There are limitations and other constraints to consider when synchronizing changes to a PingOne environment.
Populations
All PingOne user resources must exist within a population.
The PingOne synchronization destination provides the following methods for managing a user's population:
- If a single population is in use, set the configuration attribute
default-population-id
on the sync destination. - If multiple populations are in use, use a constructed attribute mapping.
The following syntax provides an example with a constructed attribute mapping:
dsconfig create-attribute-mapping \
--map-name PingDirectory_to_PingOne_User_Map \
--mapping-name population \
--type constructed \
--set 'value-pattern:{{"id":"[DEFAULT_POPULATION_ID]"}}'
To set the population, construct a valid JSON object.
Multivalued attributes
If your incoming data is in JSON format, configure your PingOne multivalued attribute as JSON and use a JSON attribute mapping.
If your incoming data is not in JSON format, you can configure your PingOne multivalued attribute as JSON and use a
constructed attribute mapping. Otherwise, you will need to configure your PingOne multivalued attribute as
DECLARED
and use a direct attribute mapping.
Direct attribute mapping does not work with JSON multivalued PingOne attributes even with an attribute with the same name and value in PingDirectory.