Configuring SCIM inbound provisioning - PingFederate - 11.3

PingFederate Server

bundle
pingfederate-113
ft:publication_title
PingFederate Server
Product_Version_ce
PingFederate 11.3
category
Administrator
Administratorguide
Audience
Capability
ContentType
DeploymentMethod
Guide
Product
Productdocumentation
SingleSignonSSO
Software
SystemAdministrator
pf-113
pingfederate
ContentType_ce
Guide
Product documentation
Guide > Administrator Guide

In the IdP Connections window, configure System for Cross-domain Identity Management (SCIM) inbound provisioning to provide a two-way mapping of attributes.

The first way facilitates SCIM operations used to create and update records in the datastore. The second way allows the same SCIM client to retrieve those records and have the attribute values mapped back to their corresponding designation in the client store. The dual mapping provides greater flexibility, especially for OGNL-expression transformations (for example, converting two attributes into one multivalued attribute and then back again). For more information, see Writing user information to the datastore and Configuring a SCIM response.

Note:

SCIM-client requests must include authentication credentials, which you configure on the Credentials > Back-Channel Authentication tab. The same credentials needed for single sign-on (SSO), are also used for SCIM transactions.

  1. On the Authentication > Integration > IdP Connections window, create a new IdP connection or select an existing IdP connection.
  2. On the Connection Type tab, select the Inbound Provisioning check box and one of the following options:
    • User Support
    • User and Group Support
  3. On the Inbound Provisioning tab, click Configure Inbound Provisioning to begin the configuration of SCIM inbound provisioning.
    Screen capture of the Inbound Provisioning tab.