On the Adapter Data Store screen for SP adapter mapping (or the Attribute Retrieval screen for authentication policy contract mapping), you select if and how PingFederate should query a local datastore to help fulfill the attribute contract in conjunction with attribute values from the SSO token.

To determine whether you need to look up additional values, compare the attribute contract against the adapter contract or the authentication policy contract. If the attribute contract does not contain the required information, determine whether a local datastore can supply it.

Alternatively, if you use authentication policies to route users through a series of authentication sources and end each successful policy path with an authentication policy contract (APC), you can configure datastore queries as part of the fulfillment configuration for the applicable APC.


To learn more about authentication policies, see Authentication policies.

  • If the attribute contract contains all the attributes that your application requires, select Use only the attributes available in the SSO assertion.
  • To set up a datastore query, select Use the SSO assertion (or provider claims) to look up additional information and then follow a series of sub tasks to complete the configuration.

    For step-by-step instructions, see Choosing a datastore.

If you are editing a currently mapped adapter instance or APC, you can change the mapping method, which may require additional configuration changes in subsequent tasks.