If the external identity provider includes group information in its security tokens (ID
tokens from an OIDC identity provider or assertions from a SAML identity provider), you can
add a mapping between the External Group Names attribute in PingOne and the inbound attribute name from
the external identity provider.
-
Go to .
-
Locate the appropriate identity provider.
-
Click the Details icon to expand the identity provider, and then click the
pencil icon.
-
Click the Attributes tab.
-
Click + Add Attribute.
-
For PingOne user profile
attribute, select External Group Names.
-
For the external identity provider attribute, enter the inbound attribute name
from the external identity provider.
-
For Update condition, select one of the following:
- Always. Update the group information in PingOne every time the
user authenticates from the external identity provider.
- Empty only. Update the group information in PingOne only if there is
no value for the attribute in PingOne.
-
Click Save.