Propagation stores


Identity propagation stores

Identity propagation store entities represent a connection to an identity store owned by a customer. The connectionUrl attribute captures connection information including credentials, tokens, and store type, which can point to a SCIM or Salesforce store. Store instances may be associated with multiple rule entities, and must not be deleted when referred to by a rule instance.

The examples that follow show common actions to find and manage identity propagation store resources. You need the Environment Admin role to perform operations on identity propagation store entities.

Propagation store API operations

The propagation store endpoints support the following operations:

For hands-on experience with the propagation store API endpoints, click the Run in Postman button below to download a Postman collection that you can import and open in your local Postman application.

Propagation store data model

Property Description
configuration.freezeAccountOnDeprovisioning A boolean that specifies whether the account is frozen when deprovisioned.
configuration.AUTHENTICATION_METHOD A string that specifies the account authentication method. For example, OAuth 2 Bearer Token, or Basic Authentication.
configuration.SCIM_URL A string that specifies the SCIM URL.
configuration.SCIM_VERSION A string that specifies the SCIM version.
configuration.OAUTH_ACCESS_TOKEN A string that specifies the access token for account authentication.
description A string that specifies a description for the identity propagation store resource.
environment.id A string that specifies the environment resource’s unique identifier associated with the resource.
id A string that specifies the resource’s unique identifier.
image.id A string that specifies the image ID for the identity store resource.
image.href A string that specifies the URL for the identity store resource image file.
name A string that specifies the name of the identity store. This is a required property.
status A string that specifies the status of the identity store.
type A string that specifies the type of the identity store and determines the required and acceptable configuration properties. It also determines the acceptable target attribute mappings. This is a required property. Options are scim and Salesforce.
url A string that specifies the identity store’s URL. This is a required property.

Response codes

Code Message
200 Successful operation.
201 Successfully created.
204 Successfully removed. No content.
400 The request could not be completed.
401 You do not have access to this resource.
404 The requested resource was not found.

Endpoint examples

Get identity stores

The GET /environments/{environmentId}/propagation/stores endpoint returns a list of all identity store resources associated with the specified environment resource.

curl -X "GET" "https://api.pingone.com/v1/environments/{environmentId}/propagation/stores" \
-H 'Authorization: Bearer jwtToken'

The response data looks like this:

{
  "_embedded" : {
    "stores" : [ {
      "id" : "407cfeb1-f81b-4ee6-838b-78e24e0ff92b",
      "environment" : {
        "id" : "0d73e3ae-c424-42fd-ad71-9a1c79e90d06"
      },
      "image" : {
        "id" : "0e3954ed-bdda-41e3-95de-a2da324a449e",
        "href" : "https://d3uinntk0mqu3p.cloudfront.net/branding/market/0e3954ed-bdda-41e3-95de-a2da324a449e.png"
      },
      "description" : "description initial",
      "type" : "scim",
      "status" : "ACTIVE",
      "configuration" : {
        "freezeAccountOnDeprovisioning" : "false",
        "AUTHENTICATION_METHOD" : "OAuth 2 Bearer Token",
        "SCIM_URL" : "https://example.com/scim",
        "SCIM_VERSION" : "2.0",
        "OAUTH_ACCESS_TOKEN" : "12345"
      },
      "name" : "Workday",
      "url" : "http://localhost"
    }, {
      "id" : "a6f91d1d-b50e-4c22-afd7-9491bf1edf07",
      "environment" : {
        "id" : "0d73e3ae-c424-42fd-ad71-9a1c79e90d06"
      },
      "image" : { },
      "type" : "directory",
      "status" : "ACTIVE",
      "name" : "directory"
    } ]
  },
  "_links" : {
    "self" : {
      "href" : "http://localhost/environments/0d73e3ae-c424-42fd-ad71-9a1c79e90d06/propagation/stores/"
    }
  }
}

Get one identity store

To get data for a single identity store resource, the GET /environments/{environmentId}/propagation/stores/{storeId} operation returns data for the identity store resource with the specified ID.

curl -X GET "https://api.pingone.com/environments/{environmentId}/propagation/stores/{storeId}" \
-H "Authorization: Bearer jwtToken"

The response data looks like this:

{
  "id": "407cfeb1-f81b-4ee6-838b-78e24e0ff92b",
  "environment": {
    "id": "0d73e3ae-c424-42fd-ad71-9a1c79e90d06"
  },
  "image": {
    "id": "0e3954ed-bdda-41e3-95de-a2da324a449e",
    "href": "https://d3uinntk0mqu3p.cloudfront.net/branding/market/0e3954ed-bdda-41e3-95de-a2da324a449e.png"
  },
  "description": "description initial",
  "type": "scim",
  "status": "ACTIVE",
  "configuration": {
    "freezeAccountOnDeprovisioning": "false",
    "AUTHENTICATION_METHOD": "OAuth 2 Bearer Token",
    "SCIM_URL": "https://example.com/scim",
    "SCIM_VERSION": "2.0",
    "OAUTH_ACCESS_TOKEN": "12345"
  },
  "name": "Workday",
  "url": "http://localhost",
  "_links": {
    "self": {
      "href": "https://api.pingone.com/v1/environments/0d73e3ae-c424-42fd-ad71-9a1c79e90d06/propagation/stores/407cfeb1-f81b-4ee6-838b-78e24e0ff92b"
    },
    "update": {
      "href": "https://api.pingone.com/v1/environments/0d73e3ae-c424-42fd-ad71-9a1c79e90d06/propagation/stores/407cfeb1-f81b-4ee6-838b-78e24e0ff92b"
    },
    "delete": {
      "href": "https://api.pingone.com/v1/environments/0d73e3ae-c424-42fd-ad71-9a1c79e90d06/propagation/stores/407cfeb1-f81b-4ee6-838b-78e24e0ff92b"
    }
  }
}

Create identity stores

The POST /environments/{environmentId}/propagation/stores operation adds a new identity store resource to the specified environment resource.

This sample shows the connection properties for an identity store with "type":"scim".`

curl -X "POST" "https://api.pingone.com/v1/environments/{environmentId}/propagation/stores" \
-H 'Content-type: application/json' \
-H 'Authorization: Bearer jwtToken' \
-d '{
   "type":"scim",
   "name":"scim",
   "description":"create a scim connection",
   "configuration": {
	 "AUTHENTICATION_METHOD":"Basic Authentication",
	 "SCIM_URL":"https://scim.url",
	 "USERS_RESOURCE":"/users",
	 "SCIM_VERSION":"1.1",
	 "AUTHORIZATION_TYPE":"Basic",
	 "BASIC_AUTH_USER":"basicUserName",
	 "BASIC_AUTH_PASSWORD":"BasicPassword"},
	 "image":{
		"href":"https://d1oekt4jpdthse.cloudfront.net/branding/market/cb933bfe-8282-405a-a780-0a19b97edc02.png"
	 }
}'

This sample shows the connection properties for an identity store with "type":"Salesforce".`

curl -X "POST" "https://api.pingone.com/v1/environments/{environmentId}/propagation/stores" \
-H 'Content-type: application/json' \
-H 'Authorization: Bearer jwtToken' \
-d '{
  "type": "Salesforce",
  "name": "test",
  "configuration": {
    "FREEZE_USER_FLAG": false,
    "PERMISSION_SET_MANAGEMENT": "Merge with permission sets in Salesforce",
    "SALESFORCE_DOMAIN": "sqe1c1-dev-ed.my.salesforce.com",
    "CLIENT_ID": "3MVG9vtcvGoeH2bjJwb5FqeXKL...",
    "CLIENT_SECRET": "10258F5AADCFBC0A8...",
    "OAUTH_ACCESS_TOKEN": "00D3i000000Gws...",
    "OAUTH_REFRESH_TOKEN": "5Aep861MrMaWJGT9SMft..."
  }
}'

Test the identity store connection

The POST /environments/{environmentId}/propagation/stores/connection/status operation verifies identity store resource configuration in the specified environment resource. This operation uses the application/vnd.pingidentity.connection.check+json custom media type as the content type in the request header.

curl -X "POST" "https://api.pingone.com/v1/environments/{environmentId}/propagation/stores/connection/status" \
-H 'Content-type: application/vnd.pingidentity.connection.check+json' \
-H 'Authorization: Bearer jwtToken' \
-d '{
"type":"scim",
 "name":"scim",
 "configuration": {
	"AUTHENTICATION_METHOD":"Basic Authentication",
	"SCIM_URL":"https://scim.url",
	 "USERS_RESOURCE":"/users",
	 "SCIM_VERSION":"1.1",
	 "AUTHORIZATION_TYPE":"Basic",
	 "BASIC_AUTH_USER":"basicUserName",
	 "BASIC_AUTH_PASSWORD":"BasicPassword"},
	 "image":{
		"href":"https://d1oekt4jpdthse.cloudfront.net/branding/market/cb933bfe-8282-405a-a780-0a19b97edc02.png"
	 }
}'

Update identity stores

The PUT /environments/{environmentId}/propagation/stores/{storeId} operation updates the property values of the identified identity store resource.

curl -X "PUT" "https://api.pingone.com/v1/environments/{environmentId}/propagation/stores/{storeId}" \
-H 'Content-type: application/json' \
-H 'Authorization: Bearer jwtToken' \
-d '{
"type":"scim",
 "name":"scim",
 "description":"Update a scim connection",
 "configuration": {
	"AUTHENTICATION_METHOD":"Basic Authentication",
	"SCIM_URL":"https://scim.url",
	 "USERS_RESOURCE":"/users",
	 "SCIM_VERSION":"1.1",
	 "AUTHORIZATION_TYPE":"Basic",
	 "BASIC_AUTH_USER":"basicUserName",
	 "BASIC_AUTH_PASSWORD":"BasicPassword"},
	 "image":{
		"href":"https://d1oekt4jpdthse.cloudfront.net/branding/market/cb933bfe-8282-405a-a780-0a19b97edc02.png"
	 }
}'

Delete identity stores

The following sample shows the DELETE /environments/{environmentId}/propagation/stores/{storeId} operation to delete the identity store resource specified by its ID in the request URL.

curl -X DELETE "https://api.pingone.com/v1/environments/{environmentId}/propagation/stores/{storeId}" \
-H "Authorization: Bearer jwtToken"

When successful, the DELETE request returns a code 204 No Content message.