A PingOne Sync Destination defines the destination of a Sync Pipe that is an Environment in PingOne.
A PingOne Sync Destination provides a method for synchronizing users from directories and data sources to the PingOne cloud directory. PingOne has a strict user schema which may require custom attribute mapping. An example dsconfig script file is provided in the resource directory. Consult the PingOne documentation for further details.
PingOne Sync Destination does support pre-encoded user password synchronization. Consult the PingOne documentation for a list of the supported pre-encoding formats.
The PingOne Sync Destination component inherits from the Sync Destination
The following components have a direct aggregation relation from PingOne Sync Destinations:
The properties supported by this managed object are as follows:
| Basic Properties: | Advanced Properties: |
|---|---|
| description | None |
| api-url | |
| environment-id | |
| auth-url | |
| oauth-client-id | |
| oauth-client-secret | |
| oauth-client-secret-passphrase-provider | |
| http-proxy-external-server | |
| default-population-name | |
| default-population-id |
| Description | A description for this Sync Destination |
| Default Value | None |
| Allowed Values | A string |
| Multi-Valued | No |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
| Description | Specifies the API endpoint for the PingOne web service. |
| Default Value | None |
| Allowed Values | A string |
| Multi-Valued | No |
| Required | Yes |
| Admin Action Required | None. Modification requires no further action |
| Description | Specifies the PingOne Environment that will be associated with this PingOne Sync Destination. The Environment ID can be found under the Settings tab in the PingOne Admin Console. |
| Default Value | None |
| Allowed Values | Environment ID must be in the format of a UUID v4. |
| Multi-Valued | No |
| Required | Yes |
| Admin Action Required | None. Modification requires no further action |
| Description | Specifies the API endpoint for the PingOne authentication service. The Auth URL can be found under the Connections tab in the PingOne Admin Console. Specifically, it is within the Application configured for use with Data Sync Server. The necessary URL will be in the Configuration section as the Token Endpoint. |
| Default Value | None |
| Allowed Values | A string |
| Multi-Valued | No |
| Required | Yes |
| Admin Action Required | None. Modification requires no further action |
| Description | Specifies the OAuth Client ID used to authenticate connections to the PingOne API. The Client ID can be found under the Connections tab in the PingOne Admin Console. Specifically, it is within the Application configured for use with Data Sync Server. |
| Default Value | None |
| Allowed Values | A string |
| Multi-Valued | No |
| Required | Yes |
| Admin Action Required | None. Modification requires no further action |
| Description | Specifies the OAuth Client Secret used to authenticate connections to the PingOne API. The Client Secret can be found under the Connections tab in the PingOne Admin Console. Specifically, it is within the Application configured for use with the Data Sync Server. Exactly one of the oauth-client-secret and oauth-client-secret-passphrase-provider properties must be specified. |
| Default Value | None |
| Allowed Values | A string |
| Multi-Valued | No |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
oauth-client-secret-passphrase-provider
| Description | Specifies a passphrase provider that can be used to obtain the OAuth Client Secret used to authenticate connections to the PingOne API. The Client Secret can be found under the Connections tab in the PingOne Admin Console. Specifically, it is within the Application configured for use with the Data Sync Server. Exactly one of the oauth-client-secret and oauth-client-secret-passphrase-provider properties must be specified. |
| Default Value | None |
| Allowed Values | The DN of any Passphrase Provider. |
| Multi-Valued | No |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
| Description | A reference to an HTTP proxy server that should be used for requests sent to the PingOne service. |
| Default Value | No HTTP proxy server will be used. |
| Allowed Values | The DN of any HTTP Proxy External Server. |
| Multi-Valued | No |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
| Description | Specifies a default PingOne Population name that will be used when synchronizing new users into PingOne. If an attribute mapping exists that maps to "population", it will take precedent over this default. Using the PingOne Admin console, Population names can be found in the Identities tab under Populations. |
| Default Value | None |
| Allowed Values | A string |
| Multi-Valued | No |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
| Description | Specifies a default PingOne Population ID that will be used when synchronizing new users into PingOne. If an attribute mapping exists that maps to "population", it will take precedent over this default. Population IDs can be found by viewing the API tab on a User in the desired Population in the PingOne Admin Console. |
| Default Value | None |
| Allowed Values | A string |
| Multi-Valued | No |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
To list the configured Sync Destinations:
dsconfig list-sync-destinations
[--property {propertyName}] ...
To view the configuration for an existing Sync Destination:
dsconfig get-sync-destination-prop
--destination-name {name}
[--tab-delimited]
[--script-friendly]
[--property {propertyName}] ...
To update the configuration for an existing Sync Destination:
dsconfig set-sync-destination-prop
--destination-name {name}
(--set|--add|--remove) {propertyName}:{propertyValue}
[(--set|--add|--remove) {propertyName}:{propertyValue}] ...
To create a new PingOne Sync Destination:
dsconfig create-sync-destination
--destination-name {name}
--type ping-one
--set api-url:{propertyValue}
--set environment-id:{propertyValue}
--set auth-url:{propertyValue}
--set oauth-client-id:{propertyValue}
[--set {propertyName}:{propertyValue}] ...
To delete an existing Sync Destination:
dsconfig delete-sync-destination
--destination-name {name}