PingOne

The Advanced Identity Cloud PingOne application lets you manage and synchronize data between PingOne and Advanced Identity Cloud.

Configuration requires a PingOne administrator account and a properly configured PingOne environment.

Register the application

In the Advanced Identity Cloud admin console, go to Applications, and click grid_view Browse App Catalog.
In the Browse App Catalog modal, select an application, and click Next.

Select the latest application version.
Review the Application Integration information, and click Next.
In the Application Details window, specify the name, description, application owners, and logo for the application.
To make the application an Authoritative source of identity data, select the Authoritative check box. This option is not available for every application.
Click Create Application.

PingOne requirements

Before you can configure the Advanced Identity Cloud application, you must register an application in PingOne. You need a PingOne environment to complete this procedure:

In your PingOne environment, create a new application:
1. From the menu, expand the Applications node, and click Applications.
2. On the Applications page, click the add button.
3. In the Add Application window, enter the necessary details, select the Worker application type, and click Save.
Show Me
In the Application Name window, enable the application.

Show Me
On the Roles tab, click Grant Roles.
On the Available Responsibilities tab, expand the Identity Data Admin node, select the applicable environment, and click Save.

Show Me
Click the Configuration tab, and make note of the following:
- URLs > Token Endpoint
- General > Client ID
- General > Client Secret
- General > Environment ID
Use these values when you configure provisioning for an Advanced Identity Cloud PingOne application.

Configure provisioning

Configuration requires a PingOne administrator account and a properly configured PingOne environment.

Complete PingOne requirements.
In the Advanced Identity Cloud admin console, on the Provisioning tab:
- If setting up provisioning for the first time, click Set up Provisioning.
- If editing existing settings, in the Connection area, click Settings.

Configure the following fields:

Field Description

Field	Description
Service Uri	The service endpoint URI. The URI top-level domain changes based on region. Learn more in Working with PingOne APIs.
Token Endpoint	The OAuth 2.0 access token endpoint.
Environment Id	The environment identifier for your PingOne environment.
Client Id	The client ID for OAuth 2.0 flow.
Client Secret	The client secret for OAuth 2.0 flow.
Grant Type	The OAuth 2.0 grant type to use (`client_credentials` or `refresh_token`).

Service Uri

The service endpoint URI. The URI top-level domain changes based on region. Learn more in Working with PingOne APIs.

Token Endpoint

The OAuth 2.0 access token endpoint.

Environment Id

The environment identifier for your PingOne environment.

Client Id

The client ID for OAuth 2.0 flow.

Client Secret

The client secret for OAuth 2.0 flow.

Grant Type

The OAuth 2.0 grant type to use (client_credentials or refresh_token).

To use Basic Auth to send the Client Id and Client Secret to PingOne as authorization headers, select Use Basic Auth For OAuth Token Neg. If the option is not selected, the Id and Secret will be sent as form data.

Optionally, click Show advanced settings to set any of the following options:

Field	Description
Maximum Connections	The maximum size of the HTTP connection pool. The default is 10 connections.
Connection Timeout	The timeout for the underlying HTTP connection in seconds. The default is 30 seconds.
Exclude Unmodified	Select this option to synchronize only the modified properties on a target resource.

Field

Description

Maximum Connections

The maximum size of the HTTP connection pool. The default is 10 connections.

Connection Timeout

The timeout for the underlying HTTP connection in seconds. The default is 30 seconds.

Exclude Unmodified

Select this option to synchronize only the modified properties on a target resource.

Click Connect.
Verify the information in the Details tab.

Provision side tabs

The object type determines the side tabs that display on the Provisioning tab. Use the object type list to select an object type, such as Group. Afterward, you can configure properties in the different sub-tabs under the Provisioning tab.

Provisioning tab	Description	Related sections
Details	View and manage an application, including name, ID, and native type.	Select the specific application from Provision settings for an application.
Properties	View and manage properties for the selected object type.	Manage application attributes
Data	View data about the selected object type.	View user access data
Mapping	View and manage mappings from the Advanced Identity Cloud admin console properties to external system properties and from external system properties to the Advanced Identity Cloud admin console properties.	Manage mappings
Reconciliation	Preview mappings on target applications between external systems and the Advanced Identity Cloud admin console, and reconcile the data between the two systems. View and manage rules for the users and groups that use your application. View and manage schedules for Full and Incremental reconciliation.	Reconcile and synchronize end-user accounts
Privacy & Consent	Manage end-user data sharing and synchronization.	Configure end-user data sharing
Rules	View and manage provisioning rules for mappings between Advanced Identity Cloud and a target application.	Manage provisioning rules
Advanced Sync	Create and manage mappings between an identity profile and an application or between applications.	Manage advanced sync

Provisioning tab

Description

Related sections

Details

View and manage an application, including name, ID, and native type.

Select the specific application from Provision settings for an application.

Properties

View and manage properties for the selected object type.

Manage application attributes

Data

View data about the selected object type.

View user access data

Mapping

View and manage mappings from the Advanced Identity Cloud admin console properties to external system properties and from external system properties to the Advanced Identity Cloud admin console properties.

Manage mappings

Reconciliation

Preview mappings on target applications between external systems and the Advanced Identity Cloud admin console, and reconcile the data between the two systems.

View and manage rules for the users and groups that use your application.

View and manage schedules for Full and Incremental reconciliation.

Reconcile and synchronize end-user accounts

Privacy & Consent

Manage end-user data sharing and synchronization.

Configure end-user data sharing

Rules

View and manage provisioning rules for mappings between Advanced Identity Cloud and a target application.

Manage provisioning rules

Advanced Sync

Create and manage mappings between an identity profile and an application or between applications.

Manage advanced sync