You can configure these capabilities in the Configure PingFederate for provisioning and SSO step of the setup process.

Synchronizing existing users

PingFederate synchronizes users based on the Username attribute in GitHub. If a user already exists in your datastore and GitHub, mapping this attribute correctly links the two records together.

For example:

  • In GitHub, Janet's Username is bjensen@example.com.
  • In your datastore, Janet's mail is bjensen@example.com.
  • On the Attribute Mapping tab of your provisioning connection configuration, you map the Username attribute to mail.
  • When the provisioning connector runs, the datastore user is provisioned with a Username of bjensen@example.com. That matches Janet's existing Username in GitHub, so her information in the datastore is synchronized to her GitHub account.

User provisioning

PingFederate provisions users when one of the following happens:
  • A user is added to the datastore group or filter that is targeted by the provisioning connector.

The Source Location tab of your provisioning connection configuration defines which users PingFederate targets for provisioning.

User updates

PingFederate updates users when a user attribute changes in your datastore.

The Attribute Mapping tab of your provisioning connection configuration defines which attributes PingFederate monitors for changes.

User deprovisioning

PingFederate deprovisions users when one of the following happens:

  • A user is deleted from the user store.
  • A user is disabled in the user store.
  • A user is removed from the datastore group or filter that is targeted by the provisioning connector.