PingOne

Supported attributes reference

The following standard attributes can be mapped for user provisioning to PingOne. Custom attributes can also be created and mapped if desired.

For details about authentication device attributes and synchronization behavior, see Authentication method management.

User attributes
Attribute Description

Username

A unique identifier for the user in PingOne. This attribute is required.

Email

The user’s email address, which must be valid (for example, "jsmith@example.com"). This attribute is required.

Population ID

The connector provisions users to this PingOne population. This attribute is required.

Select a population name from the Default value list, or map a dynamic population ID.

You must create at least one population before you can create users. An individual user cannot belong to more than one population simultaneously, but users can be moved to a different populations.

Account ID

The user’s account ID. This attribute can be an organization-specific identifier.

Authoritative IdP

The external identity provider for the user.

This is used for identity provider discovery. For details, see Identifier first action in the PingOne API documentation.

City

The city or locality component for the user’s mailing address.

Country

The country name component. When specified, the value must be in ISO 3166-1 “alpha-2” code format. For example, the United States and Sweden are “US” and "SE", respectively.

External ID

A string that is an identifier for the resource as defined by the provisioning client. The attribute may simplify the correlation of the user in PingOne with the user’s account in another system of record.

First Name

The given name of the user, or first name in most Western languages (for example, 'Barbara' given the full name 'Ms. Barbara Jane Jensen, III').

Force Change Password

Indicates if the user is forced to change their password at next log in. Valid options include:

  • True

  • False

If no value is provided, this will default to false and the user will not be forced to change their password.

Full Name

The full name, including all middle names, titles, and suffixes as appropriate, formatted for display (for example, 'Ms. Barbara Jane Jensen, III').

Honorific Prefix

The honorific prefix of the user, or title in most Western languages, (for example, 'Ms.' given the full name 'Ms. Barbara Jane Jensen, III').

Honorific Suffix

The honorific suffix of the user, or suffix in most Western languages (for example, 'III' given the full name 'Ms. Barbara Jane Jensen, III').

Job Title

The user’s title, such as "Vice President".

Last Name

The family name of the user, or last name in most Western languages (for example, 'Jensen' given the full name 'Ms. Barbara Jane Jensen, III').

Locale

Used to indicate the user’s default location for purposes of localizing such items as currency, date time format, or numerical representations. A valid value is a language tag as defined in RFC 5646 (for example, "en-US").

MFA Device Email 1

An email address that the user has paired with the PingOne MFA service.

MFA Device Email 2

An email address that the user has paired with the PingOne MFA service.

MFA Device Email 3

An email address that the user has paired with the PingOne MFA service.

MFA Device SMS 1

An SMS phone number that the user has paired with the PingOne MFA service.

You must enter a valid phone number in international format, including the leading + character. For example, +14155552671.

To avoid issues with message delivery, always include the country code. Phone number formats across the globe are constantly expanding and changing.

The following list contains a few examples of valid ways to format the phone number:

  • +1.5125201234

  • +15125201234

  • +1.512.520.1234

  • +1 (512) 520-1234

MFA Device SMS 2

An SMS phone number that the user has paired with the PingOne MFA service. Learn more about formatting requirements in the MFA Device SMS 1 table entry.

MFA Device SMS 3

An SMS phone number that the user has paired with the PingOne MFA service. Learn more about formatting requirements in the MFA Device SMS 1 table entry.

MFA Device Voice 1

A voice phone number that the user has paired with the PingOne MFA service.

You must enter a valid phone number in international format, including the leading + character. For example, +14155552671.

Always include the country code. Phone number formats across the globe are constantly expanding and changing.

The following list contains a few examples of valid ways to format the phone number:

  • +1.5125201234

  • +15125201234

  • +1.512.520.1234

  • +1 (512) 520-1234

MFA Device Voice 2

A voice phone number that the user has paired with the PingOne MFA service. Learn more about formatting requirements in the MFA Device Voice 1 table entry.

MFA Device Voice 3

A voice phone number that the user has paired with the PingOne MFA service. Learn more about formatting requirements in the MFA Device Voice 1 table entry.

MFA Enabled

When the value is TRUE, the user is allowed to use the PingOne MFA service.

Middle Name

The middle name of the user (for example, 'Jane' given the full name 'Ms. Barbara Jane Jensen, III').

Mobile Phone

The mobile phone number for the user.

This value must consist of a leading plus sign, 1 to 3-digit country code, dot separator, 4 to 14-digit phone number, and optional 1 to 8-digit extension (for example, '+1.3034682900x1234').

Nickname

The casual way to address the user, such as "Bob" instead of "Robert".

Password

The user’s password. Passwords must match the Password Policy configured in PingOne.

Preferred Language

Indicates the user’s preferred written or spoken languages and is generally used for selecting a localized user interface as defined in RFC 7231 (for example, en-US).

Primary Phone

The primary phone number for the user.

This value must consist of a leading plus sign, 1 to 3-digit country code, dot separator, 4 to 14-digit phone number, and optional 1 to 8-digit extension (for example, '+1.3034682900x1234').

Profile Image

The user’s photo URL. A URI that is a uniform resource locator (as defined in Section 1.1.3 of RFC 3986) that points to a resource location representing the user’s image. If provided, the resource URL must point directly to the image (for example, a GIF, JPEG, or PNG) rather than a web page containing an image. It must also have a scheme of http or https.

State / Region

The state or region component for the user’s mailing address.

Street Address

The full street address component, which may include house number, street name, P.O. box, and multi-line extended street address information.

Timezone

The user’s time zone. This must be in IANA Time Zone database format as defined in RFC 6557 (for example, “America/Los_Angeles”).

User Type

Used to identify the relationship between the organization and the user. Typical values used might be "Contractor", "Employee", "Intern", "Temp", "External", and "Unknown", but any value may be used.

ZIP Code

The ZIP or postal code component for the user’s mailing address.