PingOne for Enterprise Release Notes

Clearing fields on updates is not supported.

Multivalued attributes (e.g. emails or addresses) are not supported. Multiple values appear as a single array value in PingOne.

Custom attributes are set when the user is initially created and are never updated.

User attributes cannot be cleared after they have been set. They can only be updated.

Outbound Group Provisioning and Memberships are not supported.

Patch updates to SCIM-enabled target applications are not supported.

There is a limit of one value per type (such as home, work, or other) for multivalue attributes such as email, phone, and address.

Unexpected behavior may occur if the SaaS does not specify either type and primary information, or both type and primary information for multivalue attribute such as such as email, phone, and address. Also, existing SaaS attributes might not be removed during an Update, and the desired value might not be correctly set as primary.

SCIM-compliant service providers can implement or interpret SCIM standards differently, which can result in behavior that is not consistent with the intended use of the SCIM SaaS Provsioner.

Clearing fields on updates is not supported.

Multivalued attributes (e.g. emails or addresses) are not supported. Multiple values appear as a single array value in PingOne.

Custom attributes are set when the user is initially created, and are never updated.

Outbound Group Provisioning and Memberships are not supported.

User attributes cannot be cleared after they have been set. They can only be updated.

When provisioning to ServiceNow, all user accounts in ServiceNow must have a username (User ID).

When provisioning users, the username attribute must only contain URL-safe characters.

When synchronizing roles with users, the role attribute must contain only URL-safe characters.

If a new user is created with the same username as an existing user, a duplicate user will not be created. Instead, the existing user will be updated with any information in the create.

Due to limitations with the ServiceNow API, a role can be added to a user, but not removed. This may cause a user’s role in the source datastore to become out-of-sync with the user’s role in ServiceNow.

When mapping the roles attribute, multiple additional calls to ServiceNow must be made to sync user role. This may impact provisioning performance.

For departments that contain the ^ character in the name, the ServiceNow API causes the creation of multiple departments with the same name.

For the department and location parameters, the ServiceNow API ignores capitalization. When provisioning a user that matches multiple departments or locations in ServiceNow (such as Accounting and accounting), PingFederate provisions the user with an empty department or location attribute and logs an error in provisioner.log.

The city attribute mapping is not supported for the local repository.

Outbound Group Provisioning and Memberships are not supported.

User attributes cannot be cleared after they have been set. They can only be updated.

When provisioning to ServiceNow, all user accounts in ServiceNow must have a username (User ID).

When provisioning users, the username attribute must only contain URL-safe characters.

When synchronizing roles with users, the role attribute must contain only URL-safe characters.

If a new user is created with the same username as an existing user, a duplicate user will not be created. Instead, the existing user will be updated with any information in the create.

Due to limitations with the ServiceNow API, a role can be added to a user, but not removed. This may cause a user’s role in the source datastore to become out-of-sync with the user’s role in ServiceNow.

When mapping the roles attribute, multiple additional calls to ServiceNow must be made to sync user role. This may impact provisioning performance.

For departments that contain the ^ character in the name, the ServiceNow API causes the creation of multiple departments with the same name.

For the department and location parameters, the ServiceNow API ignores capitalization. When provisioning a user that matches multiple departments or locations in ServiceNow (such as Accounting and accounting), PingFederate provisions the user with an empty department or location attribute and logs an error in provisioner.log.

Added support for the addressFormatted user attribute.

Fixed an issue that caused new users not to be provisioned with group membership.

Fixed an issue that caused users not to be disabled by a disable deprovision action.

Clearing fields on updates is not supported.

Outbound Group Provisioning and Memberships are not supported.

Patch updates to SCIM-enabled target applications are not supported.

There is a limit of one value per type (such as home, work, or other) for multivalue attributes such as email, phone, and address.

Unexpected behavior may occur if the SaaS does not specify either type and primary information, or both type and primary information for multivalue attribute such as such as email, phone, and address. Also, existing SaaS attributes might not be removed during an Update, and the desired value might not be correctly set as primary.

SCIM-compliant service providers can implement or interpret SCIM standards differently, which can result in behavior that is not consistent with the intended use of the SCIM SaaS Provsioner.

The Zoom Provisioner does not support group provisioning.

User attributes cannot be cleared once set. They can only be updated.

Zoom only allows a single value for the Roles attribute.

Deleting the administrative user that is set up for provisioning may lead to undesired consequences. The provisioner makes the administrative user the owner and member of each group that is created by the provisioner. We recommend not deleting the administrative user and not managing this user through the provisioner.

Zoom does note allow attribute updates for users with a "disabled" status. To update attributes, re-enable the user first.

Zoom does not allow users with the admin role to be disabled or deleted. Change the user’s role first.

Outbound Group Provisioning and Memberships are not supported.

User attributes cannot be cleared once set. They can only be updated.

When provisioning to ServiceNow, all user accounts in ServiceNow must have a username (User ID). This is not a required field in ServiceNow, but it is required for provisioning to work due to the provisioner using this field to sync with pre-existing users in ServiceNow. If a user in ServiceNow resolves to sAMAccountName (the "standard" mapping in the provisioning channel), then the accounts will be linked. Currently, if users exist in ServiceNow without a username that will cause errors in provisioning. You can resolve this by ensuring every user has the username field populated even if they are not intended to be managed by the provisioner.

When provisioning users, the username attribute must only contain URL-safe characters.

When synchronizing roles with users, the role attribute must contain only URL-safe charcters.

If a new user is created with the same username as an existing user, a duplicate user will not be created. Instead, the existing user will be updated with any information in the create.

Due to limitations with the ServiceNow API, a role can be added to a user, but not removed, which may cause a user’s role in the source datastore to become out-of-sync with the user’s role in ServiceNow. For more information, see Adding the Ping Identity provisioning role in ServiceNow.

When mapping the roles attribute multiple additional calls to ServiceNow must be made to sync user role. This may impact provisioning performance.

For departments that contain the ^ character in the name, the ServiceNow API causes the creation of multiple departments with the same name.

For the department and location objects, the ServiceNow API ignores capitalization. When provisioning a user that matches multiple departments or locations in ServiceNow (such as Accounting and accounting), PingFederate provisions the user with an empty department or location attribute and logs an error in provisioner.log.

Added the ability to disable and delete users

Added the ability to provision disabled users

Added the ability to remove user actions

Added support for Google Admin SDK 1.32.1

User attributes cannot be cleared once set.

Google does not properly handle creating users with an invalid addressCountry value.

The Provisioner sends the value of work for the Organization type. However Google does not retain this value. and as a result the Organization type has no value.

Google treats certain user attributes as complex data sets: