PingOne

Adding a user in PingOne

Add users to the PingOne directory on the Users page.

The fields you can see and configure when adding a user in PingOne differ depending on your administrator role assignment:

Identity Data Admin role or a custom role with equivalent permissions

You can select or update the population for the user.

Advanced Help Desk Admin role or a custom role with equivalent permissions scoped to the population level

You can select or update the population for the user.

Advanced Help Desk Admin role or a custom role with equivalent permissions scoped to the group level

You can’t see the Population field or assign a user to a population directly. The population assignment depends on the group to which you add the user.

In environments using PingFederate as the identity provider (IdP), adding a user in PingOne doesn’t create the user in the PingFederate user directory. The ability to create a user in PingOne is provided as an option for multi-factor authentication (MFA) testing.

If your environment is configured with custom user attributes, the fields in the UI might not match the fields described here.

Steps

  1. In the PingOne admin console, go to Directory > Users.

  2. Click the Plus icon () and select Create User.

  3. Enter the following information.

    If your environment is configured with custom user attributes, the fields in the user interface might not match the fields described here.
    Field Description

    Given Name

    The user’s first name.

    Family Name

    The user’s last name.

    Username (required)

    A unique identifier for the user.

    In a workforce environment, you can’t change the username after it is set.

    Don’t use sensitive personal information (SPI) in usernames. SPI includes details about political or religious affiliations, race, ethnicity, sexual orientation, medical or criminal history, and personal identification numbers such as Social Security numbers.

    Email

    A valid email address for the user.

    Require Email to be Verified

    Select to require users to verify their email address by entering an one-time passcode (OTP) sent to their email to complete the PingOne account creation.

    Population

    This field appears and is required if you’re assigned the Identity Data Admin role, the Advanced Help Desk Admin scoped to the population level, or a custom role equivalent to one of those roles.

    The population to which you want to add the user. If a default population is configured for the environment, that population is selected automatically, but you can select a different population. Learn more in Populations.

    Group

    If you’re assigned the Advanced Help Desk Admin or an equivalent custom role and it is scoped to the group level, this field is required. Otherwise this field is optional. Groups in this list are limited to those over which you have administrator permissions.

    The group to which you want to add the user. You can select only one group when you create a user, but you can edit the user after creation to add them to more groups. Learn more in Groups.

    Authoritative Identity Provider

    An authoritative IdP has authority over user records and credentials. By default, PingOne is the user’s authoritative IdP, meaning that users authenticate and are managed in PingOne.

    If you’ve configured external IdPs in the environment, you can select one of them in the list. Learn more in Authoritative identity providers.

    Password

    An initial password for the user.

    To generate a strong password you can provide to the user, click Generate password.

    Click the Eye icon () to show the password in plain text.
    Add user page

  4. Click Save.

Result

The user is created in the PingOne directory. You can edit a user profile after creation to provide more information. Learn more in Editing a user in PingOne.

If you have the Advanced Help Desk Admin role or a custom role with equivalent permissions scoped to the group role, the user is assigned to a population based on the following factors:

  • If the group you added the user to is a population-level group, the user is added to the same population to which the group belongs.

  • If the group you added the user to is an environment-level group and a default population is defined for the environment, the user is added to the default population.

In edge cases where no default population is defined for the environment, the following occurs:

  • If the administrator creating the user is in the same environment as the new user, the user is assigned to the same population as the administrator.

  • If the administrator isn’t in the same environment as the new user, user creation fails.