Propagation Stores

Identity propagation store entities represent a connection to an identity store owned by a customer. Store instances may be associated with multiple rule entities, and must not be deleted when referred to by a rule instance.

Note: To reflect the propagation stores API changes in the PingOne Admin Console, you must create a new propagation revision.

The examples that follow show common actions to find and manage identity propagation store resources. You need the Environment Admin role to perform operations on identity propagation store entities.

Propagation stores are directional relative to Ping Identity.

For Outbound provisioning, a store in Ping Identity is the source and an outside identity store is the target. You must create an identity propagation store of type directory as the source store. Changes to users propagate near real-time - when there is a change to a user in PingOne, the target identity store is updated immediately.
For Inbound provisioning, a store in Ping Identity is the target and an outside identity store is the source. You must create an identity propagation store of type PingOne as the target store. Changes to users are retrieved from the source identity store by polling the remote store every 4 hours. The polling interval is not configurable. You can also use inbound SCIM for inbound user provisioning. For more information, see SCIM.

Every propagation store is either a target store or a source store. When you create the propagation rule, you designate, by its identifier, which identity store is the source store and which identity store is the target store. For information on inbound and outbound capabilities for each connection type, see Inbound and outbound provisioning.

Propagation store data models by store type

Propagation store type	Propagation store data models
	Propagation store base data model (common to all propagation store types)
Aquera	Propagation store Aquera configuration data model
Azure Active Directory SAML V2.0	Propagation store Azure Active Directory SAML V2.0 configuration data model
directory	Propagation store directory configuration data model
GitHubEMU	Propagation store GitHubEMU configuration data model
GoogleApps	Propagation store GoogleApps configuration data model
LDAP Gateway	Propagation store LDAP Gateway configuration data model
PingOne	Propagation store PingOne configuration data model
Salesforce	Propagation store Salesforce configuration data model
SalesforceContacts	Propagation store SalesforceContacts configuration data model
SCIM	Propagation store SCIM configuration data model
ServiceNow	Propagation store ServiceNow configuration data model
Slack	Propagation store Slack configuration data model
Workday	Propagation store Workday configuration data model
Zoom	Propagation store Zoom configuration data model

Propagation store type

Propagation store data models

Propagation store base data model (common to all propagation store types)

Aquera

Propagation store Aquera configuration data model

Azure Active Directory SAML V2.0

Propagation store Azure Active Directory SAML V2.0 configuration data model

Propagation store base data model

These properties are common to all propagation store types.

Property Type Required? Mutable? Description

Property	Type	Required?	Mutable?	Description
`configuration`	Object	Required	Mutable	Configuration properties specific to each identity propagation store as described in subsequent tables.
`description`	String	Optional	Mutable	A description for the identity propagation store.
`environment.id`	String	N/A	Read-only	Unique identifier (UUID) of the PingOne environment associated with the propagation store.
`id`	String	N/A	Read-only	Unique identifier (UUID) of the propagation store.
`image.href`	String	Optional	Mutable	The URL for the identity store resource image file.
`image.id`	String	Optional	Mutable	The image ID for the identity store resource.
`managed`	Boolean	Optional	Mutable	Indicates whether or not to enable deprovisioning of users for a store when it is deleted. The deprovisioning occurs when a new revision is created (POST {{apiPath}}/environments/{{envID}}/propagation/revisions).
`name`	String	Required	Mutable	The name of the identity store.
`populations.id` (deprecated)	String[]	Optional	Mutable	Deprecated, use `populations.id` in Propagation Rules. Array of population resource identifiers associated with this store.
`status`	String	Optional	Mutable	The status of the identity store. The default value is `INACTIVE`.
`syncStatus.details`	String	N/A	Read-only	Details of any synchronization errors.
`syncStatus.failedCount`	Integer	N/A	Read-only	A count of failed synchronization events since the last revision.
`syncStatus.failedDeprovisionCount`	Integer	N/A	Read-only	A count of failed deprovisioning synchronization events since the last revision.
`syncStatus.lastSyncAt`	DateTime	N/A	Read-only	The last synchronization in `yyyy-MM-dd’T’HH:mm:ss.SSS’Z'` format.
`syncStatus.successCount`	Integer	N/A	Read-only	A count of successful synchronization events since the last revision.
`syncStatus.syncState`	String	N/A	Read-only	The current state of synchronization with a propagation store or stores. Options are either `SYNCING` or `FAILED`.
`syncStatus.userTotal`	Integer	N/A	Read-only	A count of users that will synchronize to the target store based on the Rule’s filter.
`syncStatus` (deprecated)	Object	N/A	Read-only	Deprecated, use `syncStatus` in Propagation Rules. The current state of synchronization with a propagation store or stores.
`type`	String	Required	Immutable	The type of the identity store and determines the required and acceptable configuration properties. It also determines the acceptable target attribute mappings. Options are `Aquera`, `AzureActiveDirectorySAML2`, `directory`, `LdapGateway`, `PingOne`, `Salesforce`, `SalesforceContacts`, `scim`, `Slack`, `Workday`, or `Zoom`.

configuration

Object

Required

Mutable

Configuration properties specific to each identity propagation store as described in subsequent tables.

description

String

Optional

Mutable

A description for the identity propagation store.

environment.id

String

N/A

Read-only

Unique identifier (UUID) of the PingOne environment associated with the propagation store.

id

String

N/A

Read-only

Unique identifier (UUID) of the propagation store.

image.href

String

Optional

Mutable

The URL for the identity store resource image file.

image.id

String

Optional

Mutable

The image ID for the identity store resource.

managed

Boolean

Optional

Mutable

Indicates whether or not to enable deprovisioning of users for a store when it is deleted. The deprovisioning occurs when a new revision is created (POST {{apiPath}}/environments/{{envID}}/propagation/revisions).

name

String

Required

Mutable

The name of the identity store.

populations.id (deprecated)

String[]

Optional

Mutable

Deprecated, use populations.id in Propagation Rules. Array of population resource identifiers associated with this store.

status

String

Optional

Mutable

The status of the identity store. The default value is INACTIVE.

syncStatus.details

String

N/A

Read-only

Details of any synchronization errors.

syncStatus.failedCount

Integer

N/A

Read-only

A count of failed synchronization events since the last revision.

syncStatus.failedDeprovisionCount

Integer

N/A

Read-only

A count of failed deprovisioning synchronization events since the last revision.

syncStatus.lastSyncAt

DateTime

N/A

Read-only

The last synchronization in yyyy-MM-dd’T’HH:mm:ss.SSS’Z' format.

syncStatus.successCount

Integer

N/A

Read-only

A count of successful synchronization events since the last revision.

syncStatus.syncState

String

N/A

Read-only

The current state of synchronization with a propagation store or stores. Options are either SYNCING or FAILED.

syncStatus.userTotal

Integer

N/A

Read-only

A count of users that will synchronize to the target store based on the Rule’s filter.

syncStatus (deprecated)

Object

N/A

Read-only

Deprecated, use syncStatus in Propagation Rules. The current state of synchronization with a propagation store or stores.

type

String

Required

Immutable

The type of the identity store and determines the required and acceptable configuration properties. It also determines the acceptable target attribute mappings. Options are Aquera, AzureActiveDirectorySAML2, directory, LdapGateway, PingOne, Salesforce, SalesforceContacts, scim, Slack, Workday, or Zoom.

Propagation store Aquera configuration data model

Property Type Required? Mutable? Description

Property	Type	Required?	Mutable?	Description
`configuration.ACCESS_TOKEN`	String	Optional	Mutable	A string specifying the access token for account authentication.
`configuration.AUTHENTICATION_METHOD`	String	Required	Mutable	The account authentication method. For example, `OAuth Bearer Token` or `Basic Auth`.
`configuration.BASIC_AUTH_PASSWORD`	String	Required	Mutable	The password for account authentication.
`configuration.BASIC_AUTH_USER`	String	Required	Mutable	The user name for account authentication.
`configuration.CREATE_USERS`	Boolean	Optional	Mutable	Whether or not users are allowed to be created.
`configuration.createNewUsers` (deprecated)	Boolean	Optional	Mutable	Deprecated, use `configuration.CREATE_USERS`. Whether or not users are allowed to be created.
`configuration.DISABLE_USERS`	Boolean	Optional	Mutable	Whether or not users are allowed to be disabled.
`configuration.disableNewUsers` (deprecated)	Boolean	Optional	Mutable	Deprecated, use `configuration.DISABLE_USERS`. Whether or not users are allowed to be disabled.
`configuration.GROUP_NAME_SOURCE`	String	Optional	Mutable	The source to use for the group name. Options are either `Common Name` or `Distinguished Name`.
`configuration.REMOVE_ACTION`	String	Optional	Mutable	The action to take when deprovisioning (removing) a user. Options are either `Disable` or `Delete`.
`configuration.SCIM_URL`	String	Required	Mutable	The SCIM URL.
`configuration.UPDATE_USERS`	Boolean	Optional	Mutable	Whether or not users are allowed to be updated.
`configuration.updateNewUsers` (deprecated)	Boolean	Optional	Mutable	Deprecated, use`configuration.UPDATE_USERS`. Whether or not users are allowed to be updated.

configuration.ACCESS_TOKEN

String

Optional

Mutable

A string specifying the access token for account authentication.

configuration.AUTHENTICATION_METHOD

String

Required

Mutable

The account authentication method. For example, OAuth Bearer Token or Basic Auth.

configuration.BASIC_AUTH_PASSWORD

String

Required

Mutable

The password for account authentication.

configuration.BASIC_AUTH_USER

String

Required

Mutable

The user name for account authentication.

configuration.CREATE_USERS

Boolean

Optional

Mutable

Whether or not users are allowed to be created.

configuration.createNewUsers (deprecated)

Boolean

Optional

Mutable

Deprecated, use configuration.CREATE_USERS. Whether or not users are allowed to be created.

configuration.DISABLE_USERS

Boolean

Optional

Mutable

Whether or not users are allowed to be disabled.

configuration.disableNewUsers (deprecated)

Boolean

Optional

Mutable

Deprecated, use configuration.DISABLE_USERS. Whether or not users are allowed to be disabled.

configuration.GROUP_NAME_SOURCE

String

Optional

Mutable

The source to use for the group name. Options are either Common Name or Distinguished Name.

configuration.REMOVE_ACTION

String

Optional

Mutable

The action to take when deprovisioning (removing) a user. Options are either Disable or Delete.

configuration.SCIM_URL

String

Required

Mutable

The SCIM URL.

configuration.UPDATE_USERS

Boolean

Optional

Mutable

Whether or not users are allowed to be updated.

configuration.updateNewUsers (deprecated)

Boolean

Optional

Mutable

Deprecated, useconfiguration.UPDATE_USERS. Whether or not users are allowed to be updated.

Propagation store Azure Active Directory SAML V2.0 configuration data model

Property Type Required? Mutable? Description

Property	Type	Required?	Mutable?	Description
`configuration.ClientId`	String	Required	Mutable	The Azure Active Directory client ID.
`configuration.ClientSecret`	String	Required	Mutable	The Azure Active Directory client secret.
`configuration.CREATE_NEW_USERS` (deprecated)	Boolean	Optional	Mutable	Deprecated, use `configuration.CREATE_USERS`. Whether or not users are allowed to be created.
`configuration.CREATE_USERS`	Boolean	Optional	Mutable	Whether or not users are allowed to be created.
`configuration.DEPROVISION_USER_ACTION_PROV_OPT` (deprecated)	Boolean	Optional	Mutable	Deprecated, use `configuration.REMOVE_ACTION`. The action to take when deprovisioning (removing) a user. Can be `Disable` or `Delete`.
`configuration.DEPROVISION_USERS`	Boolean	Optional	Mutable	Whether or not users are allowed to be deprovisioned (removed) following action specified in `configuration.REMOVE_ACTION`.
`configuration.DISABLE_USERS`	Boolean	Optional	Mutable	Whether or not users are allowed to be disabled.
`configuration.PROVISION_DISABLED_USERS_PROV_OPT`	Boolean	Optional	Mutable	Whether or not disabled users can be provisioned. Defaults to `true` and, if used, must be set to `true`.
`configuration.REMOVE_ACTION`	String	Optional	Mutable	The action to take when deprovisioning (removing) a user. Can be `Disable` or `Delete`.
`configuration.REMOVE_USERS_PROV_OPT` (deprecated)	Boolean	Optional	Mutable	Deprecated, use `configuration.DISABLE_USERS`. Whether or not users are allowed to be disabled.
`configuration.RemoveLicensesWhenSkuIdEmpty`	Boolean	Required	Mutable	Whether or not remove licenses from user when skuId is empty.
`configuration.TenantDomain`	String	Required	Mutable	The account’s Azure Active Directory domain.
`configuration.UPDATE_NEW_USERS` (deprecated)	Boolean	Optional	Mutable	Deprecated, use`configuration.UPDATE_USERS`. Whether or not users are allowed to be updated.
`configuration.UPDATE_USERS`	Boolean	Optional	Mutable	Whether or not users are allowed to be updated.

configuration.ClientId

String

Required

Mutable

The Azure Active Directory client ID.

configuration.ClientSecret

String

Required

Mutable

The Azure Active Directory client secret.

configuration.CREATE_NEW_USERS (deprecated)

Boolean

Optional

Mutable

Deprecated, use configuration.CREATE_USERS. Whether or not users are allowed to be created.

configuration.CREATE_USERS

Boolean

Optional

Mutable

Whether or not users are allowed to be created.

configuration.DEPROVISION_USER_ACTION_PROV_OPT (deprecated)

Boolean

Optional

Mutable

Deprecated, use configuration.REMOVE_ACTION. The action to take when deprovisioning (removing) a user. Can be Disable or Delete.

configuration.DEPROVISION_USERS

Boolean

Optional

Mutable

Whether or not users are allowed to be deprovisioned (removed) following action specified in configuration.REMOVE_ACTION.

configuration.DISABLE_USERS

Boolean

Optional

Mutable

Whether or not users are allowed to be disabled.

configuration.PROVISION_DISABLED_USERS_PROV_OPT

Boolean

Optional

Mutable

Whether or not disabled users can be provisioned. Defaults to true and, if used, must be set to true.

configuration.REMOVE_ACTION

String

Optional

Mutable

The action to take when deprovisioning (removing) a user. Can be Disable or Delete.

configuration.REMOVE_USERS_PROV_OPT (deprecated)

Boolean

Optional

Mutable

Deprecated, use configuration.DISABLE_USERS. Whether or not users are allowed to be disabled.

configuration.RemoveLicensesWhenSkuIdEmpty

Boolean

Required

Mutable

Whether or not remove licenses from user when skuId is empty.

configuration.TenantDomain

String

Required

Mutable

The account’s Azure Active Directory domain.

configuration.UPDATE_NEW_USERS (deprecated)

Boolean

Optional

Mutable

Deprecated, useconfiguration.UPDATE_USERS. Whether or not users are allowed to be updated.

configuration.UPDATE_USERS

Boolean

Optional

Mutable

Whether or not users are allowed to be updated.

Note: Two properties appear in the response to Identity Propagation Store Metadata (AzureActiveDirectorySAML2) that are not listed in this data model. The required property,DefaultPassword, and the optional property, DoBase64Conversion (if required for ImmutableId), must be implemented as a rule mapping using Create Rule Mapping.

Propagation store directory configuration data model

An identity propagation store of type directory has no configuration data model.

Propagation store GitHubEMU configuration data model

Property Type Required? Mutable? Description

Property	Type	Required?	Mutable?	Description
`configuration.BASE_URL`	String	Required	Mutable	Base URL of the target propagation store.
`configuration.CREATE_USERS_PROV_OPT` (deprecated)	Boolean	Optional	Mutable	Deprecated, use `configuration.CREATE_USERS`. Whether or not users are allowed to be created.
`configuration.CREATE_USERS`	Boolean	Optional	Mutable	Whether or not users are allowed to be created.
`configuration.DEPROVISION_USERS`	Boolean	Optional	Mutable	Whether or not users are allowed to be deprovisioned (removed) following action specified in `configuration.REMOVE_ACTION`.
`configuration.GROUP_MEMBERSHIP_HANDLING`	String	Optional	Mutable	Defines how memberships in a group is handled when there is an existing group with the same name. Can be `Overwrite`, the default, or `Merge`.
`configuration.OAUTH_ACCESS_TOKEN`	String	Required	Mutable	OAuth 2 access token.
`configuration.REMOVE_ACTION`	String	Optional	Mutable	The action to take when deprovisioning (removing) a user. Can be `Disable` or `Delete`.
`configuration.REMOVE_USERS_PROV_OPT` (deprecated)	Boolean	Optional	Mutable	Deprecated, use `configuration.DEPROVISION_USERS`. Whether or not users are allowed to be deprovisioned (removed) following action specified in configuration.REMOVE_ACTION.
`configuration.UPDATE_USERS_PROV_OPT` (deprecated)	Boolean	Optional	Mutable	Deprecated, use `configuration.UPDATE_USERS`. Whether or not users are allowed to be updated.
`configuration.UPDATE_USERS`	Boolean	Optional	Mutable	Whether or not users are allowed to be updated.

configuration.BASE_URL

String

Required

Mutable

Base URL of the target propagation store.

configuration.CREATE_USERS_PROV_OPT (deprecated)

Boolean

Optional

Mutable

Deprecated, use configuration.CREATE_USERS. Whether or not users are allowed to be created.

configuration.CREATE_USERS

Boolean

Optional

Mutable

Whether or not users are allowed to be created.

configuration.DEPROVISION_USERS

Boolean

Optional

Mutable

Whether or not users are allowed to be deprovisioned (removed) following action specified in configuration.REMOVE_ACTION.

configuration.GROUP_MEMBERSHIP_HANDLING

String

Optional

Mutable

Defines how memberships in a group is handled when there is an existing group with the same name. Can be Overwrite, the default, or Merge.

configuration.OAUTH_ACCESS_TOKEN

String

Required

Mutable

OAuth 2 access token.

configuration.REMOVE_ACTION

String

Optional

Mutable

The action to take when deprovisioning (removing) a user. Can be Disable or Delete.

configuration.REMOVE_USERS_PROV_OPT (deprecated)

Boolean

Optional

Mutable

Deprecated, use configuration.DEPROVISION_USERS. Whether or not users are allowed to be deprovisioned (removed) following action specified in configuration.REMOVE_ACTION.

configuration.UPDATE_USERS_PROV_OPT (deprecated)

Boolean

Optional

Mutable

Deprecated, use configuration.UPDATE_USERS. Whether or not users are allowed to be updated.

configuration.UPDATE_USERS

Boolean

Optional

Mutable

Whether or not users are allowed to be updated.

Propagation store GoogleApps configuration data model

Property Type Required? Mutable? Description

Property	Type	Required?	Mutable?	Description
`configuration.APPLICATION_NAME`	String	Required	Mutable	Name of the application using the store.
`configuration.CREATE_USERS_PROV_OPT` (deprecated)	Boolean	Optional	Mutable	Deprecated, use `configuration.CREATE_USERS`. Whether or not users are allowed to be created.
`configuration.CREATE_USERS`	Boolean	Optional	Mutable	Whether or not users are allowed to be created.
`configuration.DEPROVISION_USERS`	Boolean	Optional	Mutable	Whether or not users are allowed to be deprovisioned (removed) following action specified in `configuration.REMOVE_ACTION`.
`configuration.DISABLE_USERS`	Boolean	Optional	Mutable	Whether or not users are allowed to be disabled.
`configuration.DOMAIN`	String	Required	Mutable	The account’s domain name.
`configuration.OAUTH_ACCESS_TOKEN`	String	Required	Mutable	OAuth 2 access token.
`configuration.OAUTH_CLIENT_ID`	String	Required	Mutable	GoogleApps identifier of the client associated with the propagation store.
`configuration.OAUTH_CLIENT_SECRET`	String	Required	Mutable	GoogleApps secret of the client associated with the propagation store.
`configuration.OAUTH_REFRESH_TOKEN`	String	Required	Mutable	OAuth 2 refresh token.
`configuration.PROVISION_DISABLED_USERS_PROV_OPT`	Boolean	Optional	Mutable	Whether or not disabled users can be provisioned. Defaults to `true` and, if used, must be set to `true`.
`configuration.REMOVE_ACTION`	String	Optional	Mutable	The action to take when deprovisioning (removing) a user. Can be `Disable` or `Delete`.
`configuration.REMOVE_USERS_PROV_OPT` (deprecated)	Boolean	Optional	Mutable	Deprecated, use `configuration.DEPROVISION_USERS`. Whether or not users are allowed to be deprovisioned (removed) following action specified in configuration.REMOVE_ACTION.
`configuration.UPDATE_USERS_PROV_OPT` (deprecated)	Boolean	Optional	Mutable	Deprecated, use `configuration.UPDATE_USERS`. Whether or not users are allowed to be updated.
`configuration.UPDATE_USERS`	Boolean	Optional	Mutable	Whether or not users are allowed to be updated.

configuration.APPLICATION_NAME

String

Required

Mutable

Name of the application using the store.

configuration.CREATE_USERS_PROV_OPT (deprecated)

Boolean

Optional

Mutable

Deprecated, use configuration.CREATE_USERS. Whether or not users are allowed to be created.

configuration.CREATE_USERS

Boolean

Optional

Mutable

Whether or not users are allowed to be created.

configuration.DEPROVISION_USERS

Boolean

Optional

Mutable

Whether or not users are allowed to be deprovisioned (removed) following action specified in configuration.REMOVE_ACTION.

configuration.DISABLE_USERS

Boolean

Optional

Mutable

Whether or not users are allowed to be disabled.

configuration.DOMAIN

String

Required

Mutable

The account’s domain name.

configuration.OAUTH_ACCESS_TOKEN

String

Required

Mutable

OAuth 2 access token.

configuration.OAUTH_CLIENT_ID

String

Required

Mutable

GoogleApps identifier of the client associated with the propagation store.

configuration.OAUTH_CLIENT_SECRET

String

Required

Mutable

GoogleApps secret of the client associated with the propagation store.

configuration.OAUTH_REFRESH_TOKEN

String

Required

Mutable

OAuth 2 refresh token.

configuration.PROVISION_DISABLED_USERS_PROV_OPT

Boolean

Optional

Mutable

Whether or not disabled users can be provisioned. Defaults to true and, if used, must be set to true.

configuration.REMOVE_ACTION

String

Optional

Mutable

The action to take when deprovisioning (removing) a user. Can be Disable or Delete.

configuration.REMOVE_USERS_PROV_OPT (deprecated)

Boolean

Optional

Mutable

Deprecated, use configuration.DEPROVISION_USERS. Whether or not users are allowed to be deprovisioned (removed) following action specified in configuration.REMOVE_ACTION.

configuration.UPDATE_USERS_PROV_OPT (deprecated)

Boolean

Optional

Mutable

Deprecated, use configuration.UPDATE_USERS. Whether or not users are allowed to be updated.

configuration.UPDATE_USERS

Boolean

Optional

Mutable

Whether or not users are allowed to be updated.

Propagation store LDAP Gateway configuration data model

Property Type Required? Mutable? Description

Property	Type	Required?	Mutable?	Description
`configuration.ATTRIBUTE_METADATA`	String	Optional	Mutable	User-defined attribute metadata.
`configuration.CLIENT_ID`	String	Required	Mutable	Identifier of the client for authentication.
`configuration.CLIENT_SECRET`	String	Required	Mutable	Secret of the client for authentication.
`configuration.CREATE_USERS`	Boolean	Optional	Mutable	Whether or not users are allowed to be created.
`configuration.DELETE_USERS`	Boolean	Optional	Mutable	Whether or not users are allowed to be deleted.
`configuration.ENVIRONMENT_ID`	String	Required	Immutable	Identifier, a UUID, of the environment the connector services.
`configuration.GATEWAY_BASE_URL`	String	Required	Mutable	Base URL of the gateway.
`configuration.GATEWAY_ID`	String	Required	Mutable	Identifier of the gateway to which the connector connects.
`configuration.LDAP_TYPE`	String	Required	Immutable	Type of LDAP gateway; can be `PingDirectory` or `Microsoft Active Directory`.
`configuration.OAUTH_URL`	String	Required	Mutable	URL to which OAUTH requests are sent.
`configuration.UPDATE_USERS`	Boolean	Optional	Mutable	Whether or not users are allowed to be updated.

configuration.ATTRIBUTE_METADATA

String

Optional

Mutable

User-defined attribute metadata.

configuration.CLIENT_ID

String

Required

Mutable

Identifier of the client for authentication.

configuration.CLIENT_SECRET

String

Required

Mutable

Secret of the client for authentication.

configuration.CREATE_USERS

Boolean

Optional

Mutable

Whether or not users are allowed to be created.

configuration.DELETE_USERS

Boolean

Optional

Mutable

Whether or not users are allowed to be deleted.

configuration.ENVIRONMENT_ID

String

Required

Immutable

Identifier, a UUID, of the environment the connector services.

configuration.GATEWAY_BASE_URL

String

Required

Mutable

Base URL of the gateway.

configuration.GATEWAY_ID

String

Required

Mutable

Identifier of the gateway to which the connector connects.

configuration.LDAP_TYPE

String

Required

Immutable

Type of LDAP gateway; can be PingDirectory or Microsoft Active Directory.

configuration.OAUTH_URL

String

Required

Mutable

URL to which OAUTH requests are sent.

configuration.UPDATE_USERS

Boolean

Optional

Mutable

Whether or not users are allowed to be updated.

Propagation store PingOne configuration data model

Property Type Required? Mutable? Description

Property	Type	Required?	Mutable?	Description
`configuration.CLIENT_ID`	String	Optional	Mutable	Unique identifier (UUID) of the PingOne client associated with the propagation store.
`configuration.CLIENT_SECRET`	String	Optional	Mutable	The PingOne client secret.
`configuration.CREATE_USERS_PROV_OPT` (deprecated)	Boolean	Optional	Mutable	Deprecated, use `configuration.CREATE_USERS`. Whether or not users are allowed to be created.
`configuration.CREATE_USERS`	Boolean	Optional	Mutable	Whether or not users are allowed to be created.
`configuration.DEFAULT_AUTH_METHOD`	String	Optional	Mutable	The default authentication method. Options are `Email 1`, `SMS 1`, or `Voice 1`.
`configuration.DISABLE_USERS`	Boolean	Optional	Mutable	Whether or not users are allowed to be disabled.
`configuration.ENVIRONMENT_ID`	Sring	Required	Mutable	Unique identifier (UUID) of the PingOne environment associated with the propagation store.
`configuration.MFA_USER_DEVICE_MANAGEMENT`	String	Optional	Mutable	How to manage MFA user devices when synchronizing. Options are either `Merge with devices in PingOne` or `Overwrite devices in PingOne`.
`configuration.PROVISION_DISABLED_USERS_PROV_OPT`	Boolean	Optional	Mutable	Whether or not disabled users can be provisioned.
`configuration.REGION`	String	Required	Mutable	A supported region. Options are "NA", "CA", "EU", or "AP".
`configuration.REMOVE_ACTION`	String	Optional	Mutable	The action to take when deprovisioning (removing) a user. Options are either `Disable` or `Delete`.
`configuration.REMOVE_USERS_PROV_OPT` (deprecated)	Boolean	Optional	Mutable	Deprecated, use `configuration.DISABLE_USERS`. Whether or not users are allowed to be disabled.
`configuration.UPDATE_USERS_PROV_OPT` (deprecated)	Boolean	Optional	Mutable	Deprecated, use `configuration.UPDATE_USERS`. Whether or not users are allowed to be updated.
`configuration.UPDATE_USERS`	Boolean	Optional	Mutable	Whether or not users are allowed to be updated.

configuration.CLIENT_ID

String

Optional

Mutable

Unique identifier (UUID) of the PingOne client associated with the propagation store.

configuration.CLIENT_SECRET

String

Optional

Mutable

The PingOne client secret.

configuration.CREATE_USERS_PROV_OPT (deprecated)

Boolean

Optional

Mutable

Deprecated, use configuration.CREATE_USERS. Whether or not users are allowed to be created.

configuration.CREATE_USERS

Boolean

Optional

Mutable

Whether or not users are allowed to be created.

configuration.DEFAULT_AUTH_METHOD

String

Optional

Mutable

The default authentication method. Options are Email 1, SMS 1, or Voice 1.

configuration.DISABLE_USERS

Boolean

Optional

Mutable

Whether or not users are allowed to be disabled.

configuration.ENVIRONMENT_ID

Sring

Required

Mutable

Unique identifier (UUID) of the PingOne environment associated with the propagation store.

configuration.MFA_USER_DEVICE_MANAGEMENT

String

Optional

Mutable

How to manage MFA user devices when synchronizing. Options are either Merge with devices in PingOne or Overwrite devices in PingOne.

configuration.PROVISION_DISABLED_USERS_PROV_OPT

Boolean

Optional

Mutable

Whether or not disabled users can be provisioned.

configuration.REGION

String

Required

Mutable

A supported region. Options are "NA", "CA", "EU", or "AP".

configuration.REMOVE_ACTION

String

Optional

Mutable

The action to take when deprovisioning (removing) a user. Options are either Disable or Delete.

configuration.REMOVE_USERS_PROV_OPT (deprecated)

Boolean

Optional

Mutable

Deprecated, use configuration.DISABLE_USERS. Whether or not users are allowed to be disabled.

configuration.UPDATE_USERS_PROV_OPT (deprecated)

Boolean

Optional

Mutable

Deprecated, use configuration.UPDATE_USERS. Whether or not users are allowed to be updated.

configuration.UPDATE_USERS

Boolean

Optional

Mutable

Whether or not users are allowed to be updated.

Propagation store Salesforce configuration data model

Property Type Required? Mutable? Description

Property	Type	Required?	Mutable?	Description
`configuration.ACCOUNT_ID`	String	Optional	Mutable	The Salesforce account ID.
`configuration.CLIENT_ID`	String	Required	Mutable	The Salesforce client ID.
`configuration.CLIENT_SECRET`	String	Required	Mutable	The Salesforce client secret.
`configuration.CREATE_NEW_USERS` (deprecated)	Boolean	Optional	Mutable	Deprecated, use `configuration.CREATE_USERS`. Whether or not users are allowed to be created.
`configuration.CREATE_USERS`	Boolean	Optional	Mutable	Whether or not users are allowed to be created.
`configuration.DISABLE_USERS`	Boolean	Optional	Mutable	Whether or not users are allowed to be disabled.
`configuration.ENABLE_COMMUNITIES`	Boolean	Required	Mutable	Whether or not to enable Salesforce communities.
`configuration.FREEZE_USER_FLAG`	Boolean	Required	Mutable	Whether the user account is frozen.
`configuration.OAUTH_ACCESS_TOKEN`	String	Required	Mutable	OAuth access token for account authentication.
`configuration.OAUTH_REFRESH_TOKEN`	String	Required	Mutable	OAuth refresh token for account authentication.
`configuration.PERMISSION_SET_MANAGEMENT`	String	Required	Mutable	The permission sets to be merged with Salesforce.
`configuration.PROFILE_ID`	String	Optional	Mutable	The Salesforce profile ID.
`configuration.PROVISION_DISABLED_USERS`	Boolean	Optional	Mutable	Whether or not disabled users can be provisioned.
`configuration.SALESFORCE_DOMAIN`	String	Required	Mutable	The account’s salesforce.com domain.
`configuration.UPDATE_NEW_USERS` (deprecated)	Boolean	Optional	Mutable	Deprecated, use `configuration.UPDATE_USERS`. Whether or not users are allowed to be updated.
`configuration.UPDATE_USERS`	Boolean	Optional	Mutable	Whether or not users are allowed to be updated.

configuration.ACCOUNT_ID

String

Optional

Mutable

The Salesforce account ID.

configuration.CLIENT_ID

String

Required

Mutable

The Salesforce client ID.

configuration.CLIENT_SECRET

String

Required

Mutable

The Salesforce client secret.

configuration.CREATE_NEW_USERS (deprecated)

Boolean

Optional

Mutable

Deprecated, use configuration.CREATE_USERS. Whether or not users are allowed to be created.

configuration.CREATE_USERS

Boolean

Optional

Mutable

Whether or not users are allowed to be created.

configuration.DISABLE_USERS

Boolean

Optional

Mutable

Whether or not users are allowed to be disabled.

configuration.ENABLE_COMMUNITIES

Boolean

Required

Mutable

Whether or not to enable Salesforce communities.

configuration.FREEZE_USER_FLAG

Boolean

Required

Mutable

Whether the user account is frozen.

configuration.OAUTH_ACCESS_TOKEN

String

Required

Mutable

OAuth access token for account authentication.

configuration.OAUTH_REFRESH_TOKEN

String

Required

Mutable

OAuth refresh token for account authentication.

configuration.PERMISSION_SET_MANAGEMENT

String

Required

Mutable

The permission sets to be merged with Salesforce.

configuration.PROFILE_ID

String

Optional

Mutable

The Salesforce profile ID.

configuration.PROVISION_DISABLED_USERS

Boolean

Optional

Mutable

Whether or not disabled users can be provisioned.

configuration.SALESFORCE_DOMAIN

String

Required

Mutable

The account’s salesforce.com domain.

configuration.UPDATE_NEW_USERS (deprecated)

Boolean

Optional

Mutable

Deprecated, use configuration.UPDATE_USERS. Whether or not users are allowed to be updated.

configuration.UPDATE_USERS

Boolean

Optional

Mutable

Whether or not users are allowed to be updated.

Propagation store SalesforceContacts configuration data model

Property Type Required? Mutable? Description

Property	Type	Required?	Mutable?	Description
`configuration.ACCOUNT_ID`	String	Optional	Mutable	The Salesforce account ID.
`configuration.CLIENT_ID`	String	Required	Mutable	Unique identifier (UUID) of the Salesforce client associated with the propagation store.
`configuration.CLIENT_SECRET`	String	Required	Mutable	The Salesforce client secret.
`configuration.CREATE_NEW_USERS` (deprecated)	Boolean	Optional	Mutable	Deprecated, use `configuration.CREATE_USERS`. Whether or not users are allowed to be created.
`configuration.CREATE_USERS`	Boolean	Optional	Mutable	Whether or not users are allowed to be created.
`configuration.DISABLE_USERS`	Boolean	Optional	Mutable	Whether or not users are allowed to be disabled.
`configuration.ENABLE_COMMUNITIES`	Boolean	Optional	Mutable	Whether or not to enable Salesforce communities.
`configuration.FREEZE_USER_FLAG`	Boolean	Optional	Mutable	Whether the user account is frozen.
`configuration.OAUTH_ACCESS_TOKEN`	String	Required	Mutable	OAuth access token for account authentication.
`configuration.OAUTH_REFRESH_TOKEN`	String	Required	Mutable	OAuth refresh token for account authentication.
`configuration.PERMISSION_SET_MANAGEMENT`	String	Optional	Mutable	The permission sets to be merged with Salesforce.
`configuration.PROFILE_ID`	String	Optional	Mutable	The Salesforce profile ID.
`configuration.PROVISION_DISABLED_USERS`	Boolean	Optional	Mutable	Whether or not disabled users can be provisioned.
`configuration.RECORD_TYPE`	String	Required	Mutable	The type of Salesforce record. Options are either `Lead` or `Contact`.
`configuration.SALESFORCE_DOMAIN`	String	Required	Mutable	The account’s salesforce.com domain.
`configuration.UPDATE_NEW_USERS` (deprecated)	Boolean	Optional	Mutable	Deprecated, use`configuration.UPDATE_USERS`. Whether or not users are allowed to be updated.
`configuration.UPDATE_USERS`	Boolean	Optional	Mutable	Whether or not users are allowed to be updated.

configuration.ACCOUNT_ID

String

Optional

Mutable

The Salesforce account ID.

configuration.CLIENT_ID

String

Required

Mutable

Unique identifier (UUID) of the Salesforce client associated with the propagation store.

configuration.CLIENT_SECRET

String

Required

Mutable

The Salesforce client secret.

configuration.CREATE_NEW_USERS (deprecated)

Boolean

Optional

Mutable

Deprecated, use configuration.CREATE_USERS. Whether or not users are allowed to be created.

configuration.CREATE_USERS

Boolean

Optional

Mutable

Whether or not users are allowed to be created.

configuration.DISABLE_USERS

Boolean

Optional

Mutable

Whether or not users are allowed to be disabled.

configuration.ENABLE_COMMUNITIES

Boolean

Optional

Mutable

Whether or not to enable Salesforce communities.

configuration.FREEZE_USER_FLAG

Boolean

Optional

Mutable

Whether the user account is frozen.

configuration.OAUTH_ACCESS_TOKEN

String

Required

Mutable

OAuth access token for account authentication.

configuration.OAUTH_REFRESH_TOKEN

String

Required

Mutable

OAuth refresh token for account authentication.

configuration.PERMISSION_SET_MANAGEMENT

String

Optional

Mutable

The permission sets to be merged with Salesforce.

configuration.PROFILE_ID

String

Optional

Mutable

The Salesforce profile ID.

configuration.PROVISION_DISABLED_USERS

Boolean

Optional

Mutable

Whether or not disabled users can be provisioned.

configuration.RECORD_TYPE

String

Required

Mutable

The type of Salesforce record. Options are either Lead or Contact.

configuration.SALESFORCE_DOMAIN

String

Required

Mutable

The account’s salesforce.com domain.

configuration.UPDATE_NEW_USERS (deprecated)

Boolean

Optional

Mutable

Deprecated, useconfiguration.UPDATE_USERS. Whether or not users are allowed to be updated.

configuration.UPDATE_USERS

Boolean

Optional

Mutable

Whether or not users are allowed to be updated.

Propagation store SCIM configuration data model

Property Type Required? Mutable? Description

Property	Type	Required?	Mutable?	Description
`configuration.AUTHENTICATION_METHOD`	String	Required	Mutable	The account authentication method. Can be `OAuth 2 Client Credentials`, `OAuth 2 Bearer Token`, or `Basic Authentication`.
`configuration.AUTHORIZATION_TYPE`	String	Required	Mutable	The authorization header type.
`configuration.BASIC_AUTH_PASSWORD`	String	Required/Optional	Mutable	The password for account authentication. Required when `configuration.AUTHENTICATION_METHOD` is `Basic Authentication`, otherwise optional.
`configuration.BASIC_AUTH_USER`	String	Required/Optional	Mutable	The user name for account authentication. Required when `configuration.AUTHENTICATION_METHOD` is `Basic Authentication`, otherwise optional.
`configuration.CREATE_USERS`	Boolean	Optional	Mutable	Whether or not users are allowed to be created.
`configuration.createNewUsers` (deprecated)	Boolean	Optional	Mutable	Deprecated, use `configuration.CREATE_USERS`. Whether or not users are allowed to be created.
`configuration.DISABLE_USERS`	Boolean	Optional	Mutable	Whether or not users are allowed to be disabled.
`configuration.disableNewUsers` (deprecated)	Boolean	Optional	Mutable	Deprecated, use `configuration.DISABLE_USERS`. Whether or not users are allowed to be disabled.
`configuration.GROUP_MEMBERSHIP_HANDLING`	String	Optional	Mutable	Defines how memberships in a group is handled when there is an existing group with the same name. Can be `Overwrite`, the default, or `Merge`.
`configuration.GROUP_NAME_SOURCE`	String	Optional	Mutable	The source to use for the group name. Options are either `Common Name` or `Distinguished Name`.
`configuration.GROUPS_RESOURCE`	String	Optional	Mutable	API endpoint path to the `group` entity.
`configuration.OAUTH_ACCESS_TOKEN`	String	Required/Optional	Mutable	OAuth access token for account authentication. Required when `configuration.AUTHENTICATION_METHOD` is `OAuth 2 Bearer Token`, otherwise optional.
`configuration.OAUTH_CLIENT_ID`	String	Required/Optional	Mutable	OAuth client ID. Required when `configuration.AUTHENTICATION_METHOD` is `OAuth 2 Client Credentials`, otherwise optional.
`configuration.OAUTH_CLIENT_SECRET`	String	Required/Optional	Mutable	OAuth client secret. Required when `configuration.AUTHENTICATION_METHOD` is `OAuth 2 Client Credentials`, otherwise optional.
`configuration.OAUTH_TOKEN_REQUEST`	String	Required/Optional	Mutable	OAuth token request endpoint. Required when `configuration.AUTHENTICATION_METHOD` is `OAuth 2 Bearer Token`, otherwise optional.
`configuration.REMOVE_ACTION`	String	Optional	Mutable	The action to take when deprovisioning (removing) a user. Options are either `Disable` or `Delete`.
`configuration.SCHEMA_EXTENSION_URNS`	String	Optional	Mutable	A comma-delimited list of schema URNS in which to look for custom attributes.
`configuration.SCIM_URL`	String	Required	Mutable	The SCIM URL.
`configuration.SCIM_VERSION`	String	Required	Mutable	The SCIM version.
`configuration.UNIQUE_USER_IDENTIFIER`	String	Required	Mutable	Specifies the unique user identifier to use. Options are either `userName` or `workEmail`.
`configuration.UPDATE_USERS`	Boolean	Optional	Mutable	Whether or not users are allowed to be updated.
`configuration.updateNewUsers` (deprecated)	Boolean	Optional	Mutable	Deprecated, use `configuration.UPDATE_USERS`. Whether or not users are allowed to be updated.
`configuration.USER_FILTER`	String	Required	Mutable	A string that specifies a SCIM filter expression.
`configuration.USERS_RESOURCE`	String	Required	Mutable	API endpoint path to the `user` entity.

configuration.AUTHENTICATION_METHOD

String

Required

Mutable

The account authentication method. Can be OAuth 2 Client Credentials, OAuth 2 Bearer Token, or Basic Authentication.

configuration.AUTHORIZATION_TYPE

String

Required

Mutable

The authorization header type.

configuration.BASIC_AUTH_PASSWORD

String

Required/Optional

Mutable

The password for account authentication. Required when configuration.AUTHENTICATION_METHOD is Basic Authentication, otherwise optional.

configuration.BASIC_AUTH_USER

String

Required/Optional

Mutable

The user name for account authentication. Required when configuration.AUTHENTICATION_METHOD is Basic Authentication, otherwise optional.

configuration.CREATE_USERS

Boolean

Optional

Mutable

Whether or not users are allowed to be created.

configuration.createNewUsers (deprecated)

Boolean

Optional

Mutable

Deprecated, use configuration.CREATE_USERS. Whether or not users are allowed to be created.

configuration.DISABLE_USERS

Boolean

Optional

Mutable

Whether or not users are allowed to be disabled.

configuration.disableNewUsers (deprecated)

Boolean

Optional

Mutable

Deprecated, use configuration.DISABLE_USERS. Whether or not users are allowed to be disabled.

configuration.GROUP_MEMBERSHIP_HANDLING

String

Optional

Mutable

Defines how memberships in a group is handled when there is an existing group with the same name. Can be Overwrite, the default, or Merge.

configuration.GROUP_NAME_SOURCE

String

Optional

Mutable

The source to use for the group name. Options are either Common Name or Distinguished Name.

configuration.GROUPS_RESOURCE

String

Optional

Mutable

API endpoint path to the group entity.

configuration.OAUTH_ACCESS_TOKEN

String

Required/Optional

Mutable

OAuth access token for account authentication. Required when configuration.AUTHENTICATION_METHOD is OAuth 2 Bearer Token, otherwise optional.

configuration.OAUTH_CLIENT_ID

String

Required/Optional

Mutable

OAuth client ID. Required when configuration.AUTHENTICATION_METHOD is OAuth 2 Client Credentials, otherwise optional.

configuration.OAUTH_CLIENT_SECRET

String

Required/Optional

Mutable

OAuth client secret. Required when configuration.AUTHENTICATION_METHOD is OAuth 2 Client Credentials, otherwise optional.

configuration.OAUTH_TOKEN_REQUEST

String

Required/Optional

Mutable

OAuth token request endpoint. Required when configuration.AUTHENTICATION_METHOD is OAuth 2 Bearer Token, otherwise optional.

configuration.REMOVE_ACTION

String

Optional

Mutable

The action to take when deprovisioning (removing) a user. Options are either Disable or Delete.

configuration.SCHEMA_EXTENSION_URNS

String

Optional

Mutable

A comma-delimited list of schema URNS in which to look for custom attributes.

configuration.SCIM_URL

String

Required

Mutable

The SCIM URL.

configuration.SCIM_VERSION

String

Required

Mutable

The SCIM version.

configuration.UNIQUE_USER_IDENTIFIER

String

Required

Mutable

Specifies the unique user identifier to use. Options are either userName or workEmail.

configuration.UPDATE_USERS

Boolean

Optional

Mutable

Whether or not users are allowed to be updated.

configuration.updateNewUsers (deprecated)

Boolean

Optional

Mutable

Deprecated, use configuration.UPDATE_USERS. Whether or not users are allowed to be updated.

configuration.USER_FILTER

String

Required

Mutable

A string that specifies a SCIM filter expression.

configuration.USERS_RESOURCE

String

Required

Mutable

API endpoint path to the user entity.

Propagation store ServiceNow configuration data model

Property Type Required? Mutable? Description

Property	Type	Required?	Mutable?	Description
`configuration.Administrator_Password`	String	Required	Mutable	Password for the administrator.
`configuration.Administrator_Username`	String	Required	Mutable	Username for the administrator.
`configuration.CREATE_USERS`	Boolean	Optional	Mutable	Whether or not users are allowed to be created.
`configuration.createNewUsers` (deprecated)	Boolean	Optional	Mutable	Deprecated, use `configuration.CREATE_USERS`. Whether or not users are allowed to be created.
`configuration.DEPROVISION_USERS`	Boolean	Optional	Mutable	Whether or not users are allowed to be deprovisioned (removed) following action specified in `configuration.REMOVE_ACTION`.
`configuration.DISABLE_USERS`	Boolean	Optional	Mutable	Whether or not new users are allowed to be disabled.
`configuration.disableNewUsers` (deprecated)	Boolean	Optional	Mutable	Deprecated, use `configuration.DISABLE_USERS`. Whether or not users are allowed to be disabled.
`configuration.REMOVE_ACTION`	String	Optional	Mutable	The action to take when deprovisioning (removing) a user. Must be set to `Disable`.
`configuration.ServiceNow_Instance_Name` (deprecated)	String	Optional	Mutable	Deprecated, use `configuration.ServiceNow_Url`. Instance name for the ServiceNow account.
`configuration.ServiceNow_Url`	String	Required	Mutable	The URL for the ServiceNow account.
`configuration.UPDATE_USERS`	Boolean	Optional	Mutable	Whether or not users are allowed to be updated.
`configuration.updateNewUsers` (deprecated)	Boolean	Optional	Mutable	Deprecated, use `configuration.UPDATE_USERS`. Whether or not users are allowed to be updated.

configuration.Administrator_Password

String

Required

Mutable

Password for the administrator.

configuration.Administrator_Username

String

Required

Mutable

Username for the administrator.

configuration.CREATE_USERS

Boolean

Optional

Mutable

Whether or not users are allowed to be created.

configuration.createNewUsers (deprecated)

Boolean

Optional

Mutable

Deprecated, use configuration.CREATE_USERS. Whether or not users are allowed to be created.

configuration.DEPROVISION_USERS

Boolean

Optional

Mutable

Whether or not users are allowed to be deprovisioned (removed) following action specified in configuration.REMOVE_ACTION.

configuration.DISABLE_USERS

Boolean

Optional

Mutable

Whether or not new users are allowed to be disabled.

configuration.disableNewUsers (deprecated)

Boolean

Optional

Mutable

Deprecated, use configuration.DISABLE_USERS. Whether or not users are allowed to be disabled.

configuration.REMOVE_ACTION

String

Optional

Mutable

The action to take when deprovisioning (removing) a user. Must be set to Disable.

configuration.ServiceNow_Instance_Name (deprecated)

String

Optional

Mutable

Deprecated, use configuration.ServiceNow_Url. Instance name for the ServiceNow account.

configuration.ServiceNow_Url

String

Required

Mutable

The URL for the ServiceNow account.

configuration.UPDATE_USERS

Boolean

Optional

Mutable

Whether or not users are allowed to be updated.

configuration.updateNewUsers (deprecated)

Boolean

Optional

Mutable

Deprecated, use configuration.UPDATE_USERS. Whether or not users are allowed to be updated.

Propagation store Slack configuration data model

Property Type Required? Mutable? Description

Property	Type	Required?	Mutable?	Description
`configuration.CREATE_USERS_PROV_OPT` (deprecated)	Boolean	Optional	Mutable	Deprecated, use `configuration.CREATE_USERS`. Whether or not users are allowed to be created.
`configuration.CREATE_USERS`	Boolean	Optional	Mutable	Whether or not users are allowed to be created.
`configuration.DEPROVISION_USERS`	Boolean	Optional	Mutable	Whether or not users are allowed to be deprovisioned (removed) following action specified in `configuration.REMOVE_ACTION`.
`configuration.DISABLE_USERS`	Boolean	Optional	Mutable	Whether or not users are allowed to be disabled. Must be set to `true`.
`configuration.GROUP_MEMBERSHIP_HANDLING`	String	Optional	Mutable	Defines how memberships in a group is handled when there is an existing group with the same name. Can be `Overwrite`, the default, or `Merge`.
`configuration.OAUTH_ACCESS_TOKEN`	String	Required	Mutable	OAuth 2 access token.
`configuration.REMOVE_ACTION`	String	Optional	Mutable	The action to take when deprovisioning (removing) a user. Must be set to `Disable`.
`configuration.REMOVE_USERS_PROV_OPT` (deprecated)	Boolean	Optional	Mutable	Deprecated, use `configuration.DEPROVISION_USERS`. Whether or not users are allowed to be disabled.
`configuration.UNIQUE_USER_IDENTIFIER`	String	Required	Mutable	The unique user identifier, must be either `primaryEmail` or `userName`.
`configuration.UPDATE_USERS_PROV_OPT` (deprecated)	Boolean	Optional	Mutable	Deprecated, use `configuration.UPDATE_USERS`. Whether or not users are allowed to be updated.
`configuration.UPDATE_USERS`	Boolean	Optional	Mutable	Whether or not users are allowed to be updated.

configuration.CREATE_USERS_PROV_OPT (deprecated)

Boolean

Optional

Mutable

Deprecated, use configuration.CREATE_USERS. Whether or not users are allowed to be created.

configuration.CREATE_USERS

Boolean

Optional

Mutable

Whether or not users are allowed to be created.

configuration.DEPROVISION_USERS

Boolean

Optional

Mutable

Whether or not users are allowed to be deprovisioned (removed) following action specified in configuration.REMOVE_ACTION.

configuration.DISABLE_USERS

Boolean

Optional

Mutable

Whether or not users are allowed to be disabled. Must be set to true.

configuration.GROUP_MEMBERSHIP_HANDLING

String

Optional

Mutable

Defines how memberships in a group is handled when there is an existing group with the same name. Can be Overwrite, the default, or Merge.

configuration.OAUTH_ACCESS_TOKEN

String

Required

Mutable

OAuth 2 access token.

configuration.REMOVE_ACTION

String

Optional

Mutable

The action to take when deprovisioning (removing) a user. Must be set to Disable.

configuration.REMOVE_USERS_PROV_OPT (deprecated)

Boolean

Optional

Mutable

Deprecated, use configuration.DEPROVISION_USERS. Whether or not users are allowed to be disabled.

configuration.UNIQUE_USER_IDENTIFIER

String

Required

Mutable

The unique user identifier, must be either primaryEmail or userName.

configuration.UPDATE_USERS_PROV_OPT (deprecated)

Boolean

Optional

Mutable

Deprecated, use configuration.UPDATE_USERS. Whether or not users are allowed to be updated.

configuration.UPDATE_USERS

Boolean

Optional

Mutable

Whether or not users are allowed to be updated.

Propagation store Workday configuration data model

Property Type Required? Mutable? Description

Property	Type	Required?	Mutable?	Description
`configuration.excludeContingentWorkers`	Boolean	Optional	Mutable	Whether or not contingent workers are excluded.
`configuration.excludeEmployees`	Boolean	Optional	Mutable	Whether or not employees are excluded.
`configuration.excludeInactiveWorkers`	Boolean	Optional	Mutable	Whether or not inactive workers are excluded.
`configuration.host`	String	Optional	Mutable	The Workday API host.
`configuration.integrationSystemIds`	String	Optional	Mutable	A comma-delimited list of one or more System IDs of Workday integration systems that contain field overrides (custom attributes that exist on customers' Workday tenant).
`configuration.password`	String	Required	Mutable	The password for account authentication.
`configuration.tenantId`	String	Required	Mutable	The Workday tenant ID.
`configuration.username`	String	Required	Mutable	The user name for account authentication.

configuration.excludeContingentWorkers

Boolean

Optional

Mutable

Whether or not contingent workers are excluded.

configuration.excludeEmployees

Boolean

Optional

Mutable

Whether or not employees are excluded.

configuration.excludeInactiveWorkers

Boolean

Optional

Mutable

Whether or not inactive workers are excluded.

configuration.host

String

Optional

Mutable

The Workday API host.

configuration.integrationSystemIds

String

Optional

Mutable

A comma-delimited list of one or more System IDs of Workday integration systems that contain field overrides (custom attributes that exist on customers' Workday tenant).

configuration.password

String

Required

Mutable

The password for account authentication.

configuration.tenantId

String

Required

Mutable

The Workday tenant ID.

configuration.username

String

Required

Mutable

The user name for account authentication.

Propagation store Zoom configuration data model

Property Type Required? Mutable? Description

Property	Type	Required?	Mutable?	Description
`configuration.API_KEY` (deprecated)	String	Required/Optional	Mutable	Deprecated, use `configuration.OAUTH_*` properties with `AUTHENTICATION_METHOD` of `OAuth Bearer Token`. The client API key. Required when `AUTHENTICATION_METHOD` is `JWT Bearer Token`, otherwise optional.
`configuration.API_SECRET` (deprecated)	String	Required/Optional	Mutable	Deprecated, use `configuration.OAUTH_*` properties with `AUTHENTICATION_METHOD` of `OAuth Bearer Token`. The client API secret. Required when `AUTHENTICATION_METHOD` is `JWT Bearer Token`, otherwise optional.
`configuration.AUTHENTICATION_METHOD`	String	Optional	Mutable	Account authentication method. Case sensitive. Can be `OAuth Bearer Token` or `JWT Bearer Token` (deprecated). Defaults to `OAuth Bearer Token`.
`configuration.CREATE_USERS_PROV_OPT` (deprecated)	Boolean	Optional	Mutable	Deprecated, use `configuration.CREATE_USERS`. Whether or not users are allowed to be created.
`configuration.CREATE_USERS`	Boolean	Optional	Mutable	Whether or not users are allowed to be created.
`configuration.DEPROVISION_USERS`	Boolean	Optional	Mutable	Whether or not users are allowed to be removed (deprovisioned) following the action configured in `configuration.REMOVE_ACTION`.
`configuration.DISABLE_USERS`	Boolean	Optional	Mutable	Whether or not users are allowed to be disabled.
`configuration.OAUTH_ACCOUNT_ID`	String	Required/Optional	Mutable	OAuth account identifier. Required when `AUTHENTICATION_METHOD` is `OAuth Bearer Token`, otherwise optional.
`configuration.OAUTH_CLIENT_ID`	String	Required/Optional	Mutable	OAuth client identifier. Required when `AUTHENTICATION_METHOD` is `OAuth Bearer Token`, otherwise optional.
`configuration.OAUTH_CLIENT_SECRET`	String	Required/Optional	Mutable	OAuth client secret. Required when `AUTHENTICATION_METHOD` is `OAuth Bearer Token`, otherwise optional.
`configuration.OAUTH_TOKEN_URL`	String	Required/Optional	Mutable	OAuth token request endpoint. Required when `AUTHENTICATION_METHOD` is `OAuth Bearer Token`, otherwise optional.
`configuration.REMOVE_ACTION`	String	Optional	Mutable	The action to take when removing (deprovisioning) a user. Options are either `Disable` or `Delete`.
`configuration.REMOVE_USERS_PROV_OPT` (deprecated)	Boolean	Optional	Mutable	Deprecated, use `configuration.DEPROVISION_USERS` for disabling users and `configuration.DEPROVISION_USERS` for deleting users. Whether or not users are allowed to be disabled and deleted.
`configuration.SCIM_URL`	String	Required	Mutable	The SCIM URL.
`configuration.UPDATE_USERS_PROV_OPT` (deprecated)	Boolean	Optional	Mutable	Deprecated, use `configuration.UPDATE_USERS`. Whether or not users are allowed to be updated.
`configuration.UPDATE_USERS`	Boolean	Optional	Mutable	Whether or not users are allowed to be updated.

configuration.API_KEY (deprecated)

String

Required/Optional

Mutable

Deprecated, use configuration.OAUTH_* properties with AUTHENTICATION_METHOD of OAuth Bearer Token. The client API key. Required when AUTHENTICATION_METHOD is JWT Bearer Token, otherwise optional.

configuration.API_SECRET (deprecated)

String

Required/Optional

Mutable

Deprecated, use configuration.OAUTH_* properties with AUTHENTICATION_METHOD of OAuth Bearer Token. The client API secret. Required when AUTHENTICATION_METHOD is JWT Bearer Token, otherwise optional.

configuration.AUTHENTICATION_METHOD

String

Optional

Mutable

Account authentication method. Case sensitive. Can be OAuth Bearer Token or JWT Bearer Token (deprecated). Defaults to OAuth Bearer Token.

configuration.CREATE_USERS_PROV_OPT (deprecated)

Boolean

Optional

Mutable

Deprecated, use configuration.CREATE_USERS. Whether or not users are allowed to be created.

configuration.CREATE_USERS

Boolean

Optional

Mutable

Whether or not users are allowed to be created.

configuration.DEPROVISION_USERS

Boolean

Optional

Mutable

Whether or not users are allowed to be removed (deprovisioned) following the action configured in configuration.REMOVE_ACTION.

configuration.DISABLE_USERS

Boolean

Optional

Mutable

Whether or not users are allowed to be disabled.

configuration.OAUTH_ACCOUNT_ID

String

Required/Optional

Mutable

OAuth account identifier. Required when AUTHENTICATION_METHOD is OAuth Bearer Token, otherwise optional.

configuration.OAUTH_CLIENT_ID

String

Required/Optional

Mutable

OAuth client identifier. Required when AUTHENTICATION_METHOD is OAuth Bearer Token, otherwise optional.

configuration.OAUTH_CLIENT_SECRET

String

Required/Optional

Mutable

OAuth client secret. Required when AUTHENTICATION_METHOD is OAuth Bearer Token, otherwise optional.

configuration.OAUTH_TOKEN_URL

String

Required/Optional

Mutable

OAuth token request endpoint. Required when AUTHENTICATION_METHOD is OAuth Bearer Token, otherwise optional.

configuration.REMOVE_ACTION

String

Optional

Mutable

The action to take when removing (deprovisioning) a user. Options are either Disable or Delete.

configuration.REMOVE_USERS_PROV_OPT (deprecated)

Boolean

Optional

Mutable

Deprecated, use configuration.DEPROVISION_USERS for disabling users and configuration.DEPROVISION_USERS for deleting users. Whether or not users are allowed to be disabled and deleted.

configuration.SCIM_URL

String

Required

Mutable

The SCIM URL.

configuration.UPDATE_USERS_PROV_OPT (deprecated)

Boolean

Optional

Mutable

Deprecated, use configuration.UPDATE_USERS. Whether or not users are allowed to be updated.

configuration.UPDATE_USERS

Boolean

Optional

Mutable

Whether or not users are allowed to be updated.

Error codes

Code	Message
200	Successful operation.
201	Successfully created.
204	Successfully removed. No content.
400	The request could not be completed.
401	You do not have access to this resource.
404	The requested resource was not found.

PingOne Platform APIs

Propagation Stores

Propagation store data models by store type

Propagation store base data model

Propagation store Aquera configuration data model

Propagation store Azure Active Directory SAML V2.0 configuration data model

Propagation store directory configuration data model

Propagation store GitHubEMU configuration data model

Propagation store GoogleApps configuration data model

Propagation store LDAP Gateway configuration data model

Propagation store PingOne configuration data model

Propagation store Salesforce configuration data model

Propagation store SalesforceContacts configuration data model

Propagation store SCIM configuration data model

Propagation store ServiceNow configuration data model

Propagation store Slack configuration data model

Propagation store Workday configuration data model

Propagation store Zoom configuration data model

Error codes