If you have chosen to connect PingFederate to a directory server, the Provisioning screen becomes available. On the Provisioning screen, you can optionally enable provisioning of users from your directory server to PingID® . In this configuration, you specify the group where PingFederate should look for member users and update PingID when their email address, first name, or last name has changed. When PingFederate detects that a user has been removed from the specified group or disabled in the directory server, PingFederate sends an update to PingID to disable the PingID service for that account.
It is worth noting that this provisioning capability is designed to manage existing PingID accounts. It does not create new PingID users.