PingOne

Editing an outbound provisioning rule for a connection through an LDAP gateway (early access)

You can edit an existing outbound rule for a connection through an LDAP gateway to change the custom filter and attribute mapping.

You can’t change the source or target connection after a rule is created.

Steps

  1. In the PingOne admin console, go to Integrations > Provisioning

  2. On the Rules tab, click the appropriate rule to open the details panel to edit the following:

    • On Overview tab, click the Pencil icon () to edit the Name or Description.

    • On the Directory click to enter or edit the following:

      • Directory Path (LDAP Base DN): Specifies the LDAP directory location from where users and groups are synced into PingOne.

      • RDN Attribute: The PingOne attribute that will map to the RDN attribute. The RDN attribute is the relative portion of the DN (distinguished name) that uniquely identifies the user in the LDAP directory.

      • User Organizational Units (OUs): Specifies OUs from which to sync users.

        Group provisioning isn’t available.

      • Add Condition: Adds a user filter to define which users to include in provisioning based on population or user attributes.

        • Enter the first condition:

          • Select All or Any to determine how the linked conditions will be evaluated: Boolean logical AND or OR.

          • Attribute: The user attribute to filter on.

          • Operator: Equals is the only operator supported at this time.

          • Value: Enter the appropriate value.

            If you select a group in the filter, updating or deleting the group can cause the provisioning rule to resync.

            If you select a group in the filter, the filter will include all users with any kind of membership in the group. Learn more in Groups.

    • On the Attribute Mapping tab, click and enter or edit the following.

      The default attributes are based on the directory type of the gateway used. For outbound provisioning, the RDN attribute defaults to cn for Active Directory.

    • To add an attribute mapping, click Add and enter the source and target attributes.

    • To use the expression builder, click the Gear icon (). Learn more in Using the expression builder. You can also use list values in the expression builder to create advanced expressions, such as conditional statements.

      • Select values from the Expression list. Some attributes have metadata that define potential values.

    • To delete a mapping, click the Delete icon ().

  3. Click Save.