Adding a user filter

Add a user filter to specify which identities are provisioned, based on factors such as population, group, or other user attributes.

To map PingOne user attributes from an external identity store, learn more in Adding attribute mapping for outbound provisioning.

Steps

In the PingOne admin console, go to Integrations > Provisioning.
Click the Rules tab.
Find the appropriate rule and click it to show the rule details.
Click the Configuration tab.
Click User Filter.

Inbound provisioning rules have an LDAP filter rather than a user filter. Learn more in Adding an LDAP filter.
Click the Pencil icon to edit the filter.
Define the filter determines which identities are provisioned. Learn more in Example user filters.

Enter the first condition:

Select All or Any to determine how the linked conditions will be evaluated: Boolean logical AND or OR.
Attribute: The user attribute to filter on.
Operator: Equals is the only operator supported at this time.

Value: Enter the appropriate value.

If you select a group in the filter, updating or deleting the group can cause the provisioning rule to resync.

If you select a group in the filter, the filter will include all users with any kind of membership in the group. Learn more in Groups.

This section shows some example user filters to define users for provisioning.

A filter that includes users from the USA and Canada. Include users that match the following:

Country Code Equals US

Country Code Equals CA

A filter that includes users from the following populations:

Population Name Equals Marketing

Population Name Equals HR

A filter that includes enabled users from the following populations:

Population Name Equals Marketing

Population Name Equals HR

AND

Enabled Equals true

A filter that includes users from the Engineering and Marketing groups. Include users that match the following:

Group Names Contains Engineering

Group Names Contains Marketing