PingFederate Server

Configuring identity repository settings

Set up a customized directory configure identity repository settings either immediately or at a later time.

About this task

On the Identities tab, you can optionally connect to a directory server.

Steps

  • Go to System → External Systems → Connect to PingOne for Enterprise and access the Identities tab.

  • To enable directory integration, select Yes, Connect a Directory Server.

    You can create a new datastore or reuse an existing datastore in this configuration.

    Create a new datastore

    Provide the required information to connect to a directory server, and then click Next.More information about each field is provided in the following table.

    Field Description

    Directory Type

    Select the type of directory server from the list.

    See System requirements for a list of supported directory servers.

    Data Store Name

    Enter the name of the datastore.

    Hostname

    Enter the location of the directory server.

    It can be the IP address, the host name, or the fully qualified domain name of the directory server. The entry might include a port number.

    Service Account DN

    Enter the distinguished name (DN) of the service account that PingFederate can use to communicate with the directory server.

    Password

    Enter the password associated with the service account.

    Search Base

    Enter the DN of the location in the directory where PingFederate begins its datastore queries.

    Search Filter

    Enter the LDAP query to locate a user record for attribute lookup and potentially credential validation.

    The default value is either sAMAccountName=${username} or uid=${username}, depending on the selected directory type.

    If you require a more advanced search filter, ensure the value is a valid LDAP filter. For more information, consult your directory administrators.

    When you click Next, PingFederate tries to establish a secure (LDAPS) connection to the directory server.If the directory server does not support LDAPS, the Unsecure Connection window appears. If you want to continue without a secure connection, click Next. Alternatively, you can go back to the Identities tab and specify a different directory server.If the certificate presented by the directory server is not trusted by PingFederate, the Certificate Error window appears. You can import the certificate used by the directory server to establish a secure connection, and then click Next in the Identities tab and specify a different directory server.

    Use an existing datastore

    Click Begin, and then follow the on-screen instructions to create a service provider (SP) connection to PingOne for Enterprise.

    Optional: To set up a directory later, select No, Don’t Connect a Directory Server and then click Next.

    This setup scenario is suitable for proof of concept. Multiple local test accounts are created as a result.