Your external datastore acts as the source of data for provisioning. PingFederate also uses an internal datastore to store the state of synchronization between the source datastore and the target datastore.

For more information, see Datastores and Configuring outbound provisioning settings in the PingFederate documentation.

  1. Configure the external datastore that PingFederate will use as the source of user data. For instructions, see Adding a new datastore in the PingFederate documentation.
    Attention: When targeting users and groups for provisioning, exclude the user account that you will use to administer users in your connection to PingOne. This prevents the PingFederate provisioning engine from interfering with the account that provisions users and groups.
  2. Do one of the following:
    • For PingFederate 10.1 or later: go to System > Server > Protocol Settings.
    • For PingFederate 10.0 or earlier:
      1. Go to System > Protocol Settings > Roles & Protocols.
      2. Select Enable Identity Provider IdP Role and Support the Following.
      3. Select Outbound Provisioning. Click Next.
  3. On the Outbound Provisioning tab, select the PingFederate internal datastore. Click Save.
    For help, see Configuring outbound provisioning settings in the PingFederate documentation.