PingFederate Server

Mapping attributes

Mapping attributes determines how attributes from your user store are mapped to the System for Cross-domain Identity Management (SCIM) attributes in the core schema and custom attributes through a schema extension or to the provisioning fields supported for your organization’s software as a service (SaaS) customer account.

About this task

Edit the mapping of attributes from the local datastore into fields specified by the service provider (SP).

A screen capture of the Attribute Mapping tab configuration.

If you are provisioning for SCIM, your SP can make one or more optional core attributes mandatory. For more information, see the SCIM documentation from the SP or the SCIM Resource Schema representation.

For non-SCIM SaaS connectors, PingFederate automatically retrieves from the vendor the Field Names shown on this tab, but only on the first pass through the configuration flow. If you are using this configuration to modify an existing mapping configuration, click Refresh Fields to synchronize the list with the target if needed.

For each field, the Attribute Mapping option provides a means of adding or modifying the mapping details.

All required attributes listed in the Field Name column, indicated with asterisks, must be mapped. Click View Partner Field Specifications for a summary of requirements for all fields specified for the target partner.

For some fields, PingFederate preselects LDAP attributes commonly used to store the required values.

Steps

  1. Go to Applications → Integration → SP Connections to open the SP Connections configuration window.

  2. To edit an existing SP connection, open an SP connection by clicking on its name in the Connection Name column.

  3. On the Outbound Provisioning tab, click Configure Provisioning to open the Configure Channels configuration window.

    The Outbound Provisioning tab is only visible after you go to the Connection Type tab, select the Outbound Provisioning check box and in the Type list, select the type.

  4. Go to the Manage Channels tab.

  5. Select a channel.

  6. Go to the Attribute Mapping tab.

  7. To edit a field, click Edit in the Action column.

    If you have specified any custom attributes, they are listed at the end of the Attribute Mapping configuration.

  8. On the Attribute Mapping tab, provide mapping details.

    To prevent unexpected errors when reading or encoding binary attributes from Microsoft Active Directory (AD), add any AD binary attributes mapped during provisioning to the LDAP Binary Attributes list in the Data Store Advanced LDAP Options. For more information, see Setting advanced LDAP options.

  9. Repeat steps for each attribute shown in the Field Name column as needed.

    For most fields, if you map more than one attribute from your datastore into a single field at the target location, then you must use an OGNL expression to indicate how to combine the attribute values.

    The only exception is the LDAP Attributes Map field, which is provided primarily to support SCIM attributes specific to PingOne for Enterprise. This field can contain multiple attributes without using OGNL.

  10. Click Next.