PingOne

Creating an inbound rule for a connection through an LDAP gateway

For inbound gateway connections, you can configure an LDAP filter that specifies which users to provision.

Before you begin

Make sure that you have:

The Users Base DN that defines the users you want to provision. For inbound provisioning, it specifies the source of the users that will be imported into PingOne.

For inbound provisioning rules, you should use the same Users Base DN value as the user type in the Gateway configuration. This enables users to be authenticated through the LDAP Gateway for syncing passwords. Learn more in Adding a user type.

Steps

  1. In the PingOne admin console, go to Integrations > Provisioning.

  2. Click and then click New Rule.

  3. Enter a name and description for the rule. The rule name will appear in the list when you’ve completed and saved the rule.

  4. Click Create Rule.

  5. On the Configuration tab, click Source.

  6. In the Available Connections section, click the icon to add the appropriate gateway as the source connection.

    PingOne is automatically added as the target.

    If you haven’t created the appropriate connection yet, refer to Creating provisioning connections. You can add disabled connections to a source or target, but the connection must be enabled to enable an associated rule.

  7. Enter the Users Base DN. The Users Base DN specifies the location in the LDAP directory structure where PingOne provisioning will search for users.

    For users to be found, they must be located under the Users Base DN.

    A stricter Users Base DN will match fewer users in the directory. For example, ou=Users,dc=lab,dc=local is more strict than dc=lab,dc=local because it will match only objects under the Users Organizational Unit.

  8. Click Save.

  9. To enable the rule, click the toggle at the top of the details panel to the right (blue).

    You can disable the rule by clicking the toggle to the left (gray).

Next steps

To create an LDAP filter expression and define the users that will be provisioned, follow the instructions in Adding an LDAP filter.

To specify additional options for onboarding new users, follow the instructions in Adding attribute mapping for inbound provisioning.