Adding attribute mapping - PingOne - PingOne Cloud Platform

PingOne Cloud Platform

bundle

pingone

ft:publication_title

PingOne Cloud Platform

Product_Version_ce

PingOne

PingOne Cloud Platform

category

Product

p1cloudplatform

ContentType_ce

Page created: 23 Mar 2023 |

Page updated: 10 May 2023

| 2 min read

PingOne Cloud Platform PingOne Product

You can map PingOne user attributes to and from attributes in an external identity store. For inbound provisioning, the mapping is applied to the attribute coming from the source identity store before it is saved to the PingOne directory. For outbound provisioning, the mapping is applied to the attribute coming from the PingOne directory before it is saved to the target identity store.

Go to Connections > Provisioning.
Click the Rules tab.
Find the appropriate rule and click it to show the details panel.
Click the Configuration tab.
Click Attribute mapping.

Note:
You must have a source and target connection configured before you can set up attribute mapping.
Click the pencil icon to edit the attribute mapping.
Review the attribute mappings for the configured identity store. The default attribute mappings for a particular identity store are provided. For more information, see Mapping attributes.
- To add an attribute mapping, click + Add. Enter the source and target attribute.
- To use the expression builder, click the gear icon. See Using the expression builder. You can also use list values in the expression builder to create advanced expressions, such as conditional statements.
- Some attributes have metadata that define potential values. For these attributes, you can choose values from a picklist. For example, for Salesforce attribute mapping, you can see a list of values from Salesforce in the form of a picklist. In the expression builder, enter a single quote to see potential values.
  You can use a switch statement or an if-else to evaluate an expression based on a pattern match.
  For example, to match an accountId attribute, enter the following in the expression builder:
```
#core.switchExpr(#root.accountId, '0000EXAMPLEID', 'Valid' , 'Invalid')
```
  For a switch statement with multiple cases and a match, enter the following in the expression builder.
```
#core.switchExpr(#root.accountId, '0000EXAMPLEID1', 'Full Access', '0000EXAMPLEID2', 'Restricted Access' , '0000EXAMPLEID3', 'Read-only Access', 'No Access')
```
- To delete a mapping, click the trash can icon.
Note:
The default attributes are based on the directory type of the gateway used. For outbound provisioning, the RDN attribute defaults to cn for Active Directory.

For inbound provisioning from Workday and SCIM identity stores, you can specify some additional options for onboarding new users. See Adding attribute mapping for inbound provisioning.
Click Save.

Adding a user filter