Adding a user filter
Add a user filter to specify which identities are provisioned, based on factors such as population, group, or other user attributes.
Steps
-
Go to Integrations → Provisioning.
-
Click the Rules tab.
-
Find the appropriate rule and click it to show the rule details.
-
Click the Configuration tab.
-
Click the User filter button.
Inbound provisioning rules have an LDAP filter rather than a User filter. See Adding an LDAP filter.
-
Click the pencil icon to edit the filter.
-
Define the filter that determines which identities are provisioned. For more information, see Example user filters.
-
Enter the first condition:
-
Select All or Any to determine how the linked conditions will be evaluated: Boolean logical AND or OR.
-
Attribute. The user attribute to filter on.
-
Operator. Equals. Equals is the only operator supported at this time.
-
Value. Enter the appropriate value.
-
If you select a group in the filter, then updating or deleting the group can cause the provisioning rule to re-sync.
-
If you select a group in the filter, the filter will include all users with any kind of membership in the group, whether direct, dynamic membership based on a user filter, or inherited from parent groups. For more information, see Groups.
-
-
-
If needed, click Add + to add another condition or condition set.
-
Continue adding conditions or condition sets as needed.
-
Click Save.
Next steps
-
To map PingOne user attributes from an external identity store, follow the instructions in Adding attribute mapping for outbound provisioning.
-
For workday inbound rule, see Workday attribute mapping.