For inbound gateway connections, you can configure an LDAP filter that specifies which
users to provision.
Ensure that you have the Users Base DN that defines the users you want to provision. For
inbound provisioning, it specifies the source of the users that will be imported
into
PingOne.
Note:
For inbound provisioning rules, we recommend that you use the same Users Base
DN value as the user type in the Gateway configuration. This enables users
to be authenticated through the LDAP Gateway for syncing passwords. For more
information, see Adding a user type.
-
Go to .
-
Click + and then click New
rule.
-
Enter a name and description for the rule. The rule name will appear in the
list when you've completed and saved the rule.
-
Click Create rule.
-
Click the Source button, and then click the
+ icon for the appropriate gateway to add it as the
source connection. PingOne
will be automatically added as the target.
Note:
If you haven’t created the appropriate connection yet, see Creating a connection. You can add disabled connections to a
source or target, but the connection must be enabled to enable an
associated rule.
-
Enter the Users Base DN. The Users Base
DN specifies the location in the LDAP directory structure where
PingOne provisioning will search for users. For users to be found, they must be
located under the Users Base DN.
A stricter Users Base DN will match fewer users in the directory. For example,
ou=Users,dc=lab,dc=local is more strict than
dc=lab,dc=local because it will match only objects under
the Users Organizational Unit.
-
Click Save.