Mapping the group attribute from an LDAP Gateway - PingOne - PingOne Cloud Platform

PingOne Cloud Platform
bundle
pingone
ft:publication_title
PingOne Cloud Platform
Product_Version_ce
PingOne
PingOne Cloud Platform
category
Administratorguide
ContentType
Guide
Product
Productdocumentation
p1
p1cloudplatform
ContentType_ce
Product documentation
Guide > Administrator Guide
Guide

If the external directory includes group information in its security tokens, you can add a mapping between the External Group Names attribute in PingOne and the inbound attribute name from the external directory.

Note:

For LDAP Gateway connections, the group associated with the user is provisioned to PingOne only on the initial user migration.

  1. Go to Integrations > Gateways.
  2. Locate the appropriate gateway connection.
  3. Click the gateway entry to open the gateway details panel.
  4. Click the Lookup tab.
  5. Click the options menu on the right, and then click Edit.
  6. Under User Link Attributes, click + Add Mapping.
  7. For PingOne user profile attribute, select External Group Names.
  8. For the external directory attribute, enter the inbound attribute name from the external directory. For example, memberOf for Microsoft Active Directory, and isMemberOf for PingDirectory.
  9. Click Save.

    When a user signs on the first time, if the user doesn’t exist in PingOne, the gateway creates a user record in PingOne based on the mappings, including group membership. This is a one-time event, not a continuous synchronization.

    For more information, see Just-in-time provisioning of external groups.