PingOne

Provisioning configuration change resync behavior

When you change provisioning rule configurations, some changes trigger an automatic full resync, while other changes do not.

The following table describes the resync behavior for the provisioning rule configuration options:

Configuration option Triggers a full resync

Name (connection)

A unique identifier for the connection.

No

Description (connection)

An optional brief description of the connection.

No

Configure Authentication (connection)

Includes authentication details based on your connection.

Changes to authentication configurations on a provisioning connection will trigger a resync.

Yes

Configure Preferences (connection)

Includes preference details based on your connection.

Updates to preferences configurations on a provisioning connection will trigger a resync.

Yes

Actions (connection)

Changes to the advanced workflow actions won’t trigger a resync.

For example, when you see a user’s sync status as Partial Sync, the Allow Users to be Updated option is disabled and prevents the user from being fully synced. Enabling Allow Users to be Updated doesn’t automatically trigger a resync. Click Full Resync to sync the rule and update the user on the target system.

Clicking Full Resync resyncs all users between the source and target that are part of the provisioning rule.

Learn more in Sync Status

No

User Base DN (LDAP)

Defines the users that you want to provision.

For inbound provisioning, it specifies the source of the users that will be imported into PingOne.

Provisioning supports syncing from LDAP directories. Whenever changes are made to a predefined base DN, an auto resync is triggered.

Yes

Name (rule)

A unique identifier for the rule.

No

Description (rule)

An optional brief description of the rule.

No

User Filter

A filter used to specify which identities are provisioned, based on factors such as population, group, or other user attributes.

Yes

LDAP Filter

For inbound provisioning through an LDAP gateway, an LDAP filter expression defines the users that will be provisioned.

Yes

Attribute Mapping

Maps PingOne user attributes from attributes in an external identity store.

For outbound provisioning, the mapping is applied to the attribute coming from the PingOne directory before it’s saved to the target identity store.

Yes

PingOne user onboarding

For inbound provisioning, specifies additional options for onboarding new users.

Learn more in Creating an inbound rule.

Yes

Group Provisioning

Syncs groups along with their memberships out of PingOne to a connected software as a service (SaaS) application.

Adding a new group or removing an existing group from the rule triggers a resync.

Learn more in Configuring outbound group provisioning.

Yes

Group Name

A unique identifier for the group.

No

User attributes

Determines the types of data that are stored for each user.

When you update a user attribute that isn’t a part of attribute mapping, it doesn’t trigger a resync.

Learn more in Adding user attributes.

No

When you update a user attribute that isn’t a part of attribute mapping in Workday, it triggers a sync for that particular user. Other users aren’t affected.

Full Resync

Resyncing occurs to all entities, users, and groups. Any entities out of sync will be synchronized with the source.

Click Full Resync to resync a particular rule.

Inbound connections may take 2-3 minutes for changes to appear. Outbound connections sync immediately.

Yes