A provisioning channel is a mapping configuration between user attributes contained in a source user store and attributes supported or required by the targeted software-service application. You can have multiple channels to the same target as needed, such as if your organization has separate LDAP stores, or different nodes in the same store, for various user groups needing single sign-on (SSO) access and provisioning to the same domain.

Important:

If two different channels have the same group name, the provisioning channel will overwrite the group members in the other channel. For example, channel1 reads from AD1 where user1 is in a group named "Admins," and channel2 reads from AD2 where user2 is in a group also named "Admins." When group membership is provisioned to the same target, channel2 will overwrite the data provisioned by channel1 for the "Admins" group so that user2 will now be in "Admins" in the target.

Tip:

There can be only one provisioning target per connection. If your organization subscribes to multiple provisioning targets for which you need provisioning support, you need a separate service provider (SP) connection for each provisioning target.

Screen capture illustrating the Manage Channels tab in the PingFederate administrative console.

Go to Applications > Integration > SP Connection > Configure Channels. On the Manage Channels tab, you can perform the following tasks:

  • To add a new channel, click Create.

    Alternatively, you can create a new channel by copying an existing channel and making other required changes.

  • To modify existing channel settings, select an existing channel.
  • To remove or cancel the removal request of the existing channel, use the Delete and Undelete workflow.