On the Unique Group ID tab, you can create an LDAP filter to resolve groups for System for Cross-domain Identity Management (SCIM) operations.
PingFederate uses this LDAP filter in conjunction with the Base DN value, defined on the Location tab, to add new groups.
This tab appears only if you are configuring an LDAP user store for provisioning and you have selected the User and Group Support option on the Connection Type tab.
attribute=${value}
where attribute
is an attribute in your
user-datastore and value
is the attribute value or
values passed in from the SCIM request. To see a list of available attributes in your
user-datastore, click View List of Available LDAP Attributes.
Variables for these attributes, including the correct syntax, are listed under
SCIM Attributes.Unlike filters used to retrieve LDAP attributes for adapter mapping, do not enclose the statement in parentheses.
You can reference attribute values in the form of
${attributeName:-defaultValue}
. When specified, it is used at
runtime if the attribute value is not available. Do not use ${
and }
in the default value. This is optional.
If you are unfamiliar with writing LDAP queries, see the documentation accompanying your LDAP installation.