PingFederate Server

Identifying expected user attributes for the SCIM response

An attribute contract is a set of user attributes that you and your partner agree will be sent in a System for Cross-domain Identity Management (SCIM) response for this connection.

About this task

On the Attribute Contract tab, the attributes you mapped to user account attributes on the Write Users tab appear under Attribute Contract.

Screen capture of the Attribute Contract tab.

Optionally, you can mask the values of attributes in the log files that PingFederate writes when it sends the SCIM response.

There are multiple SCIM attributes that are managed internally by PingFederate and are unavailable for inclusion in the attribute contract:

  • id

  • active

Steps

  1. Click Available SCIM Attributes near the lower-left corner of the tab to include additional attributes you want to map in the SCIM response.

    Option Action

    Add an attribute

    Enter the attribute name in the text box, select the check box under Mask Values in Log as needed, then click Add.

    Attribute names are case-sensitive and must correspond to the attribute names expected by your partner. To see a list of available attributes, click Available SCIM attributes.

    Modify an attribute name or masking selection

    Click Edit under Action for the attribute, make the change, then click Update.

    If you change your mind, make sure you click Cancel under Actions, not the Cancel button, which discards any other changes you might have made in the configuration steps.

    Delete an attribute

    Click Delete under Action for the attribute.