For inbound provisioning, you can specify some additional options for onboarding new users. For inbound provisioning, the mapping is applied to the attribute coming from the source identity store before it is saved to the PingOne directory.
- Go to Integrations > Provisioning.
- Click the Rules tab.
- Find the appropriate rule and click it to show the details panel.
- Click the Configuration tab.
-
Click Attribute mapping.
Note:
You must have a source and target connection configured before you can set up attribute mapping.
-
Click the pencil icon to edit the attribute mapping.
Note:
For inbound provisioning rules, the display names of some attributes have changed. For more information, see Updates to inbound provisioning attributes.
-
Review the attribute mappings for the configured identity store. The source
attribute mappings for a particular identity store are provided. For more
information, see Mapping attributes.
- To add an attribute mapping, click + Add. Enter the source and target attributes.
- To add a new source attribute, type the attribute name. From the list, select the
ADD:<attribute-name>
attribute. Map the added attribute to a target attribute. - To use the expression builder, click the gear icon. See Using the expression builder.
- To delete a mapping, click the trash can icon.
-
Click Next.
For inbound provisioning, you can specify some additional options for onboarding new users. For inbound provisioning, the mapping is applied to the attribute coming from the source identity store before it is saved to the PingOne directory.
-
Enter the following as part of PingOne user onboarding:
- Population. Select a population from the list. When users are synced to PingOne, they will be added to the specified population.
- Authenticate via AD/LDAP. Specify whether to authenticate the user through the Active Directory or LDAP gateway user directory. If you select Yes, PingOne will be automatically set as the Authoritative identity provider. If you select Yes, specify a Gateway user type. If you select No, specify an Authoritative identity provider.
- Authoritative identity provider. If you selected No for Authenticate via AD/LDAP, select the identity provider that will have authority over user records and credentials. PingOne is the default, but if you have configured another IdP, you can select it here. See Authoritative identity providers.
-
If you select PingOne as the Authoritative identity provider, specify the following options:
- Set Password check box. Determines whether to specify a default password for new users.
- Set Password text box. Specify the
default password in PingOne for
users synced in from an external identity store as a source.
Click Set password and then enter a
literal value. You can also create a complex password using
the functions in the expression builder. For more
information, see Using the expression builder.Note:
We recommend using strong passwords, even for temporary passwords.
- Reset their password on first login. Select this option to force users to reset their password the first time they authenticate through PingOne.
- Gateway user type. If you selected Yes for Authenticate via AD/LDAP, select a Gateway user type. The user type identifies users in the external directory. You must define a user type to use external authentication.
- Click Finish.