PingOne is a cloud-based identity as a service (IDaaS) framework for secure identity access management that uses an organization based model to define tenant accounts and their related entities within the PingOne platform.
Supervisor configuration parameters
To configure the connector, following parameters are required:
- PingOne Platform
- Client Id of the API client
- Client Secret of the API client
- Environment Id
-
Target URL (https://api.pingone.{instance_region})
-
Instance DateTime Offset (refer Configuring additional datetime offset in connectors for more details)
Supported objects and operations
Users
Operation | VERB |
---|---|
Create User | POST |
Get User by Id | GET |
List Users | GET |
Update User | PUT |
Delete User | DELETE |
Groups
Create Group | POST |
Get Group | GET |
Get Groups | GET |
Update Group | PUT |
Populations
Get Populations by Id | GET |
List Populations | GET |
Mandatory fields
Users
- userName
- population
Groups
displayName
User mapping
The user and population mappings are listed in the tables below.
SCIM Parameter | PingOne Parameter |
---|---|
id | id |
userName | username |
name.givenName | name.given |
name.middleName | name.middle |
name.formatted | name.formatted |
name.honorificSuffix | name.honorificSuffix |
name.honorificPrefix | name.honorificPrefix |
title | title |
displayName | name.given name.family |
emails[].value | |
active | enabled |
locale | locale |
preferredLanguage | preferredLanguage |
timezone | timezone |
groups[].value | memberOfGroupIDs |
externalId | externalId |
userType | type |
nickName | nickname |
photos[].value | photo.href |
addresses[].streetAddress | address.streetAddress |
addresses[].region | address.region |
addresses[].locality | address.locality |
addresses[].countryCode | address.country |
addresses[].postalCode | address.postalCode |
phoneNumbers[].value | primaryPhone |
phoneNumbers[].Value | mobilePhone |
enterpriseExtension.accountId | accountId |
enterpriseExtension.population | population.id |
enterpriseExtension.environment | environment.id |
enterpriseExtension.identityProvider | identityProvider.type |
enterpriseExtension.mfaEnabled | mfaEnabled |
createdAt | meta.created |
updatedAt | meta.lastModified |
Groups
SCIM parameter | PingOne parameter |
---|---|
id | id |
displayName | name |
members[].value | members[].id |
externalId | externalId |
enterpriseExtension.population | population.id |
enterpriseExtension.description | description |
enterpriseExtension.environment | environment.id |
enterpriseExtension.checkSum | checkSum |
enterpriseExtension.customData.securityGroup | customData.securityGroup |
enterpriseExtension.customData.groupOwner | customData.groupOwner |
meta.lastModified | updatedAt |
meta.created | createdAt |
Population mapping
SCIM Parameter | PingOne Parameter |
---|---|
id | id |
displayName | name |
userCount |
userCount |
description |
description |
environment |
environment.id |
passwordPolicy |
passwordPolicy.id |
isDefault |
default |
updatedAt |
meta.lastModified |
createdAt |
meta.created |
Connector SCIM configuration
The PingOne Platform connector is enhanced to support the configuration of SCIM connector with custom attributes and disabling of attributes. 'Users' resources in PingOne Platform connector have the support for configuring custom attributes and disabling of attributes.
NOTE:
- In connector schema, datatype corresponding to multivalued custom attribute is of type string and JSON only.
- Connector output format for multivalued custom attributes will be as shown below:
"MultivaluedAttributeName" : "[abcd;; efgh;; xyzw;; uvty]"
- As per the connector output format, the values will be double semicolon separated(;;) and will be enclosed inside opening and closing square brackets.
- Opening and closing square brackets helps to ensure that the attribute is of multivalued type.
Connector limitations
- In pagination, records are returned in multiples of 100 only due to target behaviour.
- Custom attributes and disabling attributes are only supported in users due to target behaviour.
- Custom attributes are supported for string and JSON attributes due to target behaviour.
-
While updating a group that was created at the population level, it should contain the same population id in the update body that was given while creating the group, while groups created at the environment level should not contain the population attribute in the update body due to target behaviour, else the target will throw the error message.