User management
The PingID Provisioner synchronizes users from your datastore to PingOne for Enterprise. The following describes the behavior of each provisioning capability.
|
You can configure the following capabilities and specify which users to provision when you get to the Creating a provisioning connection part of the setup process. |
Synchronizing existing users
PingFederate synchronizes users based on the username attribute in PingOne for Enterprise. If a user already exists in your datastore and PingOne for Enterprise, mapping this attribute correctly links the two records together.
For example:
-
In PingOne for Enterprise, Janet’s
usernameisjsmith. -
In your datastore, Janet’s
sAMAccountNameisjsmith. -
On the Attribute Mapping tab of your provisioning connection configuration, map the
usernameattribute tosAMAccountName. -
When the provisioning connector runs, the datastore user is provisioned with a
usernameofjsmith. That matches Janet’s existingusernamein PingOne for Enterprise, so her information in the datastore is synchronized to her PingOne for Enterprise account.
User provisioning
PingFederate provisions users when any of the following happens:
-
A user is added to the datastore group or filter that is targeted by the provisioning connector.
-
A user with
disabledstatus is added to the datastore group or filter that is targeted by the provisioning connector, and the Provision disabled users provisioning option is enabled. This feature is not available in all provisioning connectors.
|
You can define which users PingFederate targets for provisioning on the Source Location tab of your provisioning connection configuration. |