Identifying inbound provisioning group attributes for LDAP - PingFederate - 11.2

PingFederate Server

bundle
pingfederate-112
ft:publication_title
PingFederate Server
Product_Version_ce
PingFederate 11.2
category
Administrator
Administratorguide
Audience
Capability
ContentType
DeploymentMethod
Guide
Product
Productdocumentation
SingleSignonSSO
Software
SystemAdministrator
pf-112
pingfederate
ContentType_ce
Guide
Guide > Administrator Guide
Product documentation

You must identify the datastore attributes you want to provision when writing group information to the datastore.

You can identify these attributes on the Attributes tab.

Screen capture of the Attributes tab.
Note:

This tab only appears if you are configuring an LDAP user store for provisioning and the User and Group Support option is selected on the Connection Type tab.

PingFederate internally manages several attributes that do not require mapping:
  • objectClass
  • objectGUID
  • member

You can override the internal management of objectClass by selecting and mapping it to a System for Cross-domain Identity Management (SCIM) attribute on the Attribute Fulfillment tab. In this case, the values you supply are used. The objectGUID and member attributes cannot be overridden and are ignored if selected.

  1. Select a root object class and an attribute from the lists, and then click Add Attribute.
  2. Repeat the previous step for each attribute requiring provisioning.