PingDirectory

Configuring global sensitive attributes

The PingDirectory server supports the ability to define sensitive attributes as a global configuration option so that they’re automatically used across all client connection policies.

About this task

Administrators can assign one or more sensitive attribute definitions to a client connection policy.

When working in an environment with multiple client connection policies, it can be easy to add a sensitive attribute definition to one policy but overlook it in another.

Steps

  • To add a global sensitive attribute across all client connection policies, run the dsconfig tool.

    Example:

    The following command adds the employeeSSN as a global sensitive attribute, which is applied across all client connection policies.

    $ bin/dsconfig set-global-configuration-prop --add "sensitive-attribute:employeeSSN"