PrivaceraCloud Documentation

Table of Contents

Preview: PingFederate UserSync

:

Currently available as a Preview functionality, PingFederate has two possible Privacera Usersync integrations:

  • Privacera Usersync - SCIM Server : This requires configuration of PingFederate Outbound provisioning.

  • Privacera Usersync - SCIM : This requires configuration of PingFederate Inbound provisioning.

Prerequisites

  • PingFederate Administrator account access with user provisioning enabled.

Privacera Usersync - SCIM Server integration

PingFederate configuration steps
  • In the pingfederate/bin/run.properties file:

    pf.provisioner.mode=STANDALONE
  • See Configuring outbound provisioning in the PingIdentity documentation.

    Notice

    “Provision groups with distinguished name” should be set to false.

Privacera Usersync configuration steps
Privacera Platform
  • The following Privacera Manager (PM) variable needs to be modified to vars.privacera-usersync.scimserver.yml in config/custom_vars:

    SCIM_SERVER_ATTRIBUTE_EMAIL: "emails[type-work].value"
PrivaceraCloud
  • To configure SCIM Server connector, go to Configure Connector and click the Advanced tab.

    Include the following properties in the Custom Properties field:

    usersync.connector.enable.existing.users.conflict=false
    usersync.connector.enable.existing.groups.conflict=false
  • In Base User Attributes, modify Email Address value to: emails[type-work].value

Privacera Usersync - SCIM integration

Configure a SCIM connector with basic authentication.

PingFederate configuration steps

See Configuring SCIM inbound provisioning in the PingIdentity documentation.

Privacera Usersync configuration steps
Privacera Platform
  • The following Privacera Manager (PM) variables need to be added to the vars.privacera-usersync.scim.yml file in config/custom_vars:

    SCIM_AUTH_TYPE: “basic”
    SCIM_AUTH_USERNAME: “{SCIM_USERNAME}”
    SCIM_AUTH_PASSWORD: “{SCIM_PASSWORD}”
  • If PingFederate is using a self signed SSL certificate, set:

    PRIVACERA_USERSYNC_AUTH_SSL_ENABLED: “true”
  • Place the certificate in: privacera-manager/config/ssl/custom_certificates

PrivaceraCloud

Notice

PrivaceraCloud only supports CA signed SSL certificates

  • Configure Connector Endpoint URL:

    https://<HOST>:9031/pf-scim/v1/Users

    For the Bearer Token, set a value (this will not be used, as we will override authentication to basic auth in next step).

  • Add the following properties under Configure Connector-> Advanced tab -> Custom Properties.

    usersync.connector.auth.type=basic
    usersync.connector.username={SCIM_USERNAME}
    usersync.connector.password={SCIM_PASSWORD}