Configuring identity repository settings

Set up a customized directory configure identity repository settings either immediately or at a later time.

About this task

On the Identities tab, you can optionally connect to a directory server.

Steps

Go to System → External Systems → Connect to PingOne for Enterprise and access the Identities tab.

To enable directory integration, select Yes, Connect a Directory Server.

You can create a new datastore or reuse an existing datastore in this configuration.

Create a new datastore

Provide the required information to connect to a directory server, and then click Next.More information about each field is provided in the following table.

Field Description

Field	Description
Directory Type	Select the type of directory server from the list. See System requirements for a list of supported directory servers.
Data Store Name	Enter the name of the datastore.
Hostname	Enter the location of the directory server. It can be the IP address, the host name, or the fully qualified domain name of the directory server. The entry might include a port number.
Service Account DN	Enter the distinguished name (DN) of the service account that PingFederate can use to communicate with the directory server.
Password	Enter the password associated with the service account.
Search Base	Enter the DN of the location in the directory where PingFederate begins its datastore queries.
Search Filter	Enter the LDAP query to locate a user record for attribute lookup and potentially credential validation. The default value is either `sAMAccountName=$username` or `uid=$username`, depending on the selected directory type. If you require a more advanced search filter, ensure the value is a valid LDAP filter. For more information, consult your directory administrators.

Directory Type

Select the type of directory server from the list.

See System requirements for a list of supported directory servers.

Data Store Name

Enter the name of the datastore.

Hostname

Enter the location of the directory server.

It can be the IP address, the host name, or the fully qualified domain name of the directory server. The entry might include a port number.

Service Account DN

Enter the distinguished name (DN) of the service account that PingFederate can use to communicate with the directory server.

Password

Enter the password associated with the service account.

Search Base

Enter the DN of the location in the directory where PingFederate begins its datastore queries.

Search Filter

Enter the LDAP query to locate a user record for attribute lookup and potentially credential validation.

The default value is either sAMAccountName=$username or uid=$username, depending on the selected directory type.

If you require a more advanced search filter, ensure the value is a valid LDAP filter. For more information, consult your directory administrators.

When you click Next, PingFederate tries to establish a secure (LDAPS) connection to the directory server.If the directory server does not support LDAPS, the Unsecure Connection window appears. If you want to continue without a secure connection, click Next. Alternatively, you can go back to the Identities tab and specify a different directory server.If the certificate presented by the directory server is not trusted by PingFederate, the Certificate Error window appears. You can import the certificate used by the directory server to establish a secure connection, and then click Next in the Identities tab and specify a different directory server.

Use an existing datastore

Click Begin, and then follow the on-screen instructions to create a service provider (SP) connection to PingOne for Enterprise.

Optional: To set up a directory later, select No, Don’t Connect a Directory Server and then click Next.

This setup scenario is suitable for proof of concept. Multiple local test accounts are created as a result.

PingFederate Server

Configuring identity repository settings

About this task

Steps