Adding attribute mapping for outbound provisioning - PingOne Cloud Platform - PingOne

PingOne Cloud Platform
bundle
pingone
ft:publication_title
PingOne Cloud Platform
Product_Version_ce
PingOne Cloud Platform
PingOne
category
Administratorguide
ContentType
Guide
Product
Productdocumentation
p1
p1cloudplatform
ContentType_ce
Guide
Product documentation
Guide > Administrator Guide

You can map PingOne user attributes from attributes in an external identity store. For outbound provisioning, the mapping is applied to the attribute coming from the PingOne directory before it is saved to the target identity store.

  1. Go to Integrations > Provisioning.
  2. Click the Rules tab.
  3. Find the appropriate rule and click it to show the details panel.
  4. Click the Configuration tab.
  5. Click Attribute mapping.
    Note:

    You must have a source and target connection configured before you can set up attribute mapping.

  6. Click the pencil icon to edit the attribute mapping.
  7. Review the attribute mappings for the configured identity store. The default attribute mappings for a particular identity store are provided. For more information, see Mapping attributes.
    • To add an attribute mapping, click + Add. Enter the source and target attribute.
    • To use the expression builder, click the gear icon. See Using the expression builder. You can also use list values in the expression builder to create advanced expressions, such as conditional statements.
    • Some attributes have metadata that define potential values. For these attributes, you can choose values from a picklist. For example, for Salesforce attribute mapping, you can see a list of values from Salesforce in the form of a picklist. In the expression builder, enter a single quote to see potential values.

      You can use a switch statement or an if-else to evaluate an expression based on a pattern match.

      For example, to match an accountId attribute, enter the following in the expression builder:
      #core.switchExpr(#root.accountId, '0000EXAMPLEID', 'Valid' , 'Invalid')
      For a switch statement with multiple cases and a match, enter the following in the expression builder.
      #core.switchExpr(#root.accountId, '0000EXAMPLEID1', 'Full Access', '0000EXAMPLEID2', 'Restricted Access' , '0000EXAMPLEID3', 'Read-only Access', 'No Access')
    • To delete a mapping, click the trash can icon.
    Note:

    The default attributes are based on the directory type of the gateway used. For outbound provisioning, the RDN attribute defaults to cn for Active Directory.

    For inbound provisioning from Workday and SCIM identity stores, you can specify some additional options for onboarding new users. See Adding attribute mapping for inbound provisioning.

  8. Click Save.
Adding a user filter