Note:

The IdentityStoreUserProvisioner interface has been deprecated since PingFederate 7.3. Developers are encouraged to implement either the IdentityStoreProvisionerWithFiltering or IdentityStoreProvisioner interface.

Implement the IdentityStoreUserProvisioner interface to provision and deprovision users to an external user store.

Tip: The IdentityStoreUserProvisioner interface does not provision or deprovision groups. For group support, see Implementing the IdentityStoreProvisionerWithFiltering interface.

The following Java packages are needed, at a minimum, for implementing this interface:

  • com.pingidentity.sdk.provision
  • com.pingidentity.sdk.provision.exception
  • com.pingidentity.sdk.provision.users.request
  • com.pingidentity.sdk.provision.users.response

For each Identity Store Provisioner implementation, in addition to the methods described under Shared interfaces, you must implement the following:

  • Create user
  • Read user
  • Update user
  • Delete user

Create user

UserResponseContext createUser(CreateUserRequestContext createRequestCtx) 
throws IdentityStoreException

PingFederate invokes the createUser() method of your Identity Store Provisioner in response to create-user requests made to PingFederate services, for example inbound provisioning. This method is responsible for creating the user in the user store managed by the Identity Store Provisioner.

The CreateUserRequestContext will contain all information needed to fulfill the request (for example, user attributes). If the user was successfully provisioned, a UserResponseContext should be returned and contain the user attributes used to provision the user. An IdentityStoreException should be thrown if an error occurred during the creation process. See com.pingidentity.sdk.provision.exception package for different exceptions that can be thrown.

Read user

UserResponseContext readUser(ReadUserRequestContext readRequestCtx)  
throws IdentityStoreException

PingFederate invokes the readUser() method of your Identity Store Provisioner in response to get-user requests made to PingFederate services, for example Inbound Provisioning. This method is responsible for retrieving user data from the user store managed by the Identity Store Provisioner.

The ReadUserRequestContext will contain all information needed to fulfill the request (for example, a user ID). If the user data was successfully retrieved, a UserResponseContext should be returned and contain the user attributes for the user. An IdentityStoreException should be thrown if an error occurred during the retrieval process. See com.pingidentity.sdk.provision.exception package for different exceptions that can be thrown.

Update user

UserResponseContext updateUser(UpdateUserRequestContext updateRequestCtx)
throws IdentityStoreException

PingFederate invokes the updateUser() method of your Identity Store Provisioner in response to update-user requests made to PingFederate services, for example inbound provisioning. This method is responsible for updating the user in the user store managed by the Identity Store Provisioner.

The UpdateUserRequestContext will contain all information needed to fulfill the request (for example, user attributes). If the user data was successfully updated, a UserResponseContext should be returned containing the user's updated attributes. An IdentityStoreException should be thrown if an error occurred during the update process. See com.pingidentity.sdk.provision.exception package for different exceptions that can be thrown.

Delete user

void deleteUser(DeleteUserRequestContext deleteRequestCtx)
throws IdentityStoreException

PingFederate invokes the deleteUser() method of your Identity Store Provisioner in response to delete-user requests made to PingFederate services, such as Inbound Provisioning. This method is responsible for deprovisioning the user in the user store managed by the Identity Store Provisioner.

The DeleteUserRequestContext will contain all information needed to fulfill the request (for example, a user ID). An IdentityStoreException should be thrown if an error occurred during the deprovision process. See com.pingidentity.sdk.provision.exception package for different exceptions that can be thrown.

Note:

The plugin implementation for delete MAY choose not to permanently delete the resource, but MUST return a NotFoundException for all readUser(), updateUser(), and deleteUser() operations associated with the previously deleted Id. In addition, the plugin MUST not consider the deleted user in conflict calculation. For example, a createUser() request for a user with a previously deleted ID should NOT throw a ConflictException.