In this configuration, you specify the group where PingFederate Bridge should look for member users and update PingOne for Enterprise when their email address, first name, or last name has changed. When PingFederate Bridge detects that a user has been removed from the specified group or disabled in the directory server, PingFederate Bridge sends an update to PingOne for Enterprise to disable the PingOne for Enterprise service for that account.

  1. Select Configure Provisioning.
  2. Under Group DN, enter the distinguished name (DN) of the group for which you are configuring user provisioning.
    The specified group must reside under the hierarchy of the previously defined Search Base value (as described in Connecting PingFederate Bridge to a directory server).
  3. Select Nested if you want PingFederate Bridge to monitor changes for users through nested group membership.
  4. Click Next.