PingID Provisioner

PingID Connector settings reference

Field descriptions for the PingID Provisioner configuration.

Provisioning connector settings reference
Field Description

PingID Properties

For PingFederate 10.2 and later.

Upload the pingid.properties file that you downloaded in Get your PingID settings file.

Manage Devices

Determines how the connector manages devices (authentication methods) in PingID.

For more detail, see Device management.

Do not manage devices

PingFederate doesn’t provision or manage any devices in PingID.

Merge devices

If there is a conflict between the datastore and PingID for one of the managed devices, the datastore takes precedence.

When updating the user’s "primary" device, the user has to choose it as their primary device again.

The provisioner doesn’t change devices with non-managed nicknames, such as devices added by the user or an administrator.

Overwrite devices

This behaves the same as Merge devices, except the provisioner removes all devices with non-managed nicknames, such as devices added by the user or an administrator.

Primary Device on Create

Determines which device (authentication method) the connector sets as the primary when provisioning a new user to PingID.

For more detail, see Device management.

Do not manage

PingFederate provisions devices but doesn’t set any as the primary device.

MFA Email 1

Sets Email 1 as the primary device.

MFA SMS Number 1

Sets Number 1 as the primary device.

MFA Voice Number 1

Sets Voice Number 1 as the primary device.

Provisioning Options

User Create

Selected (default) – PingFederate creates users in PingID.

Cleared – PingFederate does not create users in PingID.

User Update

Selected (default) – PingFederate updates existing users in PingID.

Cleared – PingFederate does not update existing users in PingID.

User Disable / Delete

Selected (default) – PingFederate disables or deletes users in PingID.

PingFederate can only re-enable a user if User Update is selected.

Cleared – PingFederate does not disable or delete users in PingID.

Provision Disabled Users

This option applies when:

  • The User Create option is selected, and

  • The provisioning engine targets a user in the datastore that has a "disabled" status.

Selected (default) – PingFederate creates the user in PingID with a "disabled" status.

Cleared – PingFederate does not create the user in PingID.

If any of the Provision Options are cleared, PingFederate logs a warning in the user workflow section of provisioner.log when the related action fails.

Remove User Action

This option applies when:

  • User Disable / Delete is selected, and

  • a previously-provisioned user no longer meets the condition set on the Source Location screen, or

  • a user has been disabled or deleted from the data store.

Disable (default): PingFederate disables the user in PingID.

Delete: PingFederate deletes the user from PingID.