On the Unique Group ID screen, create an LDAP filter to resolve groups for SCIM operations. PingFederate uses this expression in conjunction with the Base DN value (defined on the Location screen) to add new groups.

Unique Group ID
Note:

This screen appears only if you are configuring an LDAP user store for provisioning and the User and Group Support option is selected on the Connection Type screen.

  • Enter the statement in the Filter text field.
    The filter is in the form: attribute=${value}
    Note:

    Unlike filters used to retrieve LDAP attributes for adapter mapping, do not enclose the statement in parentheses.

    The left-side variable is an attribute in your user-datastore. Click the link near the lower-left corner of the screen to see a list of available attributes.

    The right side of the filter generally uses one or more attribute values passed in from the SCIM request. Variables for these attributes, including the correct syntax, are listed under SCIM Attributes.

    Tip:

    If you are unfamiliar with writing LDAP queries, please refer to the documentation accompanying your LDAP installation.