PingOne

Editing an inbound provisioning rule for a connection through an LDAP gateway (early access)

You can edit an existing inbound rule for a connection through an LDAP gateway to change the custom filter and attribute mapping.

You can’t change the source or target connection after a rule is created.

Steps

  1. In the PingOne admin console, go to Integrations > Provisioning

  2. On the Rules tab, click the appropriate rule to open the details panel to edit the following:

    • On Overview tab, click the Pencil icon () to edit the Name or Description.

    • On the Directory click to enter or edit the following:

      • Directory Path (LDAP Base DN): Specifies the LDAP directory location from where users and groups are synced into PingOne.

      • User Organizational Units (OUs): Specifies OUs from which to sync users.

      • Add Condition: Adds an LDAP filter to define the users to provision to PingOne. Learn more in LDAP filters.

    • On the Attribute Mapping tab, click and enter or edit the following:

      • To add an attribute mapping, click Add and enter the source and target attributes.

      • To add a new source attribute, enter the attribute name. In the list, select the ADD:ADD:<attribute-name> attribute. Map the added attribute to a target attribute.

      • To use the expression builder, click the Gear icon (). Learn more in Using the expression builder.

      • To delete a mapping, click the Delete icon.

    • On the Onboarding Settings tab, click and enter or edit the following:

      • In the Populations list, select a population. When users are synced to PingOne, they’re added to the specified population.

      • In Authoritative Identity Provider, PingOne is automatically set as the authoritative identity provider (IdP).

      • Select the Set default password for new users checkbox to specify the default password in PingOne for users synced in from an external identity store as a source.

      • Click Define Password Logic, to create a complex password using the functions in the expression builder. Learn more in Using the expression builder.

      • Select the Force password reset on first sign on checkbox to force users to reset their password the first time they authenticate through PingOne.

      • In the MFA Device Management list, select one of the following to control how the provisioner can impact MFA devices that are managed by a PingOne service (for example, PingOne MFA and PingID):

        • Merge with devices in PingOne (default): Select this option to add a device from the identity store into a user’s existing device in PingOne.

        • Overwrite devices in PingOne: Select this option to replace configured user devices in PingOne from the identity store. Only new devices mapped under attribute mappings are added.

        • Do not manage devices: Select this option to disable device management. This option is recommended for users using PingID in the same environment and to avoid unexpected device unpairing from nickname conflicts. Inbound provisioning and PingID use the same device nicknames and cause device unpairing.

  3. Click Save.