Creating an inbound rule for a connection through an LDAP gateway
For inbound gateway connections, you can configure an LDAP filter that specifies which users to provision.
Before you begin
Ensure that you have the Users Base DN that defines the users you want to provision. For inbound provisioning, it specifies the source of the users that will be imported into PingOne.
|
For inbound provisioning rules, we recommend that you use the same Users Base DN value as the user type in the Gateway configuration. This enables users to be authenticated through the LDAP Gateway for syncing passwords. For more information, see Adding a user type. |
Steps
-
Go to Integrations → Provisioning.
-
Click and then click New rule.
-
Enter a name and description for the rule. The rule name will appear in the list when you’ve completed and saved the rule.
-
Click Create rule.
-
Click the Source button, and then click the icon for the appropriate gateway to add it as the source connection. PingOne will be automatically added as the target.
If you haven’t created the appropriate connection yet, see Creating a connection. You can add disabled connections to a source or target, but the connection must be enabled to enable an associated rule.
-
Enter the Users Base DN. The Users Base DN specifies the location in the LDAP directory structure where PingOne provisioning will search for users. For users to be found, they must be located under the Users Base DN.
A stricter Users Base DN will match fewer users in the directory. For example,
ou=Users,dc=lab,dc=localis more strict thandc=lab,dc=localbecause it will match only objects under the Users Organizational Unit. -
Click Save.
Next steps
-
To create an LDAP filter expression and define the users that will be provisioned, follow the instructions in Adding an LDAP filter.
-
To specify additional options for onboarding new users, follow the instructions in Adding attribute mapping for inbound provisioning.