Creating an inbound rule
Create a rule to define which users are provisioned to PingOne and how attributes are mapped between the external identity store and PingOne.
About this task
If you are creating a rule for a connection through an LDAP gateway, see Creating an inbound rule for a connection through an LDAP gateway.
Steps
-
Go to Integrations → Provisioning.
-
Click and then click New rule.
-
Enter a name and description for the rule. The rule name will appear in the list when you’ve completed and saved the rule.
-
Click Create rule.
-
On the Configuration tab, click the Source icon. Under Available connections, click to add an appropriate connection as a source. If you haven’t created a connection yet, see Creating a connection. You can add disabled connections to a source or target, but the connection must be enabled to enable an associated rule. PingOne will automatically be added as the target.
Not all provisioning connection types support inbound provisioning.
-
Click Save.
-
On the Configuration tab, click the Target icon.
-
Click the See Details link and then click the pencil icon.
-
For Actions, enter or edit the following:
-
Allow users to be created. Determines whether to create a user in the PingOne user store when the user is created in the source identity store.
-
Allow users to be updated. Determines whether to update user attributes in the PingOne user store when the user is updated in the source identity store.
-
Allow users to be disabled. When a user is disabled in the source identity store, PingOne disables the user in the PingOne identity store.
-
-
Allow users to be deprovisioned. Determines whether to deprovision a user in the PingOne identity store when the user is deprovisioned in the source identity store.
-
Remove action. Determines the action to take when removing a user from the source identity store.
-
Delete. When a user is deprovisioned from the source identity store, PingOne deletes the user in the PingOne identity store.
-
Disable. When a user is deprovisioned from the source identity store, PingOne disables the user in the PingOne identity store.
-
-
Deprovision on rule deletion. Determines whether to deprovision users that were provisioned using this rule if the rule is deleted.
-
-
Click Save.
Next steps
-
To specify which identities are provisioned based on factors such as active users or other source user attributes, follow the instructions in Adding a user filter.
-
To specify additional options for onboarding new users, follow the instructions in Adding attribute mapping for inbound provisioning.