If you have chosen to connect PingFederate to a directory server, the Provisioning tab becomes available.
On the Provisioning tab, you have the option to enable provisioning of users from your directory server to PingID. In this configuration, specify the group where PingFederate should look for member users and update PingID when their email address, first name, or last name has changed.
This provisioning capability is designed to manage existing PingID accounts. It does not create new PingID users. When PingFederate detects that a user has been removed from the specified group or disabled in the directory server, PingFederate sends an update to PingID to disable the PingID service for that account.
- Select the Configure Provisioning check box.
In the PingID Group DN field, enter the distinguished name
(DN) of the applicable group.
The specified group must reside under the hierarchy of the previously-defined Search Base value.
- If you want PingFederate to monitor changes for users through nested group membership, select the Nested check box. Click Next.