PingFederate Server

Identifying inbound provisioning group attributes for LDAP

You must identify the datastore attributes you want to provision when writing group information to the datastore.

About this task

You can identify these attributes on the Attributes tab.

Screen capture of the Attributes tab.

This tab only appears if you are configuring an LDAP user store for provisioning and the User and Group Support option is selected on the Connection Type tab.

PingFederate internally manages several attributes that do not require mapping:

  • objectClass

  • objectGUID

  • member

You can override the internal management of objectClass by selecting and mapping it to a System for Cross-domain Identity Management (SCIM) attribute on the Attribute Fulfillment tab. In this case, the values you supply are used. The objectGUID and member attributes cannot be overridden and are ignored if selected.

Steps

  1. Select a root object class and an attribute from the lists, and then click Add Attribute.

  2. Repeat the previous step for each attribute requiring provisioning.