PingOne

Creating an inbound rule

Create a rule to define which users are provisioned to PingOne and how attributes are mapped between the external identity store and PingOne.

About this task

If you are creating a rule for a connection through an LDAP gateway, see Creating an inbound rule for a connection through an LDAP gateway.

Steps

  1. Go to Integrations → Provisioning.

  2. Click and then click New rule.

  3. Enter a name and description for the rule. The rule name will appear in the list when you’ve completed and saved the rule.

  4. Click Create rule.

  5. On the Configuration tab, click the Source icon. Under Available connections, click to add an appropriate connection as a source. If you haven’t created a connection yet, see Creating a connection. You can add disabled connections to a source or target, but the connection must be enabled to enable an associated rule. PingOne will automatically be added as the target.

    Not all provisioning connection types support inbound provisioning.

  6. Click Save.

  7. On the Configuration tab, click the Target icon.

  8. Click the See Details link and then click the pencil icon.

  9. For Actions, enter or edit the following:

    • Allow users to be created. Determines whether to create a user in the PingOne user store when the user is created in the source identity store.

    • Allow users to be updated. Determines whether to update user attributes in the PingOne user store when the user is updated in the source identity store.

      • Allow users to be disabled. When a user is disabled in the source identity store, PingOne disables the user in the PingOne identity store.

    • Allow users to be deprovisioned. Determines whether to deprovision a user in the PingOne identity store when the user is deprovisioned in the source identity store.

    • Remove action. Determines the action to take when removing a user from the source identity store.

      • Delete. When a user is deprovisioned from the source identity store, PingOne deletes the user in the PingOne identity store.

      • Disable. When a user is deprovisioned from the source identity store, PingOne disables the user in the PingOne identity store.

    • Deprovision on rule deletion. Determines whether to deprovision users that were provisioned using this rule if the rule is deleted.

  10. Click Save.

Next steps