To use PingFederate for provisioning and single sign-on, configure an external datastore and set a SAML entity ID.
For more information, see Datastores and Configuring outbound provisioning settings in the PingFederate documentation.
Important:
When targeting users and groups for provisioning, exclude the user account that you will use to administer users in your connection to the target service.
This prevents the PingFederate provisioning engine from interfering with the account that provisions users and groups.