PingOne Privilege

Importing users from an identity provider

Users and groups from your existing identity provider (IdP) can be imported into PingOne Privilege using the System for Cross-domain Identity Management (SCIM).

SCIM is an open standard enabling automated user provisioning. Configuring SCIM for PingOne Privilege allows users and groups to synchronize automatically. The IdP remains the source of truth for user identity, and the user table in PingOne Privilege shows the identity source.

Admins can configure SCIM integration with the following identity providers:

Integrating with PingOne using SCIM

This process involves creating a SCIM configuration in PingOne Privilege to generate credentials, and then using those credentials to set up a new application in your PingOne admin console.

Before you begin

  1. In the PingOne Privilege admin console, go to Directory > Identity Providers.

  2. Click Add IDP and select Ping.

  3. Copy the SCIM 2.0 Base URL and an OAuth Bearer Token values. You’ll need them to configure the application in PingOne.

Procedure

  1. In the PingOne admin console, create a SCIM connection.

Integrating with Okta using SCIM

This process involves creating a SCIM configuration in PingOne Privilege to generate credentials, and then using those credentials to set up a new application in your Okta admin console.

Before you begin

  1. In the PingOne Privilege admin console, go to Directory > Identity Providers.

  2. Click Add IDP and select Okta.

  3. Copy the SCIM 2.0 Base URL and an OAuth Bearer Token values. You’ll need them to configure the application in Okta.

Creating and configuring the SCIM application in Okta

  1. In your Okta admin console, go to Applications.

  2. In the app catalog, search for SCIM 2.0 Test App (OAuth Bearer Token) and add it to your organization.

  3. For the application name, enter PingOne Privilege. Click Next, then Done.

  4. Select the newly created PingOne Privilege application to view its details.

  5. On the Provisioning tab and click Configure API Integration.

  6. Select the Enable API integration checkbox.

  7. Paste the SCIM 2.0 Base URL you copied from PingOne Privilege.

  8. Paste the OAuth Bearer Token you copied from PingOne Privilege.

  9. Click Test API Credentials to verify the connection, then click Save.

  10. On the Assignments tab, assign the users and groups that you want to provision to PingOne Privilege.

After assigning users, go back to the PingOne Privilege admin console and verify that the users and groups from Okta now appear in the Users list.

Integrating Azure AD using SCIM

This process involves creating a non-gallery enterprise application in Azure AD and configuring it to use SCIM credentials from PingOne Privilege.

Before you begin

  1. In the PingOne Privilege admin console, go to Directory > Identity Providers.

  2. Click Add IDP and select Azure AD.

  3. Copy the SCIM 2.0 Base URL and OAuth Bearer Token values.

    You’ll need these values to configure the application in Azure AD.

Procedure

  1. In the Azure Active Directory portal, go to Enterprise Applications.

  2. Click New application, then click Create your own application.

  3. Name the application PingOne Privilege and select Integrate any other application you don’t find in the gallery (Non-gallery).

  4. In the application’s menu, go to the Provisioning section.

  5. Set the Provisioning Mode to Automatic.

  6. Under Admin Credentials, in the Tenant URL field, paste the SCIM Base URL that that you generated in PingOne Privilege, and in the Secret Token field, paste the OAuth Token# that that you generated in PingOne Privilege.

  7. Click Test Connection to verify the credentials. Save the provisioning configuration.

  8. Go to Users and groups and assign the users and groups that you want to provision to PingOne Privilege.

The assigned users are now visible in the PingOne Privilege platform.