Synchronizing existing users

By default, the provisioning connector synchronizes users from the datastore to the target service by matching the mail attribute in the datastore to the Username attribute in the target service. You can change the default mapping in Creating a provisioning connection.

For example:

  • In the target service, Janet's Username is
  • In your datastore, Janet's mail is
  • On the Attribute Mapping tab of your PingFederate channel configuration, you map the Username attribute to mail.
  • When the provisioning connector runs, the datastore user is provisioned with a Username of jsmith. That matches Janet's existing Username in the target service, so her information in the data store is synchronized to her the target service account.

User provisioning

Triggered when a user is added to the datastore group or filter that is targeted by the provisioning connector.

The target is determined by the Source Location tab in the provisioning connection configuration.

User updates

Triggered when a change occurs to a user attribute that is mapped in the provisioning connector configuration.

User deprovisioning

Triggered by any of the following:

  • A user is deleted from the user store.
  • A user is disabled in the user store.
  • A user is removed from the data store filter that is targeted by the provisioning connector.

The Remove User Action setting in the connection configuration determines whether the deprovisioning action disables or deletes the user.