For user import operations in which the imported user’s password remains on the external directory (and is not imported into PingOne), the import action uses the password.external.gateway
configuration to designate that the user’s authoritative password is managed by an external service.
The POST /environments/{{envID}}/users
operation imports a new user resource to the specified environment. This operation uses the application/vnd.pingidentity.user.import+json
custom content type in the request header.
New users must be assigned to a population
resource identified by its ID, and the request must set a value for the username
attribute. The username
attribute must be unique to an environment (spanning populations). Access to populations is determined by roles. It’s possible that username
conflicts may arise, if you or your worker application attempt to create a user that exists in a population to which you have no access.
The password
property sets the attributes needed to specify an external directory as the password manager. For this use case, the password
property configures the following sub-properties:
See Users and User Operations for important overview information.
Create a population to get a popID
. See Create Population. Run Read All Populations to find an existing population.
Create an LDAP gateway to get a gatewayID
. See Create LDAP Gateway. Run Read All Gateways to find an existing gateway.
Create an LDAP gateway to get a userTypeID
. See Create LDAP Gateway.
Property | Type | Required? |
---|---|---|
password.external |
Object | Required |
password.external.gateway |
Object | Required |
password.external.gateway.id |
UUID | Required |
password.external.gateway.type |
String | Optional |
password.external.gateway.userType |
Reference | Required |
password.external.gateway.userType.id |
UUID | Required |
password.external.gateway.correlationAttributes |
Object | Required |
For more information about gateways LDAP data model and gateway user types, see Gateway Management.