PingFederate Server

Configuring outbound provisioning settings

You can select the database that PingFederate should use internally to facilitate provisioning for service providers when PingFederate is configured as an identity provider (IdP).

Before you begin

Before configuring outbound provisioning settings, you must enable outbound provisioning through the pf.provisioner.mode property in the <pf_install>/pingfederate/bin/run.properties file. For more information, see Configuring PingFederate properties.

If you want to use failover provisioning, configure the provisioner.node.id and provisioner.failover.grace.period properties, which are also located in <pf_install>/pingfederate/bin/run.properties. These properties are described in Deploying provisioning failover.

About this task

The database stores the state of synchronization between the source datastore and the target datastore, enabling periodic checking to determine whether updates are required at the target site. PingFederate checks the source datastore for changes every minute by default. As needed, you can change the provisioning synchronization frequency on this tab as well.

Use the built-in HSQLDB only for trial or training environments. For testing and production environments, always use a secured external storage solution for proper functioning in a clustered environment.

Testing involving HSQLDB is not a valid test. In both testing and production, it might cause various problems due to its limitations and HSQLDB involved cases are not supported by Ping Identity.

PingFederate is tested with Amazon Aurora (MySQL and PostgreSQL), Microsoft SQL Server, Oracle Database, Oracle MySQL, and PostgreSQL as internal provisioning datastores. A demonstration-only, embedded HSQLDB database is installed by default. Scripts to aid setup are in the directory <pf_install>/pingfederate/server/default/conf/provisioner/sql-scripts.

Steps

  1. Go to System → Server → Protocol Settings.

  2. On the Outbound Provisioning tab, from the Provisioning Data Store list, select a datastore.

    If the datastore you want is not shown in the list, PingFederate is not yet configured to access the store. Click Manage Data Stores to create a connection to the datastore.

  3. Change the Synchronization Frequency value.

    The default value is 60 seconds.

  4. Click Next and continue with the rest of the configuration.

    When editing an existing configuration, you can also click Save as soon as the administrative console offers the opportunity to do so.