PingDirectory

Configuring synchronization to a SCIM 2.0 server

The PingDataSync server supports System for Cross-domain Identity Management (SCIM) 2.0 servers as a sync destination, which means that it is possible to push changes (including creates, modifies, and deletes) read from another source to a server using the SCIM 2.0 protocol described in RFC 7644.

To view an example Active Directory to SCIM 2.0 configuration, see the file located at <server-root>/config/sample-dsconfig-batch-files/reference-sync-activedirectory-to-scim2.dsconfig.

It is currently not possible to use a SCIM 2.0 server as a source, enabling changes made in that server to synchronize to other types of destinations.

The create-sync-pipe-config tool does not provide support for creating a sync pipe with a SCIM 2.0 sync destination, so you will need to create the necessary configuration manually using a tool like dsconfig or the administrative console. This involves the following steps:

  1. Creating a sync source to allow the PingDataSync server to pull the changes to be synchronized. See Configure the sync source.

  2. Optionally configuring a changelog password decryption key in the PingDataSync server if the source is a PingDirectory server instance. See Configure the changelog password decryption key in the PingDataSync server (optional).

  3. Configuring a SCIM 2.0 external server with the details necessary to connect and authenticate to the destination server. See Configure the SCIM 2.0 external server.

  4. Configuring a set of SCIM 2.0 attribute mappings to describe how the PingDataSync server should map attributes from the internal LDAP representation of entries obtained from the sync source into a form that can be sent to the SCIM 2.0 server. See Configure SCIM 2.0 attribute mappings.

  5. Configuring one or more SCIM 2.0 endpoint mappings to provide information about the endpoints to which changes will be synchronized in the SCIM 2.0 server, including the attribute mappings for attributes associated with each endpoint. See Configure SCIM 2.0 endpoint mappings.

  6. Configuring a SCIM 2.0 sync destination, which references the SCIM 2.0 external server and endpoint mappings created in earlier steps, and provides additional configuration options. See Configure the SCIM 2.0 sync destination.

  7. Configuring a sync pipe to associate the appropriate sync source with the SCIM 2.0 sync destination. See Configure a sync pipe.

  8. Configuring one or more sync classes for that sync pipe to indicate how the PingDataSync server should treat various types of entries read from the source when pushing changes to the destination. See Configure sync classes.

  9. Optionally using the realtime-sync set-startpoint command to set the startpoint at the end of the changelog if the source is a PingDirectory server instance. See Set the changelog startpoint for the sync source (optional).

  10. Using the resync tool to perform an initial bulk synchronization of the content in the sync source into the SCIM 2.0 sync destination. See Perform an initial bulk synchronization with the resync command.

  11. Using the realtime-sync start command to start synchronizing changes from the source into the SCIM 2.0 sync destination. See Start real-time synchronization.