• User attributes cannot be cleared once set, they can only be updated.
  • Due to a limitation with PingFederate 8.1 and earlier versions, when configuring two SP connections with the same provisioner, the second connection built may be pre-populated with the channel from the first connection. To avoid conflicts, delete this pre-populated channel and create a unique channel for each connection.
  • Cookies must be enabled in the selected browser for SLO to work
  • Updating the mobile attribute requires that the service principal representing the provisioner (the place the user gets the client key and secret) be assigned a role with Company Administrator privileges (using Powershell). See O365 Connector: Mobile attribute updates for more information
  • Updating the Password attribute is not supported
  • User updates containing a manager that has not yet been provisioned / updated by the new version will fail, as the manager will not have the new extended attribute holding their distinguished name from AD
  • If the DoBase64Conversion field is switched to “false”, expect conflicts / failures on federated domains containing pre-existing users provisioned by dirsync / V1.0
  • Only outbound provisioning is supported
  • Syncing with existing groups is not supported
  • SAML SLO is not supported. (WS-Fed SLO is supported and set as default)
  • After deleting a user, Azure AD prevents the same user from being created again due to a conflicting immutableId value. This issue only occurs when Remove Action is set to Delete.