Known issues

There are no known issues.

Known limitations

SP connections
  • In PingFederate 8.1 and earlier, when you configure a second SP connection with the provisioning connector, the second connection may be pre-populated with the channel from the first connection. To avoid conflicts, remove this pre-populated channel and create a unique channel for each connection.
  • The Unique User Identifier cannot be changed in an SP connection configuration. To change to a different Unique User Identifier, delete the existing connection, restart PingFederate, and then create a connection with the new Unique User Identitier.
  • All SP connections with the same target must use the same Unique User Identifier. If multiple SP connections are created for the same target, every subsequent connection will use the Unique User Identifier configured in the first connection that was created.
  • The connector has a limit of one value per type (home, work, other, etc.) for multi-value attributes (email, phone, address).
  • If the SaaS does not specify type or primary information on multi-value attributes (email, phone, address), unexpected behavior can occur. During an update, existing attributes on the SaaS may not be removed, and the desired value may not be correctly set as primary.
  • The connector cannot clear a user attribute once it has been set.
  • If the target application supports two email attributes and one attribute is empty, the connector populates both attributes with the email address and sets both as "primary". This can produce unexpected effects in some target applications.
  • This connector does not support Patch updates to SCIM-enabled target applications.
  • When an LDAP user is deleted in a targeted group distinguished name (DN), the provisioning connector does not propagate the deletion until a new user is added to the group. This limitation is compounded when the User Create provisioning option is disabled. For solutions, see SaaS provisioner does not remove the user in the Knowledge Base.
  • SCIM-compliant service providers may implement or interpret the SCIM standards differently which may result in behaviour that is not consistent with the SCIM Provisioner intended use.