Defining mapping information for a standard attribute - PingFederate - 11.1

PingFederate Server

PingFederate Server
PingFederate 11.1

  • Go to Applications > Integration > SP Connections to open the SP Connections configuration window.
  • To edit an existing SP Connection, open an SP Connection by clicking on its name in the Connection Name column.
  • On the Outbound Provisioning tab, click Configure Provisioning to open the Configure Channels configuration window.
    Note: The Outbound Provisioning tab, is only visible after you select the OutBound Provisioning check box and the type in the Type list, on the Connection Type tab.
  • Go to the Manage Channels tab.
  • Click the name of the channel to edit it.

    If you have specified any custom attributes, they are listed at the end of the Attribute Mapping configuration.

  1. On the Attribute Mapping tab, click Edit in the Action column for the Field Name whose attributes you want to map.
  2. Select the class containing a user-store attribute in the Root Object Class column that you want to map to the provisioning attribute shown in the Field Name column.

    For some fields, you might not need to map specific user attributes. If so, supply a value in the Default Value field, skip this step, and go to step 5. For certain attributes, you can specify LDAP attributes and a default value, as needed.

  3. Select the source attribute from the class in the Attribute column. Click Add Attribute.

    If the selected source attribute is binary, ensure that the selected attribute is set as a binary attribute in the source LDAP datastore. For more information, see Setting advanced LDAP options.

  4. Repeat the previous steps to add additional applicable attributes to use in a mapping expression.

    You must add an attribute for it to be used in an expression.

  5. Optional: If one or more attributes are specified: go to the Value Definition section, and in the Default Value field, enter or select a default value.

    If you have specified any custom attributes, they are listed at the end of the Attribute Mapping configuration.

    A list appears for this field if the vendor requires a choice among specified values. When an expression is also supplied, the default value is sent during provisioning if an error occurs when evaluating the expression.

  6. If more than one attribute is used for mapping fields other than LDAP Attributes Map, in the Value Definition section, enter an expression.
    1. To create and validate the expression for the Expression field, click Edit.
  7. Select one or more processing options.
    Processing optionDescription
    Create Only
    The field is provisioned only once and not subsequently updated.

    For SCIM, the Password attribute should be passed only when creating a user or updating the password. Select Create Only to limit when the Password attribute is passed.

    Trim Removes any white space from the attribute values.
    Mask Log Values Determines whether sensitive information, such as the Password attribute, will be masked in PingFederate log files.
    Upper Case, Lower Case, or None Transforms the attribute values to the case indicated unless the default, None option, is selected.
    Parsing > Extract CN from DN For attributes in the form of a distinguished name (DN), such as Group DNs in Active Directory, maps only the common name portion of the DN.
    Parsing > Extract Username from Email For attributes containing an email address, maps only the username.
  8. Click Done.