In this configuration, you specify the group where PingFederate Bridge should look for member users and update PingID when their email address, first name, or last name has changed. When PingFederate Bridge detects that a user has been removed from the specified group or disabled in the directory server, it sends an update to PingID to disable the PingID service for that account.

  1. Select Configure Provisioning.
  2. Under PingID Group DN, enter the distinguished name (DN) of the group for which you are configuring user provisioning.
    The specified group must reside under the hierarchy of the previously defined Search Base value (as described in Connecting PingFederate Bridge to a directory server).
  3. Select Nested if you want PingFederate Bridge to monitor changes for users through nested group membership.
  4. Click Next.