To use PingFederate for provisioning, configure an external datastore.
Your external datastore acts as the source of data for provisioning. PingFederate also uses an internal datastore to store the state of synchronization between the source datastore and the target datastore.
For more information, see Datastores in the PingFederate documentation.
Configure the datastore for PingFederate to use as the source of user data.
For instructions, see Datastores in the PingFederate documentation.Tip:
When targeting users and groups for provisioning, exclude the user account that you will use to administer users in your connection to PingOne for Enterprise. This prevents the PingFederate provisioning engine from interfering with the account that provisions users and groups.
Do one of the following:
- For PingFederate 10.1 or later: Go to .
- For PingFederate 10.0 or earlier: Enable the identity provider (IdP) and
outbound provisioning roles:
- Go to .
- Select Enable Identity Provider IdP Role and Support the Following.
- Select Outbound Provisioning. Click Next.
On the Outbound Provisioning tab, select the PingFederate internal datastore.
For help, see Configuring outbound provisioning settings in the PingFederate documentation.