Service provider (SP) connections

  • The Unique User Identifier cannot be changed in an SP connection configuration.

    To change to a different Unique User Identifier, delete the existing connection and then create a connection with the new Unique User Identifier.

  • All SP connections with the same target must use the same Unique User Identifier.

    If multiple SP connections are created for the same target, every subsequent connection will use the Unique User Identifier configured in the first connection that was created.


  • The connector has a limit of one value per type (for example, home, work, and other) for multi-value attributes (for example, email, phone, and address).
  • If the application does not specify type or primary information on multi-value attributes, unexpected behavior can occur.

    During an update, existing attributes on the application cannot be removed, and the desired value cannot be correctly set as primary.

  • The provisioner cannot clear a user attribute after it is set.
  • PingOne does not support multi-value attributes, so the first attribute value will be used.
  • If the target application supports two email attributes and one attribute is empty, the provisioner populates both attributes with the email address and sets both as primary.

    This can produce unexpected effects in some target applications.


  • The provisioner does not support patch updates to SCIM-enabled target applications.
  • SCIM-compliant SPs might implement or interpret the SCIM standards differently, which can result in behavior that is not consistent with the intended use of the SCIM provisioner.
  • Group provisioning is not supported for AWS SSO as a SCIM.