---
title: REST certified provisioners
description: REST-certified provisioners in PingOne enable provisioning between PingOne and Zendesk.
component: pingone
page_id: pingone:integrations:p1_provisioning_rest_certified_provisioners
canonical_url: https://docs.pingidentity.com/pingone/integrations/p1_provisioning_rest_certified_provisioners.html
llms_txt: https://docs.pingidentity.com/pingone/llms.txt
docs_for_agents: https://developer.pingidentity.com/build-with-ai/docs-for-agents.md
revdate: June 8, 2026
section_ids:
  provisioning-zendesk-with-a-rest-connection-using-pingone: Provisioning Zendesk with a REST connection using PingOne
  provisioning-capabilities: Provisioning capabilities
  before-you-begin: Before you begin
  steps: Steps
  zendesk-object-attributes: Zendesk object attributes
  example-rest-zendesk-schemas: Example REST-Zendesk schemas
---

# REST certified provisioners

You can use a REST connection to enable provisioning between PingOne and a REST-based target system. This allows you to import users into PingOne and provision users and groups from PingOne to REST endpoints.

## Provisioning Zendesk with a REST connection using PingOne

As a REST-certified provisioner, Zendesk enables you to configure this provisioning framework to sync users and groups between PingOne and Zendesk.

### Provisioning capabilities

| Resource   | Capability     | Description                                                  | Inbound | Outbound |
| ---------- | -------------- | ------------------------------------------------------------ | ------- | -------- |
| User       | Create         | Generates a new user record in the destination.              | Yes     | Yes      |
|            | Read           | Retrieves or polls user attributes for synchronization.      | Yes     | Yes      |
|            | Update         | Modifies existing attributes, such as `job title`.           | Yes     | Yes      |
|            | Delete         | Deletes a user or temporarily suspends an account.           | Yes     | Yes      |
| Group      | Create         | Provisions a new group in the target application.            | No      | Yes      |
|            | Rename         | Updates the display name or identifier of an existing group. | No      | Yes      |
|            | Delete         | Removes a group from the target application.                 | No      | Yes      |
| Membership | Add and remove | Handles additions and removals of users within groups.       | No      | No       |

### Before you begin

Make sure that you have:

* Administrator access to the Zendesk application you want to provision against.

* The following from your Zendesk account for OAuth or token authentication:

  * **Client ID**

  * **Client Secret**

  * **Token Endpoint**

  * **Grant Type**

  * **Scope**

  * **Authorization Token Prefix**

  * **Auth Token**

* User and group schema definitions that you can upload in the **Object Types** section in PingOne.

* Users assigned to a specific population or group in PingOne designated for Zendesk provisioning. Learn more in [Adding a user in PingOne](../directory/p1_adduser.html) and [Managing groups](../directory/p1_managing_groups.html).

### Steps

1. In the PingOne admin console, create a [REST](p1_provisioning_connection_rest.html) provisioning connection to Zendesk.

   Configure the REST connection with the following values specific to your Zendesk account:

   * **Name**: Enter a name for your connection, such as `Zendesk REST Provisioning`.

   * **Description** (optional): Enter a description for your Zendesk provisioning connection.

   * **Authentication Method**: Select one of the following:

     * **OAUTH**: Enter the following:

       | Configuration        | Example                                                                                                                             |
       | -------------------- | ----------------------------------------------------------------------------------------------------------------------------------- |
       | **Service URI**      | `https://api.example.com`                                                                                                           |
       | **Client ID**        | `example-client-id`                                                                                                                 |
       | **Client Secret**    | `example-client-secret`                                                                                                             |
       | **Token Endpoint**   | `https://api.example.com/oauth/token`                                                                                               |
       | **Grant Type**       | Select **client\_credentials** or **refresh\_token**. When **refresh\_token** is selected, the **Refresh Token** field is required. |
       | (Optional) **Scope** | `read write`                                                                                                                        |

     * **TOKEN**: Enter the following:

       * **Service URI**:`https://api.example.com`

       * **Authorization Token Prefix**: `Bearer`

       * **Auth Token**: `example-auth-token`.

   * In the **User Actions** section, select the following as needed:

     | Field                        | Description                                                                                                                                                                                                                                                                                                                                                                                                                         |
     | ---------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
     | **Enable users creation**    | Creates a user in the target identity store when the user is created in the source identity store.                                                                                                                                                                                                                                                                                                                                  |
     | **Enable users updation**    | Updates user attributes in the target identity store when the user is updated in the source identity store.                                                                                                                                                                                                                                                                                                                         |
     | **Enable users deprovision** | Deprovisions a user in the target identity store when the user is deprovisioned in the source identity store. If **Enable users deprovision** is selected, the following options appear:- **Remove Action**: Removes or disables a user in the target identity store when the user is deleted in the source identity store.

     - **Deprovision on rule deletion**: Deprovisions users if the associated provisioning rule is deleted. |

   * In the **Object Types** section for the REST connection, upload or define the schema for the **User Object** or **Group Object**. Learn more in [Provisioning REST with PingOne](p1_provisioning_connection_rest.html).

2. [Create an outbound rule](p1_create_provisioning_rule_outbound.html) and select the Zendesk connection as the target. This is also when you can add a user filter and attribute mapping.

3. Confirm users and groups are successfully provisioned to Zendesk. [View the sync status](p1_view_sync_status.html) to review synchronization results and any errors. You can find examples in [Outbound provisioning sync summary examples](p1_outbound_group_provisioning_sync_summary_examples.html).

## Zendesk object attributes

The following table lists example attributes that can be mapped for user provisioning:

| Attribute | Description                                     |
| --------- | ----------------------------------------------- |
| `name`    | The display name for the Zendesk user or group. |
| `email`   | The primary email address for the Zendesk user. |
| `phone`   | The phone number for the Zendesk user.          |

## Example REST-Zendesk schemas

The following are examples of user and group schemas. Use the most current schema supported by your environment.

> **Collapse: User schema**
>
> ```json
> {
>   "schema": [
>     {
>       "fieldName": "name",
>       "type": "STRING",
>       "flags": ["REQUIRED"]
>     },
>     {
>       "fieldName": "email",
>       "type": "STRING",
>       "flags": []
>     },
>     {
>       "fieldName": "role",
>       "type": "STRING",
>       "flags": []
>     },
>     {
>       "fieldName": "alias",
>       "type": "STRING",
>       "flags": []
>     },
>     {
>       "fieldName": "timezone",
>       "type": "STRING",
>       "flags": []
>     },
>     {
>       "fieldName": "external_id",
>       "type": "STRING",
>       "flags": []
>     },
>     {
>       "fieldName": "suspended",
>       "type": "BOOLEAN",
>       "flags": []
>     },
>     {
>       "fieldName": "phone",
>       "type": "STRING",
>       "flags": []
>     },
>     {
>       "fieldName": "verified",
>       "type": "BOOLEAN",
>       "flags": []
>     }
>   ],
>   "operations": {
>     "CREATE": {
>       "method": "post",
>       "path": "api/v2/users.json",
>       "idPath": "user.id",
>       "requestMapping": {
>         "name": "user.name",
>         "email": "user.email",
>         "role": "user.role",
>         "alias": "user.alias",
>         "timezone": "user.timezone",
>         "external_id": "user.external_id",
>         "suspended": "user.suspended",
>         "phone": "user.phone",
>         "verified": "user.verified"
>       },
>       "requestBody": {
>         "user": {}
>       }
>     },
>     "GET": {
>       "method": "get",
>       "path": "api/v2/users/{uid}.json",
>       "idPath": "user.id",
>       "namePath": "user.email",
>       "responseMapping": {
>         "name": "user.name",
>         "email": "user.email",
>         "role": "user.role",
>         "alias": "user.alias",
>         "timezone": "user.timezone",
>         "external_id": "user.external_id",
>         "suspended": "user.suspended",
>         "phone": "user.phone",
>         "verified": "user.verified"
>       }
>     },
>     "UPDATE": {
>       "method": "put",
>       "path": "api/v2/users/{uid}.json",
>       "idPath": "user.id",
>       "requestMapping": {
>         "name": "user.name",
>         "email": "user.email",
>         "role": "user.role",
>         "alias": "user.alias",
>         "timezone": "user.timezone",
>         "external_id": "user.external_id",
>         "suspended": "user.suspended",
>         "phone": "user.phone",
>         "verified": "user.verified"
>       },
>       "requestBody": {
>         "user": {}
>       }
>     },
>     "DELETE": {
>       "method": "delete",
>       "path": "api/v2/users/{uid}.json"
>     },
>     "QUERY": {
>       "method": "get",
>       "path": "api/v2/users.json",
>       "idPath": "id",
>       "namePath": "name",
>       "pagination": {
>         "pageSizePagination": {
>           "type": "param",
>           "param": "page[size]={_pageSize}"
>         },
>         "cookiePagination": {
>           "type": "param",
>           "param": "page[after]={_pagedResultsCookie}"
>         },
>         "pagedResultsCookie": {
>           "type": "body",
>           "path": "$.meta.after_cursor"
>         }
>       },
>       "responseMapping": {
>         "$.users": {
>           "id": "id",
>           "email": "email",
>           "name": "name",
>           "role": "role",
>           "suspended": "suspended",
>           "alias": "alias",
>           "timezone": "timezone",
>           "external_id": "external_id",
>           "phone": "phone",
>           "verified": "verified"
>         }
>       }
>     }
>   }
> }
> ```

> **Collapse: Group schema**
>
> ```json
> {
>             "schema": [
>                 {
>                     "fieldName": "name",
>                     "type": "STRING",
>                     "flags": []
>                 }
>             ],
>             "operations": {
>                 "CREATE": {
>                     "method": "post",
>                     "path": "api/v2/groups.json",
>                     "idPath": "group.id",
>                     "requestMapping": {
>                         "name": "group.name"
>                     },
>                     "requestBody": {
>                         "group": {}
>                     }
>                 },
>                 "GET": {
>                     "method": "get",
>                     "path": "api/v2/groups/{uid}.json",
>                     "idPath": "group.id",
>                     "namePath": "group.name",
>                     "responseMapping": {
>                         "name": "group.name"
>                     }
>                 },
>                 "UPDATE": {
>                     "method": "put",
>                     "path": "api/v2/groups/{uid}.json",
>                     "idPath": "group.id",
>                     "requestMapping": {
>                         "name": "group.name"
>                     },
>                     "requestBody": {
>                         "group": {}
>                     }
>                 },
>                 "DELETE": {
>                     "method": "delete",
>                     "path": "api/v2/groups/{uid}.json"
>                 }
>             },
>             "exceptions": {
>                 "NOT_FOUND": [
>                     {
>                         "code": "404",
>                         "messageErrorPath": "error",
>                         "regularExpression": ".*"
>                     }
>                 ],
>                 "ALREADY_EXIST": [
>                     {
>                         "code": "422",
>                         "messageErrorPath": "description",
>                         "regularExpression": ".*"
>                     }
>                 ],
>                 "BAD_REQUEST": [
>                     {
>                         "code": "400",
>                         "messageErrorPath": "error",
>                         "regularExpression": ".*"
>                     }
>                 ]
>             }
>         }
> ```
