--- title: IdentityStoreUserProvisioner interface implementation description: The IdentityStoreUserProvisioner interface is deprecated, but you can still implement it to provision and deprovision users to an external user store. component: pingfederate version: 13.0 page_id: pingfederate:sdk_developers_guide:identitystoreuserprovisioner_interface_implemen canonical_url: https://docs.pingidentity.com/pingfederate/13.0/sdk_developers_guide/identitystoreuserprovisioner_interface_implemen.html revdate: July 5, 2022 section_ids: create-user: Create user read-user: Read user update-user: Update user delete-user: Delete user --- # IdentityStoreUserProvisioner interface implementation The `IdentityStoreUserProvisioner` interface is deprecated, but you can still implement it to provision and deprovision users to an external user store. The `IdentityStoreUserProvisioner` interface is deprecated. Developers can implement it to provision and deprovision users, but they should implement either the `IdentityStoreProvisionerWithFiltering` or `IdentityStoreProvisioner` interface. | | | | - | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | | | The `IdentityStoreUserProvisioner` interface does not provision or deprovision groups. For group support, see [`IdentityStoreProvisionerWithFiltering` interface implementation](identitystoreprovisionerwithfiltering_interface_implemen.html). | The following Java packages are required for implementing the interface: * `com.pingidentity.sdk.provision` * `com.pingidentity.sdk.provision.exception` * `com.pingidentity.sdk.provision.users.request` * `com.pingidentity.sdk.provision.users.response` For each identity store provisioner implementation, in addition to the methods described under [Shared plugin interfaces](pf_share_plugin_interface.html), you must implement the following methods: * Create user * Read user * Update user * Delete user ## Create user ``` UserResponseContext createUser(CreateUserRequestContext createRequestCtx) throws IdentityStoreException ``` PingFederate invokes the `createUser()` method of your identity store provisioner in response to create-user requests made to PingFederate services, such as inbound provisioning. This method creates the user in the user store managed by the identity store provisioner. The `CreateUserRequestContext` contains all information needed to fulfill the request. If the user is successfully provisioned, the method returns a `UserResponseContext` containing the user attributes used to provision the user. The method throws an `IdentityStoreException` if an error occurred during the creation process. See the `com.pingidentity.sdk.provision.exception` package for exceptions that can be thrown. ## Read user ``` UserResponseContext readUser(ReadUserRequestContext readRequestCtx) throws IdentityStoreException ``` PingFederate invokes the `readUser()` method of your identity store provisioner in response to get-user requests made to PingFederate services, such as inbound provisioning. This method retrieves user data from the user store managed by the identity store provisioner. The `ReadUserRequestContext` contains all information needed to fulfill the request. If the user data is successfully retrieved, the method returns a `UserResponseContext` containing the user attributes for the user. The method throws an `IdentityStoreException` if an error occurred during the retrieval process. See the `com.pingidentity.sdk.provision.exception` package for exceptions that can be thrown. ## Update user ``` UserResponseContext updateUser(UpdateUserRequestContext updateRequestCtx) throws IdentityStoreException ``` PingFederate invokes the `updateUser()` method of your identity store provisioner in response to update-user requests made to PingFederate services, such as inbound provisioning. This method updates the user in the user store managed by the identity store provisioner. The `UpdateUserRequestContext` contains all information needed to fulfill the request. If the user data is successfully updated, the method returns a `UserResponseContext` containing the user's updated attributes. The method throws an `IdentityStoreException` if an error occurred during the update process. See the `com.pingidentity.sdk.provision.exception` package for exceptions that can be thrown. ## Delete user ``` void deleteUser(DeleteUserRequestContext deleteRequestCtx) throws IdentityStoreException ``` PingFederate invokes the `deleteUser()` method of your identity store provisioner in response to delete-user requests made to PingFederate services, such as inbound provisioning. This method deprovisions the user in the user store managed by the identity store provisioner. The `DeleteUserRequestContext` contains all information needed to fulfill the request. The method throws an `IdentityStoreException` if an error occurred during the deprovision process. See the `com.pingidentity.sdk.provision.exception` package for exceptions that can be thrown. | | | | - | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | | The plugin implementation can choose not to permanently delete the resource, but must return a `NotFoundException` for all `readUser()`, `updateUser()`, and `deleteUser()` operations associated with the previously deleted ID. In addition, the plugin must not consider the deleted user in conflict calculation. For example, a `createUser()` request for a user with a previously deleted ID should not throw a `ConflictException`. |