Adding a user filter
Add a user filter to specify which identities are provisioned, based on factors such as population, group, or other user attributes.
To map PingOne user attributes from an external identity store, learn more in Adding attribute mapping for outbound provisioning. |
Steps
-
In the PingOne admin console, go to Integrations > Provisioning.
-
Click the Rules tab.
-
Find the appropriate rule and click it to show the rule details.
-
Click the Configuration tab.
-
Click User Filter.
Inbound provisioning rules have an LDAP filter rather than a user filter. Learn more in Adding an LDAP filter.
-
Click the Pencil icon to edit the filter.
-
Define the filter determines which identities are provisioned. Learn more in Example user filters.
-
Enter the first condition:
-
Select All or Any to determine how the linked conditions will be evaluated: Boolean logical AND or OR.
-
Attribute: The user attribute to filter on.
-
Operator: Equals is the only operator supported at this time.
-
Value: Enter the appropriate value.
If you select a group in the filter, updating or deleting the group can cause the provisioning rule to resync.
If you select a group in the filter, the filter will include all users with any kind of membership in the group. Learn more in Groups.
-
-
(Optional) Click Add + to add another condition or condition set.
-
Click Save.
Example 1
A filter that includes users from the USA and Canada. Include users that match the following:
Country Code Equals US
OR
Country Code Equals CA

Example 2
A filter that includes users from the following populations:
Population Name Equals Marketing
OR
Population Name Equals HR
