your rule
UsersUser names that are allowed access to deployed applications
GroupsGroup IDs, if applicable, that are allowed access to deployed applications
Applications

Applications that you want to allow the specified groups of users to access.

To select all applications, select Apply this rule to all applications.

Enable Application Access Control

After you configure the identity provider and specify access control policy rules, you must enable dashboard access control by selecting the Yes option from the dashboard.

Application Access Control tab showing that access control is enabled

Generate Access Token

After application access control is enabled, users that are specified in the access control policy rules can generate a bearer access token. For more information about generating an access token, see the PingFederate OAuth 2.0 Developer Guide.

Clients programs use this access token in the HTTP authorization header when making a request to the server using the MATLAB Production Server RESTful API. The format for this header is Authorization:Bearer <access token>.

Related Topics