PingOne

Starting an Authorize gateway instance

Follow these steps to deploy and start an Authorize gateway instance in your infrastructure.

Gateway instances evaluate policy versions published from PingOne in order to make authorization decisions. Gateway instances are distributed as containerized images, and they maintain a WebSocket connection with the PingOne platform.

Make sure you install gateway instances on a system that can reach PingOne and any information points that will be used for authorization decisions.

To start a gateway instance, you’ll use the Docker command that you copied earlier on the Authorize gateway Download tab.

A screen capture of the Authorize gateway Download tab.

Before you begin

Steps

  1. In the Docker command that you copied in step 7 of Adding an Authorize gateway, consent to the license agreement by changing no to yes:

    -e PING_IDENTITY_ACCEPT_EULA=yes
  2. Replace <INSERT_GATEWAY_CREDENTIAL_HERE> with the gateway credential that you copied in step 6 of Adding an Authorize gateway.

    The command should look something like this (line breaks are included for readability and are not necessary in your command):

    docker run --init \
      -e PING_IDENTITY_ACCEPT_EULA=yes \
      -e gatewayCredential=<your-gateway-credential> \
      -p 8080:8080 pingidentity/pingone-authorize-gateway:1.0.0
  3. Run the command.

    The container starts and you have a connected gateway instance.

    A screen capture of a connected gateway instance in PingOne.

    If the gateway instance can’t connect to PingOne, it won’t start.

Next steps

  • Start additional gateway instances in your infrastructure as needed for your organization’s use cases. You can use multiple gateway instances to help handle traffic spikes, ensure high availability by avoiding a single point of failure, and for geographical distribution.

  • Publishing policy versions to Authorize gateway instances.