If you have chosen to connect PingFederate to a directory server, the Provisioning screen becomes available. On the Provisioning screen, you can optionally enable provisioning of users from your directory server to PingID® . In this configuration, you specify the group where PingFederate should look for member users and update PingID when their email address, first name, or last name has changed. When PingFederate detects that a user has been removed from the specified group or disabled in the directory server, PingFederate sends an update to PingID to disable the PingID service for that account.

It is worth noting that this provisioning capability is designed to manage existing PingID accounts. It does not create new PingID users.

  1. Select the Configure Provisioning check box.
  2. Enter the distinguished name (DN) of the applicable group in the PingID Group DN field.

    The specified group must resides under the hierarchy of the previously defined Search Base value (see Connecting to a directory server).

  3. If you want PingFederate to monitor changes for users through nested group membership, select the Nested check box

    This check box is not selected by default.

  4. Click Next.