--- title: Provisioning Radiant Logic with PingOne description: Provision Radiant Logic in PingOne. component: pingone page_id: pingone:integrations:p1_provisioning_connection_radiant_logic canonical_url: https://docs.pingidentity.com/pingone/integrations/p1_provisioning_connection_radiant_logic.html revdate: February 10, 2026 section_ids: provisioning-capabilities: Provisioning capabilities best-practices: Best practices provisioning-radiant-logic: Provisioning Radiant Logic before-you-begin: Before you begin steps: Steps ldapv3-directory-attributes: LDAPv3 directory attributes default-attribute-mapping-for-ldap-inbound-provisioning: Default attribute mapping for LDAP inbound provisioning ldapv3-default-user-attributes: LDAPv3 default user attributes ldapv3-default-group-attributes: LDAPv3 default group attributes radiant-logic-ldapv3-compliant-directory-type-limitations: Radiant Logic LDAPv3-compliant directory type limitations --- # Provisioning Radiant Logic with PingOne Radiant Logic is a commercial federated identity service, often called a virtual directory server (VDS), that sits on top of existing databases and directories and makes them work together. You can use an LDAPv3-compliant directory connection in PingOne to provision users to your Radiant Logic account. ## Provisioning capabilities | Resource | Capability | Description | Inbound | Outbound | | ---------- | -------------- | ------------------------------------------------------------ | ------- | -------- | | User | Create | Generates a new user record in the destination. | Yes | Yes | | | Read | Retrieves or polls user attributes for synchronization. | Yes | Yes | | | Update | Modifies existing attributes such as `department`. | Yes | Yes | | | Delete | Deletes a user, or temporarily suspends an account. | Yes | Yes | | Group | Create | Provisions a new group in the target application. | Yes | No | | | Rename | Updates the display name or identifier of an existing group. | Yes | No | | | Delete | Removes a group from the target application. | Yes | No | | Membership | Add and remove | Handles additions and removals of users within groups. | Yes | No | ## Best practices * Add **Linked Attributes** to allows relationships between objects such as a `member` and `memberof`. * Add **Referential Integrity** to help automatically maintain relationships among entities, such as between users and groups. ## Provisioning Radiant Logic Configure Radiant Logic provisioning to synchronize users and groups between your LDAP directory and PingOne. ### Before you begin Make sure that you have: * A Radiant Logic administrator account. Learn more in the [RadiantOne Identity Data Platform](https://developer.radiantlogic.com). * Users created and assigned to a group specifically for Radiant Logic provisioning in PingOne. Learn more in [Adding a user](../directory/p1_adduser.html) and [Managing groups](../directory/p1_managing_groups.html). ### Steps 1. In the PingOne admin console, [add an LDAP gateway](p1_add_ldap_gateway.html) and enter the following configurations that apply to your Radiant Logic account: * **LDAP Directory Type**: Select **LDAPv3-compliant Directory Server**. * **LDAP Host Name**: Enter the IP address or host name for the external directory server. * **Port**: Enter `2389`. * **Connection Security**: Select **StartTLS** and click **Allow TLS connections with untrusted certificates**. * **Default Bind DN**: Select **cn=directory manager**. * **Bind Password**: Enter the password for the selected Bind DN. 2. Create an [LDAP provisioning connection for Radiant Logic](p1_create_provisioning_connection_gateway.html) and select the Radiant Logic gateway you created. 3. [Create an inbound rule for a connection through an LDAP gateway](p1_create_inbound_provisioning_rule_gateway.html) or [an outbound rule for a connection through an LDAP gateway](p1_create_outbound_provisioning_rule_gateway.html) and select the existing Radiant Logic connection as the target or source. This is also when you can add a user filter and attribute mapping. | | | | - | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | | For an outbound rule, Active Directory attributes aren't supported.The relative distinguished name (RDN) `uid` or `cn` used for synchronization must be unique across the entire distinguished name (DN). Users or groups with duplicate RDNs won't be provisioned. | 4. Confirm users and groups are successfully provisioned to Radiant Logic. [View the sync status](p1_view_sync_status.html) to review synchronization results and any errors. You can find examples in [Outbound provisioning sync summary examples](p1_outbound_group_provisioning_sync_summary_examples.html). ## LDAPv3 directory attributes The following table lists common LDAPv3 attributes that can be mapped for user provisioning. | Attribute | Description | | -------------------- | ----------------------------------------------------------------------------------------------------------------------------------- | | `uid` (required) | The user name for the user account. Typically mapped to `Username`. | | `sn` | The last name (surname) of the user. Typically mapped to `Family Name`. | | `cn` | The common name for the user account. Typically mapped to `Username`. | | `Given Name` | The first name of the user. | | `Mail` | The email address for the user. | | `Mobile Phone` | The mobile telephone number for the user. | | `Telephone Number` | The telephone number for the user. | | `Title` | The user's title, such as Manager or CEO. | | `Active` | The status of the user account. | | `Password` | The password for the user. | | `Street Address` | The physical address for the user. | | `Postal Code` | The ZIP code or postal code for the user. | | `l` | The user's default location for purposes of localizing things such as currency, date and time format, or numerical representations. | | `st` | The region for the user. | | `Preferred Language` | The primary language for the user. | ## Default attribute mapping for LDAP inbound provisioning ### LDAPv3 default user attributes The following table lists the default attributes for LDAPv3 that can be mapped to PingOne user attributes for user provisioning. | Attribute | Description | | ------------ | ------------------------------------------------ | | `uid` | The user's username. | | `Given Name` | The user's first (given) name. | | `sn` | The user's last name (surname). | | `Mail` | The user's email address. | | `Active` | The status of the user account in PingDirectory. | ### LDAPv3 default group attributes The following table lists the default attributes for LDAPv3 that can be mapped to PingOne user attributes for user provisioning. | Attribute | Description | | ----------- | ------------------- | | `entryUUID` | The group ID. | | `cn` | Group name. | | `dn` | Group display name. | ## Radiant Logic LDAPv3-compliant directory type limitations The following limitations and requirements apply to Radiant Logic. * The `memberOf` attribute is system-generated and doesn't update during real-time sync. It's only updated during a full sync. * You should avoid manually creating system generated or operational attributes, as this can cause data inconsistencies. * Just-in-Time (JIT) provisioning isn't currently supported.