A PingOne Sync Source defines the source of a Sync Pipe that is an Environment in PingOne.
A PingOne Sync Source provides a method for synchronizing users to directories and data sources from a single environment within the PingOne cloud directory. PingOne has a strict user schema which may require custom attribute mapping. An example dsconfig script file is provided in the resource directory. Consult the PingOne documentation for further details.
PingOne Sync Source does support pre-encoded user password synchronization. Consult the PingOne documentation for a list of the supported pre-encoding formats.
↓Parent Component
↓Relations from This Component
↓Properties
↓dsconfig Usage
The PingOne Sync Source component inherits from the Sync Source
The following components have a direct aggregation relation from PingOne Sync Sources:
The properties supported by this managed object are as follows:
| Basic Properties: | Advanced Properties: |
|---|---|
| ↓ description | ↓ realtime-sync-polling-offset |
| ↓ api-url | |
| ↓ environment-id | |
| ↓ auth-url | |
| ↓ oauth-client-id | |
| ↓ oauth-client-secret | |
| ↓ oauth-client-secret-passphrase-provider | |
| ↓ http-proxy-external-server | |
| ↓ population-to-synchronize | |
| ↓ actor-id-to-ignore |
| Description | A description for this Sync Source |
| Default Value | None |
| Allowed Values | A string |
| Multi-Valued | No |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
| Description | Specifies the API endpoint for the PingOne web service. |
| Default Value | None |
| Allowed Values | A string |
| Multi-Valued | No |
| Required | Yes |
| Admin Action Required | None. Modification requires no further action |
| Description | Specifies the PingOne Environment that will be associated with this PingOne Sync Source. The Environment ID can be found under the Settings tab in the PingOne Admin Console. |
| Default Value | None |
| Allowed Values | Environment ID must be in the format of a UUID v4. |
| Multi-Valued | No |
| Required | Yes |
| Admin Action Required | None. Modification requires no further action |
| Description | Specifies the API endpoint for the PingOne authentication service. The Auth URL can be found under the Connections tab in the PingOne Admin Console. Specifically, it is within the Application configured for use with Data Sync Server. The necessary URL will be in the Configuration section as the Token Endpoint. |
| Default Value | None |
| Allowed Values | A string |
| Multi-Valued | No |
| Required | Yes |
| Admin Action Required | None. Modification requires no further action |
| Description | Specifies the OAuth Client ID used to authenticate connections to the PingOne API. The Client ID can be found under the Connections tab in the PingOne Admin Console. Specifically, it is within the Application configured for use with Data Sync Server. |
| Default Value | None |
| Allowed Values | A string |
| Multi-Valued | No |
| Required | Yes |
| Admin Action Required | None. Modification requires no further action |
| Description | Specifies the OAuth Client Secret used to authenticate connections to the PingOne API. The Client Secret can be found under the Connections tab in the PingOne Admin Console. Specifically, it is within the Application configured for use with the Data Sync Server. Exactly one of the oauth-client-secret and oauth-client-secret-passphrase-provider properties must be specified. |
| Default Value | None |
| Allowed Values | A string |
| Multi-Valued | No |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
oauth-client-secret-passphrase-provider
| Description | Specifies a passphrase provider that can be used to obtain the OAuth Client Secret used to authenticate connections to the PingOne API. The Client Secret can be found under the Connections tab in the PingOne Admin Console. Specifically, it is within the Application configured for use with the Data Sync Server. Exactly one of the oauth-client-secret and oauth-client-secret-passphrase-provider properties must be specified. |
| Default Value | None |
| Allowed Values | The DN of any Passphrase Provider. |
| Multi-Valued | No |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
| Description | A reference to an HTTP proxy server that should be used for requests sent to the PingOne service. |
| Default Value | No HTTP proxy server will be used. |
| Allowed Values | The DN of any HTTP Proxy External Server. |
| Multi-Valued | No |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
| Description | When polling for changes the Data Sync Server will ignore changes to resources that are not members of this list. The PingOne Sync Source setting provides the ability to only synchronize users from specific populations. By default, it will synchronize users from all of the populations in the configured environment. If this is not desired, a list of population ids or names may be specified to limit the scope of synchronized users. |
| Default Value | Users in all populations will be synchronized. |
| Allowed Values | A string |
| Multi-Valued | Yes |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
| Description | When polling for changes the Data Sync Server will ignore changes caused by these OAuth clients or users. By default, PingOne Sync Source will synchronize changes originating from any user or application (OAuth client). In some cases, namely bi-directional synchronization, it is necessary to specify one or more actors whose changes should be ignored. In the case of bi-directional synchronization, specifying the id of the OAuth client configured for the corresponding PingOne Sync Destination will prevent unnecessary changes from being processed. |
| Default Value | None |
| Allowed Values | A string |
| Multi-Valued | Yes |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
realtime-sync-polling-offset (Advanced Property)
| Description | The Data Sync Server polls for realtime changes based on the timestamp of activity log entries. To avoid missing changes due to clock skew, recent changes that have occurred within the configured offset will not be retrieved. Effectively the synchronization of all changes that occur in the PingOne environment will be delayed by this configured offset. Decreasing the configured value reduces the synchronization delay but increases the possibility of missed changes. Whereas increasing the value increases the delay but decreases the possibility of missed changes. |
| Default Value | 5 seconds |
| Allowed Values | A duration. Lower limit is 2000 milliseconds. |
| Multi-Valued | No |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
To list the configured Sync Sources:
dsconfig list-sync-sources
[--property {propertyName}] ...
To view the configuration for an existing Sync Source:
dsconfig get-sync-source-prop
--source-name {name}
[--tab-delimited]
[--script-friendly]
[--property {propertyName}] ...
To update the configuration for an existing Sync Source:
dsconfig set-sync-source-prop
--source-name {name}
(--set|--add|--remove) {propertyName}:{propertyValue}
[(--set|--add|--remove) {propertyName}:{propertyValue}] ...
To create a new PingOne Sync Source:
dsconfig create-sync-source
--source-name {name}
--type ping-one
--set api-url:{propertyValue}
--set environment-id:{propertyValue}
--set auth-url:{propertyValue}
--set oauth-client-id:{propertyValue}
[--set {propertyName}:{propertyValue}] ...
To delete an existing Sync Source:
dsconfig delete-sync-source
--source-name {name}