Configure provisioning
About this task
To configure a connection for outbound provisioning to Concur, follow the instructions in this section.
Outbound provisioning details are managed within a service provider (SP) connection. You can configure outbound provisioning with or without Browser SSO, WS-Trust STS, or both when you create a new SP connection. You can also add outbound provisioning to an existing SP connection.
Steps
-
In the PingFederate administrative console, configure the datastore that PingFederate will use as the source of user data. Learn more in Datastores in the PingFederate documentation.
-
When targeting users and groups for provisioning, exclude the user account that you will use to administer users in your connection to Concur. This prevents the PingFederate provisioning engine from interfering with the account that provisions users and groups.
-
-
Create a new SP connection or select an existing SP connection from the SP Configuration menu.
-
On the Connection Template page, select Use a template for this connection and select Concur in the Connection Template drop-down list. When asked during the connection configuration steps, import the
saml-metadata.xmlpackaged with this connector.
If this selection is not available, verify the connector installation and restart PingFederate.
-
On the Connection Type page, ensure the Outbound Provisioning checkbox is selected, and the Browser SSO Profiles checkbox is cleared (if appropriate).
-
On the General Info page, the default values are taken from the metadata file you selected in step 2. We recommend using the metadata default values.
-
Follow the connection wizard to configure the connection.
-
On the Outbound Provisioning page, click Configure Provisioning.
-
On the Target page, enter the values for each field as required by the Concur Connector.
Field Name Description OAUTH_ACCESS_TOKEN
The OAuth access token for the Concur account.
Learn more in Obtain key and secret and Generate OAuth access token.
-
Click Next to continue the provisioning configuration. Learn more in the following sections under Outbound provisioning for IdPs in the PingFederate documentation:
-
Many fields are required based on your Concur account configuration. Ensure that you are sending data for all user fields that are required.
Credentials will be verified when the channel and SP connection is set to Active and provisioning is initiated.
If you are not ready to complete the provisioning configuration, you can click Save and return to the configuration page later. To return to the configuration page, select the connection from Identity Provider → SP Connections → Manage All.