Use this feature to authenticate users at PingOne when their credentials are stored in an external directory. You can also use this as a simple solution to migrate identities to the PingOne user store. You can create a gateway that allows PingOne to communicate with external LDAP servers.

When a user signs on to PingOne, if PingOne finds the user in the PingOne directory, then the sign-on flow continues.

If PingOne doesn't find the user in the PingOne directory, and a gateway is configured, then PingOne checks the external user directory.

If an identity matching the username and password is found, then PingOne authenticates the user and can create the identity in the PingOne directory. Each user that is authenticated using a gateway can have their identities added to the PingOne directory.

Supported directories

PingOne LDAP gateways support the following directories.
  • PingDirectory
  • Microsoft Active Directory, with or without Kerberos authentication

    For more information, see Kerberos authentication.

  • Oracle Directory Server Enterprise Edition
  • Oracle Unified Directory
  • CA Directory
  • IBM (Tivoli) Security Directory Server
  • Any LDAP v3-compliant directory server