--- title: Configure provisioning description: Configure PingFederate to provision users to PingID SDK. component: pingid-sdk page_id: pingid-sdk:setup:pf_pid_sdk_connector_configure_provisioning canonical_url: https://docs.pingidentity.com/integrations/pingid-sdk/setup/pf_pid_sdk_connector_configure_provisioning.html revdate: June 19, 2024 section_ids: context_N10025_N10022_N10001: About this task steps: Steps ul_c5n_d54_phb: Choose from: --- # Configure provisioning ## About this task Configure PingFederate to provision users to PingID SDK. | | | | - | --------------------------------------------------------------------------------------------------- | | | You can follow these steps to create a new SP connection, or you can modify an existing connection. | ## Steps 1. In the PingFederate administrator console, configure the data store that PingFederate will use as the source of user data. For instructions, see [Datastores](https://docs.pingidentity.com/pingfederate/latest/administrators_reference_guide/help_managedatasourcestasklet_managedatasourcesstate.html) in the PingFederate documentation. * When targeting users and groups for provisioning, exclude the user account that you will use to administer users in your connection to PingID SDK. This prevents the PingFederate provisioning engine from interfering with the account that provisions users and groups. 2. Enable provisioning. 1. On the **System > Protocol Settings > Roles & Protocols** screen, select **Enable Identity Provider IdP Role and Support the Following**. 2. Select **Outbound Provisioning** and **SAML 2.0**. Click **Save**. 3. Create an SP connection with the PingID SDK quick connection template. 1. On the **Identity Provider** screen, in the **SP Connections** area, click **Create new**. 2. On the **Connection Template** screen, select **Use a template for this connection**. 3. In the **Connection Template** list, select **PingID SDK Connector**. Click **Next**. 4. On the **Connection Type** screen, clear **Browser SSO Profiles** and select **Outbound Provisioning**. Click **Next**. 5. On the **General Info** screen, click **Next**. 6. On the **Outbound Provisioning** screen, configure the provisioning target and channel. See [Configuring outbound provisioning](https://docs.pingidentity.com/pingfederate/latest/administrators_reference_guide/help_spconnectionconfigtasklet_saasprovisioningstate.html) in the PingFederate documentation. 1. Click **Configure Provisioning**. 2. On the **Target** screen, complete the **Application ID** field with the value that you noted in [Get information from the PingID SDK](pf_pid_sdk_connector_get_information_from_pid_sdk.html). | | | | - | -------------------------------------------------------------------------------------- | | | PingFederate verifies the credentials when you activate the channel and SP connection. | 3. Complete the PingID SDK information by doing one of the following: ### Choose from: * For PingFederate 9.0 and later: On the **PingID SDK Properties** line, click **Choose File**. Select the `pingidsdk.properties` file that you saved in [Get information from the PingID SDK](pf_pid_sdk_connector_get_information_from_pid_sdk.html), and then click **Open**. * For PingFederate 8.x: Complete the required fields by copying and pasting the values from the `pingidsdk.properties` file that you saved in [Get information from the PingID SDK](pf_pid_sdk_connector_get_information_from_pid_sdk.html). 4. From the **Primary Authentication Method Upon Creation** list, select a primary authentication method to set when the connector provisions new users to PingID SDK. | | | | - | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | | Users are prompted to authenticate using their primary device. If the user has no mapped attribute value (or an invalid value) for the selected method, the primary device pairing is set to the next valid attribute in this order: `email 1`, `email 2`, `email 3`, `SMS 1`, `SMS 2`, `SMS 3`, `voice 1`, `voice 2`, `voice 3`. | 5. Optional: Under **Provisioning Options**, enable the provisioning features that you want. See [Provisioning options](pf_pid_sdk_connector_provisioning_options.html). 6. In the **Remove User Action** list, select the deprovisioning action for users in PingID SDK. This is triggered when a user in the datastore is deleted, disabled, or no longer targeted for provisioning. Click **Next**. 7. On the **Manage Channels** screen, create a channel. Click **Done**. See [Managing channels](https://docs.pingidentity.com/pingfederate/latest/administrators_reference_guide/help_saasmanagementtasklet_saasmanagementstate.html) in the PingFederate documentation. | | | | - | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | | | To set up synchronization, use the **SP Connection > Configure Channels > Channel > Attribute Mapping** screen to populate the `Username` attribute with a matching attribute from the data store. See [Synchronize existing users](pf_pid_sdk_connector_synchronize_existing_users.html). | 8. On the **Outbound Provisioning** screen, click **Next**. 7. On the **Activation and Summary** screen, above the **Summary** section, turn on the connection. Click **Save**.