You can map PingOne user attributes to SAML or OIDC attributes to and from external applications, resources, identity providers, and provisioning connections. For example, you could map Email Address in PingOne to NameID in an application.
Note: When mapping multi-valued attributes to and from PingOne, consider the following conditions.
- If you map a multi-valued PingOne attribute to an attribute for an external application, the claim in the token or the attribute in the assertion will be multi-valued.
- If you map an external attribute to a PingOne attribute, PingOne will evaluate the mapping as follows:
- If you map an external multi-valued attribute to a multi-valued PingOne attribute, PingOne will add all values to the PingOne attribute.
- If you map an external multi-valued attribute to a single-valued PingOne attribute, PingOne uses only the first value of the external multi-valued attribute.
- If you map an external single-valued attribute to a multi-valued PingOne attribute, PingOne will take the single value and add it to the multi-valued PingOne attribute to create a multi-valued attribute containing one value.
For more information about the expression builder, see Using the expression builder.
Using attribute mapping
You can map PingOne attributes to attributes in your application, resource, identity provider, or provisioning connection.
- Locate the object in which you want to map attributes.