PingOne

Provisioning configuration change resync behavior

When you change provisioning rule configurations, some changes trigger an automatic full resync, while other changes do not.

The following table describes the resync behavior for the provisioning rule configuration options:

Configuration option Triggers a full resync

Name (connection)

A unique identifier for the connection.

No

Description (connection)

An optional brief characterization of the connection.

No

Configure Authentication (connection)

Includes authentication details based on your connection.

Changes to authentication configurations on a provisioning connection will trigger a resync.

Yes

Configure Preferences (connection)

Includes preference details based on your connection.

Updates to preferences configurations on a provisioning connection will trigger a resync.

Yes

Actions (connection)

Changes to the advanced workflow actions won’t trigger a resync.

For example, when you see a user’s sync status as Partial Sync, the Allow Users to be Updated option is disabled and prevents the user from being fully synced. EnablingAllow Users to be Updateddoes not automatically trigger a resync. Click Resync, to sync the rule and update the user on the target system.

Manually clicking Resync, resyncs all users between the source and target that are part of the provisioning rule.

Learn more in Sync Status

No

User Base DN (LDAP)

Defines the users that you want to provision.

For inbound provisioning, it specifies the source of the users that will be imported into PingOne.

Provisioning supports syncing from LDAP directories. Whenever there are any changes made to a pre-defined Base DN, an auto re-sync will be triggered.

Yes

Name (rule)

A unique identifier for the rule.

No

Description (rule)

An optional brief characterization of the rule.

No

User Filter

A filter used to specify which identities are provisioned, based on factors such as population, group, or other user attributes.

Yes

LDAP Filter

For inbound provisioning through an LDAP gateway, an LDAP filter expression defines the users that will be provisioned.

Yes

Attribute Mapping

Maps PingOne user attributes from attributes in an external identity store.

For outbound provisioning, the mapping is applied to the attribute coming from the PingOne directory before it’s saved to the target identity store.

Yes

PingOne user onboarding

For inbound provisioning, specifies additional options for onboarding new users.

Learn more in Attribute mapping for inbound provisioning.

Yes

Group Provisioning

Syncs groups along with their memberships out of PingOne to a connected SaaS application.

Adding a new group or removing an existing group from the rule triggers a resync.

Learn more in Configuring outbound group provisioning

Yes

Group Name

A unique identifier for the group.

No

User attributes

Determines the types of data that are stored for each user.

When you update a user attribute that is not a part of attribute mapping, it does not trigger a resync.

Learn more in Adding user attributes.

No

When you update a user attribute that is not a part of attribute mapping in Workday, it triggers a sync for that particular user. Other users are not affected.

Resync

Resyncing occurs to all entities, users, and groups. Any entities out of sync will be synchronized with the source.

Click Resync to resync a particular rule.

Yes