You create a System for Cross-domain Identity Management (SCIM) application that uses a token to synchronize the PingFederate users and groups into VMware Identity Services.

On the PingFederate server, you must install the SCIM Provisioner to enable the provisioning of users and groups using SCIM.

Note: If you are using an existing PingFederate environment, you might have already installed the SCIM Provisioner.

Prerequisites

Complete the following tasks:

Procedure

  1. Download the SCIM Provisioner from https://support.pingidentity.com/s/marketplace-integration/a7i1W0000004IDNQA2/scim-provisioner.
    You must log in to the PingIdentity portal.
  2. Copy the pf-scim-quickconnection-1.4.jar file to the folder that is mounted to the /opt/out folder of your PingFederate server.
    For example, place the file in the /opt/out/instance/server/default/deploy folder.
  3. View the /opt/out/instance/bin/run.properties file and ensure that this setting is present: pf.provisioner.mode=STANDALONE
    According to the PingFederate documentation:

    STANDALONE - This server is a standalone instance that runs both the UI console and protocol engine (default).

  4. If your PingFederate server instance is running as a container image, and you updated the run.properties file, you might need to restart the server. For example:
    1. Connect to the PingFederate server using SSH.
    2. Change to the /root/ping directory.
    3. Run the following commands: 
      docker-compose down
docker-compose up

Results

The SCIM Connector displays as an option when configuring the user provisioning in Create the SCIM Application (SP Connection).

What to do next

Continue with Configure vCenter Server Identity Provider Federation for PingFederate.