Make sure you have the following in place:

When PingFederate is deployed off-premise, as a PingOne Advanced Service or in your own cloud deployment, you can configure the PingOne LDAP Gateway datastore to enable PingFederate to access an on-premise LDAP directory for HTML Form Adapter functionality, provisioning, customer identity access management (CIAM), and other areas.

Note:

Currently, you cannot use the PingOne LDAP Gateway for grant storage, persistent authentication sessions, and OAuth client records. All other LDAP datastore functionality works in the same way as the direct LDAP datastore.

  1. Go to System > Data & Credential Stores > Data Stores.
  2. In the Data Stores window, click Add New Data Store.
  3. On the Data Store Type tab, enter a name for the datastore in the Name field.
  4. In the Type list, select PingOne LDAP Gateway.
  5. Optional: To mask attribute values returned from this datastore in PingFederate logs, select the Mask Values in Log check box.
  6. Click Next.
  7. In the LDAP Gateway Configuration window, configure your LDAP Gateway as follows.
    1. In the PingOne Environment list, select your PingOne environment.
    2. In the PingOne LDAP Gateway list, select your PingOne LDAP gateway.
  8. Click Test Connection to determine whether the administrative node can communicate with the specified datastore.
    Note:

    Datastore validation is no longer enabled during configuration. This feature lets you configure datastores without requiring a successful connection between the administrative node and the datastore. You can also save the datastore even if the connection is not currently successful.

  9. Click Advanced if you want to configure LDAP attributes to be handled as binary data.
  10. Click Next to view the summary of your LDAP gateway datastore configuration.
  11. Click Save.