User provisioning is an important aspect of identity federation. When organizations enable SSO for their users, they must ensure that some form of account synchronization is in place. Automated user provisioning features within PingFederate free administrators from having to devise a manual strategy for this.

Provisioning support takes different forms, depending on what role PingFederate plays in an identity federation, and you can configure it either in conjunction with partner SSO connections or separately:

  • IdP sites support automatic provisioning and maintaining user accounts at service provider (SP) sites that have implemented the system for cross-domain identity management (SCIM) or at selected software as a service (SaaS) providers. For more information, see the next section, Outbound provisioning for IdPs.

    For information about SCIM, see

  • When PingFederate is configured as a SP, it supports provisioning and managing user accounts and groups for your own organization automatically by using the standard SCIM protocol or by using identity information received during SSO events from SAML assertions. For more information, see Provisioning for SPs.