For inbound gateway connections, you can configure an LDAP filter that specifies which users to provision.
For inbound provisioning rules, we recommend that you use the same Users Base DN value as the user type in the Gateway configuration. This enables users to be authenticated through the LDAP Gateway for syncing passwords. For more information, see Adding a user type.
- Go to .
- Click + and then click New rule.
- Enter a name and description for the rule. The rule name will appear in the list when you've completed and saved the rule.
- Click Create rule.
Click the Source button, and then click the
+ icon for the appropriate gateway to add it as the
source connection. PingOne
will be automatically added as the target.
If you haven’t created the appropriate connection yet, see Creating a connection. You can add disabled connections to a source or target, but the connection must be enabled to enable an associated rule.
Enter the Users Base DN. The Users Base
DN specifies the location in the LDAP directory structure where
PingOne provisioning will search for users. For users to be found, they must be
located under the Users Base DN.
A stricter Users Base DN will match fewer users in the directory. For example,
ou=Users,dc=lab,dc=localis more strict than
dc=lab,dc=localbecause it will match only objects under the Users Organizational Unit.
- Click Save.