Creating an inbound rule

Create a rule to define which users are provisioned to PingOne and how attributes are mapped between the external identity store and PingOne.

If you are creating a rule for a connection through an LDAP gateway, see Creating an inbound rule for a connection through an LDAP gateway.

Steps

In the PingOne admin console, go to Integrations > Provisioning.
Click and then click New Rule.
Enter a name and description for the rule. The rule name will appear in the list when you’ve completed and saved the rule.
Click Create Rule.
On the Configuration tab, click Source.

In the Available Connections section, click the icon to add the appropriate connection as the source connection.

Not all provisioning connection types support inbound provisioning.

If you haven’t created a connection yet, refer to Creating provisioning connections.

You can add disabled connections to a source or target, but the connection must be enabled to enable an associated rule. PingOne will automatically be added as the target.

Click Save.
On the Configuration tab, click the Target.
Click the See Details link and then click the Pencil icon.

In the Actions section, enter or edit the following:

Field	Description
Allow Users to be Created	Determines whether to create a user in the PingOne user store when the user is created in the source identity store.
Allow Users to be Updated	Determines whether to update user attributes in the PingOne user store when the user is updated in the source identity store.
Allow Users to be Disabled	When a user is disabled in the source identity store, PingOne disables the user in the PingOne identity store.
Allow Users to be Deprovisioned	Determines whether to deprovision a user in the PingOne identity store when the user is deprovisioned in the source identity store.
Remove Action	Determines the action to take when removing a user from the source identity store. Delete: When a user is deprovisioned from the source identity store, PingOne deletes the user in the PingOne identity store. Disable: When a user is deprovisioned from the source identity store, PingOne disables the user in the PingOne identity store.
Deprovision on Rule Deletion	Determines whether to deprovision users that were provisioned using this rule if the rule is deleted.

Field

Description

Allow Users to be Created

Determines whether to create a user in the PingOne user store when the user is created in the source identity store.

Allow Users to be Updated

Determines whether to update user attributes in the PingOne user store when the user is updated in the source identity store.

Allow Users to be Disabled

When a user is disabled in the source identity store, PingOne disables the user in the PingOne identity store.

Allow Users to be Deprovisioned

Determines whether to deprovision a user in the PingOne identity store when the user is deprovisioned in the source identity store.

Remove Action

Determines the action to take when removing a user from the source identity store.

Delete: When a user is deprovisioned from the source identity store, PingOne deletes the user in the PingOne identity store.

Disable: When a user is deprovisioned from the source identity store, PingOne disables the user in the PingOne identity store.

Deprovision on Rule Deletion

Determines whether to deprovision users that were provisioned using this rule if the rule is deleted.

Click Save.
To enable the rule, click the toggle at the top of the details panel to the right (blue).

You can disable the rule by clicking the toggle to the left (gray).

Next steps

Specify which identities are provisioned based on factors such as active users or other source user attributes. Learn more in Adding a user filter.

Specify additional options for onboarding new users. Learn more in Adding attribute mapping for inbound provisioning.