PingOne

Editing an outbound rule for a connection through an LDAP gateway

You can edit an existing outbound rule for a connection through an LDAP gateway to change the custom filter and attribute mapping.

You can’t change the source or target connection after a rule is created.

Steps

  1. In the PingOne admin console, go to Integrations > Provisioning.

  2. On the Rules tab, click the appropriate rule to open the details panel to edit the following:

    • On Overview tab, click the Pencil icon () to edit the Name or Description.

    • On the Directory tab, click to enter or edit the following:

      • Directory Path (LDAP Base DN): Specifies the LDAP directory location from where users and groups are synced into PingOne.

      • RDN Attribute: The PingOne attribute that will map to the relative distinguished name (RDN) attribute. The RDN attribute is the relative portion of the distinguished name (DN) that uniquely identifies the user in the LDAP directory.

      • User Organizational Units (OUs): Specifies OUs from which to sync users.

      • Add Condition: Adds a user filter to define which users to include in provisioning based on population or user attributes.

        • Enter the first condition:

          • Select All or Any to determine how the linked conditions will be evaluated: Boolean logical AND or OR.

          • Attribute: The user attribute on which to filter.

          • Operator: Equals is the only operator supported at this time.

          • Value: Enter the appropriate value.

            If you select a group in the filter, updating or deleting the group can cause the provisioning rule to resync.

            If you select a group in the filter, the filter will include all users with any kind of membership in the group. Learn more in Groups.

    • On the Attribute Mapping tab, click and enter or edit the following.

      The default attributes are based on the directory type of the gateway used. For outbound provisioning, the RDN attribute defaults to cn for Active Directory.

    • To add an attribute mapping, click Add and enter the source and target attributes.

    • To use the expression builder, click the Gear icon (). Learn more in Using the expression builder. You can also use list values in the expression builder to create advanced expressions, such as conditional statements.

      • Select values in the Expression list. Some attributes have metadata that define potential values.

    • To delete a mapping, click the Delete icon ().

  3. Click Save.