1. Go to Integrations > Provisioning.
  2. Click the Rules tab.
  3. Find the appropriate rule and click it to show the rule details.
  4. Click the Configuration tab.
  5. Click the User filter button.

    Inbound provisioning rules have an LDAP filter rather than a User filter. See Adding an LDAP filter.

  6. Click the pencil icon to edit the filter.
  7. Define the filter that determines which identities are provisioned. For more information, see Example user filters.
  8. Enter the first condition:
    • Select All or Any to determine how the linked conditions will be evaluated: Boolean logical AND or OR.
    • Attribute. The user attribute to filter on.
    • Operator. Equals. Equals is the only operator supported at this time.
    • Value. Enter the appropriate value.
    • For outbound provisioning rules, you must specify either a population or a group to define the users to be provisioned.
    • If you select a group in the filter, then updating or deleting the group can cause the provisioning rule to re-sync.
    • If you select a group in the filter, the filter will include all users with any kind of membership in the group, whether direct, dynamic membership based on a user filter, or inherited from parent groups. For more information, see Groups.
  9. If needed, click Add + to add another condition or condition set.
  10. Continue adding conditions or condition sets as needed.
  11. Click Save.