For user import operations in which the imported user’s password remains on the external directory (and is not imported into PingOne), the import action uses the password.external.gateway configuration to designate that the user’s authoritative password is managed by an external service.

The POST /environments/{{envID}}/users operation imports a new user resource to the specified environment. This operation uses the application/vnd.pingidentity.user.import+json custom content type in the request header.

New users must be assigned to a population resource identified by its ID, and the request must set a value for the username attribute. The username attribute must be unique to an environment (spanning populations). Access to populations is determined by roles. It’s possible that username conflicts may arise, if you or your worker application attempt to create a user that exists in a population to which you have no access.

The password property sets the attributes needed to specify an external directory as the password manager. For this use case, the password property configures the following sub-properties:

Property Type Required? Mutable? Description
password.external Object Required Mutable An object that maps the information relevant to the user’s password, and its association to external directories.
password.external.
gateway
Object Required Mutable An object containing the gateway properties. When this is value is specified, the user’s password is managed in an external directory. You can set the user password using Create User (Import) or Update Password (Set).
password.external.
gateway.id
UUID Required Mutable The UUID of the linked gateway that references the remote directory.
password.external.
gateway.type
String Optional Mutable An enum indicating one of the supported gateway types. For the supported types, see type in the Gateway base data model.
password.external.
gateway.userType
Reference Required Mutable A reference to a userType in the list of userTypes values for an LDAP gateway.
password.external.
gateway.userType.id
UUID Required Mutable The UUID of a user type in the list of userTypes for the LDAP gateway.
password.external.
gateway.
correlationAttributes
Object Required Mutable An object that maps the LDAP directory attributes used by PingOne to link a user with the corresponding on-premise LDAP directory user.

For more information about gateways LDAP data model and gateway user types, see Gateway Management.