Ensure that you have the Users Base DN that defines the users you want to provision. For inbound provisioning, it specifies the source of the users that will be imported into PingOne.

For inbound provisioning rules, we recommend that you use the same Users Base DN value as the user type in the Gateway configuration. This enables users to be authenticated through the LDAP Gateway for syncing passwords. For more information, see Adding a user type.

  1. Go to Integrations > Provisioning.
  2. Click + and then click New rule.
  3. Enter a name and description for the rule. The rule name will appear in the list when you've completed and saved the rule.
  4. Click Create rule.
  5. Click the Source button, and then click the + icon for the appropriate gateway to add it as the source connection. PingOne will be automatically added as the target.

    If you haven’t created the appropriate connection yet, see Creating a connection. You can add disabled connections to a source or target, but the connection must be enabled to enable an associated rule.

  6. Enter the Users Base DN. The Users Base DN specifies the location in the LDAP directory structure where PingOne provisioning will search for users. For users to be found, they must be located under the Users Base DN.
    A stricter Users Base DN will match fewer users in the directory. For example, ou=Users,dc=lab,dc=local is more strict than dc=lab,dc=local because it will match only objects under the Users Organizational Unit.
  7. Click Save.
Adding attribute mapping for inbound provisioning