PingFederate allows you to create custom Identity Store Provisioners to bridge the inbound SCIM processing of PingFederate to your own user store. For example, you might need to create a custom Identity Store Provisioner that works with an application-specific user database schema.

Using the Software Developer Kit for PingFederate, you can create and test these custom Identity Store Provisioners (see the PingFederate SDK Developer's Guide ).

To support custom attributes, you must add the schema extension and the custom attributes to the IdP connection. Furthermore, you need to take the expected data structure of the custom attributes into consideration when implementing the IdentityStoreProvisioner interface and its methods. In other words, your methods must be able to create, read, update, and delete/deactivate the custom attributes (and their sub-attributes if the custom attributes are Complex Attributes) to and from your user store. For more information about custom attributes, complex attributes, and other attribute types, see Defining custom SCIM attributes and SCIM 1.1 Core Schema (


The Identity Store Provisioner option is active only after you enable the Inbound Provisioning protocol on the System > Protocol Settings > Roles & Protocols screen (see Choosing Roles and Protocols).


Automatic multi-connection error checking occurs by default whenever you access this screen. The intent is to verify that configured connections have not been adversely affected by changes made here.

If you experience noticeable delays in accessing this page, you can optionally disable automatic connection validation on the System > Server > General Settings page.