Creating an outbound rule for a connection through an LDAP gateway
Create a rule to define which users are provisioned and how attributes are mapped between PingOne and the LDAP directory.
Before you begin
Make sure you have:
-
The RDN attribute that specifies the relative portion of the DN (distinguished name), which uniquely identifies the user in the LDAP directory.
-
The Base DN that specifies where the users will be created in the LDAP directory.
Steps
-
In the PingOne admin console, go to Integrations > Provisioning.
-
Click and then click New Rule.
-
Enter a name and description for the rule. The rule name will appear in the list when you’ve completed and saved the rule.
-
Click Create Rule.
-
On the Configuration tab, click Target.
-
In the Available Connections section, click the icon to add the appropriate gateway as the target connection.
PingOne Directory is automatically added as the source.
If you haven’t created the appropriate connection yet, see Creating an LDAP gateway provisioning connection. You can add disabled connections to a source or target, but the connection must be enabled to enable an associated rule.
-
Enter the following:
-
RDN Attribute: Select the PingOne attribute that will map to the RDN attribute. The RDN attribute is the relative portion of the DN (distinguished name) that uniquely identifies the user in the LDAP directory
The default attributes are based on the directory type of the gateway used.
-
For Active Directory,
RDN
defaults tocn
. -
For PingDirectory,
RDN
defaults touid
.
-
-
Base DN. Specifies the location in the LDAP directory structure where users will be created. Learn more in Distinguished Names in the Microsoft LDAP documentation.
-
-
Click Save.
-
To enable the rule, click the toggle at the top of the details panel to the right (blue).
You can disable the rule by clicking the toggle to the left (gray).
Next steps
-
To specify which identities are provisioned based on factors such as population, group, or other user attributes, follow the instructions in Adding a user filter.
-
To map PingOne user attributes from an external identity store, follow the instructions in Adding attribute mapping for outbound provisioning.