PingFederate Server

Defining a unique user ID

On the Unique user ID tab, you can create an LDAP filter to resolve user accounts for System for Cross-domain Identity Management (SCIM) operations.

About this task

PingFederate uses LDAP filter in conjunction with the Base DN value, defined on the Location tab, to add new account records.

Screen capture of the Unique User ID tab showing the Filter field.

This tab only appears if you are configuring an LDAP user store for provisioning.

Steps

Enter the statement in the Filter text field.The filter is in the form: attribute=$\{value} where attribute is an attribute in your user-datastore and value is the attribute value or values passed in from the SCIM request. To see a list of available attributes in your user-datastore, click View List of Available LDAP Attributes. Variables for these attributes, including the correct syntax, are listed under SCIM Attributes.

Unlike filters used to retrieve LDAP attributes for adapter mapping, do not enclose the statement in parentheses.

You can reference attribute values in the form of $\{attributeName:-defaultValue}. When specified, it is used at runtime if the attribute value is not available. Do not use $\{ and } in the default value. This is optional.

If you are unfamiliar with writing LDAP queries, see the documentation accompanying your LDAP installation.