PingFederate Server

Identifying inbound provisioning attributes for LDAP

When configuring System for Cross-domain Identity Management (SCIM) inbound provisioning, you must identity the attributes you want to provision.

About this task

You can select the datastore attributes you want to provision on the Attributes tab.

This tab appears only if you are configuring an LDAP user store for provisioning.
Screen capture of the Attributes tab.

The following attributes are managed internally by PingFederate and do not require mapping:

  • objectClass

  • unicodePwd

  • objectGUID

  • userAccountControl

You can override the internal management of objectClass and unicodePwd by selecting these attributes and mapping them to SCIM attributes on the Attribute Fulfillment tab. In this case, the values you supply are used. The objectGUID and userAccountControl attributes cannot be overridden and are ignored if selected.

Steps

  1. Select a root object class and an attribute from the lists, then click Add Attribute.

    Do not add cn as one of the attributes.

    Screen capture of the Root Object Class and Attribute fields. Do not add CN as one of the attributes

  2. Repeat the previous step for each attribute requiring provisioning.