Configuring the IdentityNow application for PingDirectory - PingDirectory - PingFederate

Use Cases

bundle
solution-guides
ft:publication_title
Use Cases
Product_Version_ce
category
ContentType
howtodoc
ContentType_ce
How-to

Use the IdentityNow configuration functionality to establish a successful connection to PingDirectory.

  1. Sign in to the IdentityNow Administrator interface.
  2. Under the Admin tab, go to Connections > Sources.
  3. Click the +New button.
  4. In the window that appears, choose SunOne from the Source Type dropdown list, fill in the remaining fields with your information, and select Direct Connection for Connection Type. Click Continue.
    The Create New Source pop-up window with example values in its fields
  5. Select a Virtual Appliance Cluster from those already configured for your organization. See the SailPoint Virtual Appliance Reference Guide for more details.
  6. Enter the following connection details.
    1. In the Connection Credentials section, enter the PingDirectory administrator account information into the Service Account and Password fields.
    2. In the Server Host section, enter the hostname of the PingDirectory server in the Hostname or IP Address field.
    3. In the Server Host section, enter the PingDirectory configured LDAPS port 636 or 1636 in the Port field.
    The Config tab with sections and fields mentioned in step 6
  7. Ensure the Account, Group and Group Member Search DNs are valid for the configured PingDirectory topology.
    In the demo environment the following values were used.
    • Account Search DN: ou=people,dc=example,dc=com
    • Group Search DN: ou=Groups,dc=example,dc=com
    • Group Membership DN: ou=Groups,dc=example,dc=com
  8. Under the Connections tab, enable the Advanced Options and select Enable in the Use TLS section and Simple in the Authorization Type section.
    The Connections tab with fields marked in accordance with step 8
  9. Before making changes to the source configurations via RESTful requests, you must generate an access token. See IdentityNow REST APIs for details on this process.
  10. Retrieve the internal Source ID of the PingDirectory source defined previously.
    Do this by retrieving the full list of defined sources in IdentityNow, and then searching for the correct one. The first API call is
    GET https://{{api-url}}/cc/api/source/list
    where {{api-url}} is https://<org_name>.api.identitynow.com.

    This returns a JSON array, each element of which is a source from IdentityNow. Search this array for the Source Name that you chose. It should look similar to the following example.

    {
            "id": "50959",
            "version": 5,
            "name": "PingDirectory",
            "description": "PingDirectory source",
            "owner": {
                "id": "1037426",
                "name": "Adam Creaney"
            },
            "lastUpdated": "2020-04-21T20:45:58Z",
    ….
    Rest of response deleted
    ….
    
    Note: The "id" entry is the value to save from this call. In the above example the "id" value is 50959.
  11. Make the following API call (using a RESTful client application is recommended to accomplish this) to retrieve an .xml output of the configuration for the newly created source.
    GET https://{{api-url}}/cc/api/source/export/<sourceID>
    where <sourceID> is the "id" value from step 10.
    1. Copy this output and paste into a text editor.
    2. Find the section below for the Group schema as shown in the following screenshot.
      Screenshot of the Group schema with relevant changes highlighted
    3. Modify the nativeObjectType to "groupOfNames", as shown in the above image.
    4. Find the attribute definition for the "member" attribute and add multi="true" to this section, as shown in the above image.
    5. Change the ‘groupMemberAttribute’ entry by adding value="member", as shown in the above image.
    6. Save the file as ping_directory.xml (the name doesn't matter). Do not modify any other elements of the .xml.
  12. Import the changes back into IdentityNow using a tool such as Postman.
    Use the following Postman command to import the changes.
    POST https://{{api-url}}/cc/api/source/import/<sourceID>
    where <sourceID> is the "id" value from step 10.
    • The content-type of this request is multipart/form-data. boundary=<calculated when request is sent>
    • The body of this request should be of type form-data.
    • The only entry key should be "file". For value, select the .xml file from earlier.
    POST window showing the .xml file from earlier
  13. Send the request. IdentityNow should return a success message.
  14. Click the Test Connection button to ensure the connection is successful.