Unlock your full potential in IAM
This is Identitrain
Master Identity and Access Management with world-class training designed by experts who live it every day.
Led by practitioners, not theorists, our training gives you the skills to design, implement, and secure identity solutions that protect what matters most.
Choose Your Path to IAM Mastery
Built for Every IAM Professional
Training Designed by Practitioners, Proven in the Field
Join a Growing Community of IAM Experts
Upcoming
Courses
PingFederate Administration
This course implements various use cases with PingFederate and introduces industry concepts such as federation, SAML, and OAuth. The course also includes PingFederate-specific topics such as integration kits, adapters, SSO connections, and OAuth configuration. Hands-on exercises allow the participants to have first-hand experience in configuring PingFederate, establishing a web SSO connection and OAuth clients, and doing some basic troubleshooting.
The following are the prerequisites for successfully completing this course:
- Completion of the Getting Started With PingFederate course available at:
Day 1: Background of Federation Web SSO and Core Product
- Introduction to identity federation
- Introduction to integration kits
- Configuring SP and IdP adapters and password credential validators
- Lab 1: HTML Form Adapter and Reference ID adapter configuration
- Introduction to SAML
- Configuring IdP and SP SSO connection
- Lab 2: Creating connections for IdP and SP web SSO
- Lab 2: Creating connections for IdP and SP web SSO
- Server logs
- Lab 3: Review the server logs to follow and SSO transaction
Day 2: Further Integration and PingFederate Functionality
- Attribute mapping and data source
- Lab 4: Mapping attributes from external sources
- Lab 5: Using an external source for authentication
- Introduction to authentication policies
- Lab 6: Creating authentication selectors, policy contracts, and authentication policies
- Lab 7: Tracing SSO transactions in the PingFederate logs
Day 3: OAuth2 and Advanced Administration
- Introduction to OAuth2
- OAuth2 scopes and access tokens
- Lab 8: Configuring OAuth2 grants (including token validation, authorization code)
- Lab 9: Create an OAuth client for client Credentials grant type
- Lab 10: Create an OAuth client for a resource server
- Lab 11: Create an OAuth client for authorization grant type
- PingFederate administrative API
- Lab 12: Using the admin API
- Server Administration
- Deployment scenarios and clustering
- Lab 13 (optional): Configuring a cluster
PingDirectory Administration
This course provides the knowledge you need to install and administer each component of the PingDirectory platform which includes: PingDirectory server, PingDirectoryProxy server, PingDataSync server, the PingData Software Development Kit (SDK), and Delegated User Administration. This course references real-world scenarios driven by recurring use cases. You learn how to install each PingDirectory platform component, perform basic maintenance, using the monitoring and troubleshooting tools. While, hands-on lab exercises provide the first-hand experience installing, configuring, tuning, and using the troubleshooting tools
This course is built on version 10.
Upon completion of this course, you should be able to:
- Describe the PingDirectory capabilities and key features, summarize the installation procedures, and review the initial configuration tasks
- Deploy, fine tune, and configure the PingDirectory server to meet the needs of your production environment
- Describe how to install and manage the PingDirectoryProxy server
- Describe the functions provided by the PingDataSync server, and how to install, configure, and synchronize the PingDataSync server
- Describe common maintenance and necessary troubleshooting tasks needed to optimize PingDirectory performance.
The following are the prerequisites for successfully completing this course:
- Knowledge of UNIX/Linux commands.
- A basic understanding of how directory servers function.
- A basic understanding of REST and HTTP.
- A basic knowledge of Java based environments would be beneficial, but no programming experience is required.
- Completion of the Introduction to PingDirectory available at: https://backstage.pingidentity.com/university/
Chapter 1: Installing PingDirectory
Describe the PingDirectory capabilities and key features, summarize the installation procedures, and review the initial configuration tasks.
- Describe the key features of PingDirectory
- Perform pre-installation procedures
- Install PingDirectory
- Describe post-installation procedures
- Use server profiles
- (Optional) Install PingDirectory
Chapter 2: Deploying PingDirectory
Lesson 1: Managing the Schema
- Describe the schema
- Modify the schema
- Modify the schema
- Modify object classes
- Create auxiliary object classes
- Load custom schema elements
- Search entries
- Manage entries
- Create objects
- Prevent data vulnerability
- Keep data secure
- Configure encryption settings
- Define virtual attributes
- Administer virtual attributes
- Describe password policies
- Create a password policy
- Manage JSON attributes
- Create JSON attributes
- Manage the Password Policy State JSON
- Administer JSON Attributes
- Understand the Rest APIs
- Use the SCIM 2.0 REST API
- Administer the Directory REST API
- Manage log publishers
- Configure logging
- Create a log publisher
- Understand replication
- Enable replication
- Resolve conflicts
- Understand the replication protocol
- Use replication over WAN
- Plan deployment
- Configure replication
- Scale replication
- Enable the replication process
- Define the topology registry
- Administer the server topology
- Describe the key features
- Describe the installation process
- Install the PingDirectoryProxy server
- Lesson 3: Managing the PingDirectoryProxy Server
- Describe the key advanced PingDirectoryProxy server transformation features:
- Describe the proxy transformations
- Understand entry balancing
- Create transformations
- Describe the key features
- Install the PingDataSync server
- Use the start, stop, and restart commands
- Describe the failover server
- Install the failover server
- Install the PingDataSync server
- Define Sync Pipe components
- Create the synchronization flow
- Use the retry mechanism
- Configure the PingDataSync server
- Configure and synchronize the PingDataSync server
- Synchronize with a relational database
- Synchronize with AD
- Describe the key features of the Server SDK
- Use the start, stop, and restart server commands
- Understand common maintenance tasks
- Perform maintenance tasks
- Understand Delegated Admin
- Configure Delegated Admin
- Administer Delegated Admin
- Understand data recovery
- Perform data recovery
- Monitor the PingDirectory server
- Understand how to troubleshoot issues
- Repair a conflict resolution
- Use troubleshooting tools
PingOne Protect Administration
This course shows students how to deploy, configure, and administer PingOne Protect. Through a combination of guided instruction and hands-on exercises, students work in a live environment to learn how to implement risk-based policies, integrate with PingOne DaVinci (DaVinci), and monitor threats using real-time dashboards. Students are provided with a functional PingOne Protect environment where they learn how to configure risk predictors and policies, orchestrate risk-based multi-factor authentication (MFA) experiences, and reduce MFA fatigue while maintaining strong security controls. The course also guides students through preventing Account Takeover (ATO) and New Account Fraud (NAF) by correlating risk signals, tuning policies, and applying best practices to optimize fraud detection and minimize false positives.
Upon completion of this course, you should be able to:
- Deploy PingOne Protect by configuring predictors and risk policies, integrating with DaVinci, and monitoring risk through the Threat Protection Dashboard
- Analyze risk signals and adjust multi-factor authentication (MFA) requirements using DaVinci orchestration flows to balance security and user experience
- Identify complex fraud patterns and implement risk-based policies to proactively mitigate ATO and NAF across your environments
- Monitor risk events and evaluate policy performance in PingOne Protect so you can use reporting and analytics to identify trends, investigate anomalies, and refine risk policies while preserving a seamless user experience
The following are the prerequisites for successfully completing this course:
- Completion of the following courses available at:https://training.pingidentity.com/on-demand/category/PING
- Introduction to PingOne Protect
- Introduction to PingOne DaVinci
- Introduction to PingOne MFA
Chapter 1: Deploying PingOne Protect
Deploy PingOne Protect by configuring predictors and risk policies, integrating with DaVinci, and monitoring risk through the Threat Protection Dashboard.
Lesson 1: Introducing PingOne Protect
Describe the core features of PingOne Protect and how it fits within the PingOne Identity Platform (Identity Platform):
- Identify PingOne Protect
- Analyze scenarios
- Set up the Ping Identity environment (optional)
Lesson 2: Reviewing Architecture and Components
Understand how PingOne Protect integrates with DaVinci, define its core operational components (predictors and risk policies), and examine the architecture that connects and orchestrates these elements:
- Define risk predictors
- Administrate risk predictors
- Configure risk policies
- Create risk policies
Lesson 3: Integrating and Monitoring Threat Protection
Use the PingOne Protect connector and the Threat Protection Dashboard to integrate risk evaluation into DaVinci flows and monitor threats across your environment:
- Integrate PingOne Protect with DaVinci
- Monitor Risk with the Threat Protection Dashboard
Chapter 2: Optimizing MFA for Risk and Experience
Analyze risk signals and adjust MFA requirements using DaVinci orchestration flows to balance security and user experience.
Lesson 1: Understanding Risk-Based MFA
Differentiate risk-based MFA from traditional static MFA and configure your environment to support adaptive MFA:
- Contrast traditional and risk-based MFA
- Configure the environment post-MFA setup (optional)
Lesson 2: Implementing MFA Scenarios
Configure MFA for PingOne Protect and run DaVinci workflows to observe and troubleshoot different risk-based login scenarios:
- Initiate a new user account interaction
- Log in as a High-Risk user
- Log in as a Medium-Risk user
- Log in as a Low-Risk user
Lesson 3: Reducing MFA Fatigue
Apply techniques and configurations that minimize unnecessary MFA prompts without compromising security:
- Understand MFA fatigue
- Mitigate MFA fatigue
- Test risk-based authentication flows
Chapter 3: Preventing Account Takeover and New Account Fraud
Identify complex fraud patterns and implement risk-based policies to proactively mitigate ATO and NAF across your environments.
Lesson 1: Understanding the Fraud Cycle
Analyze fraud stages, map indicators to risk signals, and configure the Protect Synthesizer (ProtectSynth) to implement ATO and NAF risk policies that disrupt fraudulent activity:
- Define the fraud cycle
- Disrupt the fraud cycle using PingOne Protect
- Illustrate fraud cycle scenarios
- Create ATO and NAF risk policies
- Install and configure ProtectSynth
Lesson 2: Configuring Risk Policies to Prevent ATO
Correlate PingOne Protect predictors with risk signals, simulate user events, and optimize risk policies to maximize detection accuracy while minimizing false positives and false negatives:
- Correlate ATO risk patterns with predictors
- Deploy composite predictors to minimize false negatives
- Mitigate ATO risk using composite predictors
Lesson 3: Configuring Risk Policies to Prevent NAF
Configure and validate a NAF risk policy in PingOne Protect, by correlating risk predictors and detecting coordinated fraud patterns:
- Correlate and detect NAF risk patterns
- Configure and validate the NAF risk policy
Lesson 4: Optimizing Risk Policies for ATO and NAF
Apply ATO and NAF prevention best practices and tune corresponding risk policies to optimize fraud detection while minimizing false positives and operational impact:
- Describe best practices to prevent ATO and NAF
- Implement best practices to prevent ATO and NAF
- Tune the ATO risk policy
- Tune the NAF risk policy
Chapter 4: Managing PingOne Protect
Monitor risk events and evaluate policy performance in PingOne Protect so you can use reporting and analytics to identify trends, investigate anomalies, and refine risk policies while preserving a seamless user experience.
Lesson 1: Monitoring Risk Events and Policy Performance
Analyze and monitor PingOne Protect components, interpret flow types and associated risk policies, and regulate false positives so you maintain accurate risk evaluation and strong policy performance:
- Observe PingOne Protect components
- Understand flow types and risk policies
- Monitor user events
Lesson 2: Tuning Risk Policies
Optimize PingOne Protect risk policies by preparing for effective tuning, adjusting key predictors, and using staging policies and dashboards to validate and improve policy performance before production:
- Prepare for tuning
- Harness risk predictors and staging policies
- Use staging policies to refine risk policies
Lesson 3: Reporting and Analytics Best Practices
Apply reporting and analytics best practices by explaining the strategic value of PingOne Protect risk data and analyzing the Threat Protection Dashboard views to support informed, data-driven security decisions:
- Emphasize reporting and analytics
- Analyze risks in the Threat Protection Dashboard
PingFederate Advanced Administration
This course steps the learner through various advanced PingFederate administration topics, such as configuring memory options for PingFederate, logging to a database server, configuring certificate revocation checking and certificate rotation, configuring self-service features of the HTML Form Adapter, identity provider (IdP) to service provider (SP) bridging, clustering with dynamic discovery, and more.
The following are the prerequisites for successfully completing this course:
- Completion of the PingFederate Administration course, or
- Equivalent experience with PingFederate
Day 1: Course Introduction
- Server Administration
- Configuring JVM memory options
- Configuring virtual host names
- Certificate based console administration
- Lab 1: Configuring OIDC-based console single sign-on (SSO)
- Customizing audit logs
- The log4j2.xml file
- Logging to an external database
- Lab 2: Logging with PingFederate
- Certificates
- Certificate revocation checking
- Certificate rotation
- HTML Form Adapter Self-Service Features
- Password spray and account lockout prevention
- Self-service password change
- Self-service password reset
- Self-service username recovery
- Lab 3: HTML Form Adapter self-service options
- HTML Form Adapter Self-Registration
- Customer IAM with local identity profiles
- Self-registration with local identity profiles
- Self-registration using third-party IdPs
- Lab 4: HTML Form Adapter customer registration
- Advanced Attribute Mapping
- Using multiple datastores
- Using REST API as a datastore
- Extended properties
- PingDirectory virtual attributes
- SSO Connections
- Customizing SSO URLs
- SP target URL mapping
- IdP-to-SP bridging
- Session management
- Lab 5: SSO connections
- Federation Hub
- Bridging an IdP to an SP
- Bridging an IdP to multiple SPs
- Bridging multiple IdPs to an SP
- Bridging multiple IdPs to multiple SPs
- OAuth2 and OIDC
- Dynamic client registration
- Using directories for persistent grant storage
- Creating and managing OIDC profiles
- Lab 6: Configuring OIDC profiles
- Clustering
- Cluster protocol architecture
- Runtime state management architecture
- Adaptive clustering
- Directed clustering
- Dynamic discovery
- Cluster replication
- Lab 7: Clustering
- Troubleshooting
- SSO issues
- OAuth2 issues
- Certificate issues
Getting Started With PingOne Advanced Identity Cloud for Administrators
Upon completion of this course, you should be able to:
- Describe how to access an Advanced Identity Cloud tenant as an administrator and understand UI integration options
- Manage identities with the Advanced Identity Cloud admin UI and implement delegated administration to manage organizations and reset user passwords
- Manage journeys, email templates used in journeys, and authentication sessions as an Advanced Identity Cloud administrator
- Understand the use of Applications, synchronize identities between Advanced Identity Cloud and external applications, and explore how Identity Gateway can protect web applications when it is integrated with Advanced Identity Cloud
- Manage the configuration, monitor tenant activities, and perform common administration tasks for Advanced Identity Cloud tenants
The following are the prerequisites for successfully completing this course:
- Completion of the Product Essentials courses available at: https://backstage.forgerock.com/university/cloud-learning
- Introduction to PingAM
- PingIDM Essentials
- PingGateway Essentials
- Introduction to PingDS
Invite additional administrators using the Advanced Identity Cloud admin UI, which is an administrative interface to manage your tenant settings:
- Introduce the Advanced Identity Cloud admin UI
- Manage administrators
- Invite an administrator
Understand UI integration options:
- Explain UI integration options
- Configure themes for the Alpha and Bravo realms
Chapter 2: Administering Identities
Manage user identities:
- Introduce managed objects
- Manage a user profile
Bulk import user identities from a CSV file to add test users to your tenant:
- Describe bulk import
- Import test users
Explain how an organization hierarchical structure can be used to model a brand hierarchy to control access to business applications:
- Describe roles and privileges within an organization
- Implement delegated administration for an organization model
Explain how to delegate administration privileges to managed users:
- Delegate administration privileges
- Delegate password reset
Understand how journeys are used with Advanced Identity Cloud and how to import, export, and debug journeys:
- Introduce journeys
- Modify journeys
- Describe how to export and import journeys
- Export and import journeys
- Describe how to debug a journey
- Enable debug mode on a user journey
Understand how authentication sessions are used with Advanced Identity Cloud and how to invalidate server-side sessions:
- Describe server-side sessions
- Invalidate server-side sessions
Understand the use of email templates in a journey flow:
- Explore email templates and nodes
- Configure email templates
- Use email templates in user journeys
Describe the role of an application in Advanced Identity Cloud:
- Introduce applications
- Register a Bookmark app
Connect to external resources using a Remote Connector Server (RCS), and synchronize identities between Advanced Identity Cloud and on-prem resources:
- Explain how to connect to external resources
- Configure an RCS cluster
- Configure debug logging
- Add an authoritative application
- Explain synchronization
- Create inbound mappings and run reconciliation
- Synchronize passwords
- Create a target Application with outbound mappings
Demonstrate how PingGateway can protect a web application when it is integrated with Advanced Identity Cloud:
- Introduce PingGateway
- Integrate PingGateway with Advanced Identity Cloud
- Integrate the PingGateway sample application with Advanced Identity Cloud
Explain how to create service accounts to use the REST API endpoints, create a baseline configuration repository for developers, manage ESVs, and understand the promotion process:
- Introduce Service Accounts
- Create and manage a service account
- Introduce the Advanced Identity Cloud REST API
- Display Advanced Identity Cloud identities using the REST API
- Introduce configuration management
- Create a baseline configuration repository
- Describe how to manage ESVs
- Create and call ESV variables
- Promote your configuration
Explore and retrieve log data using the REST API and the Frodo CLI, monitor tenant activities, and visualize monitoring metrics using Prometheus and Grafana:
- Explore Logs
- Retrieve log data using the REST API
- Retrieve log data using the Frodo CLI
- Monitor your tenant
- Monitor tenant health and visualize monitoring metrics
- Explore the Advanced Identity Cloud analytics dashboard
Explain how an Advanced Identity Cloud administrator manages realm password policies:
- Manage realm password policies
- Configure password policies
Understand additional tasks that an Advanced Identity Cloud administrator should be aware of:
- Introduce outbound static IP addresses
- View outbound static IP addresses
- Manage tenant certificates
- Add a custom domain name
Getting Started With PingOne DaVinci
This course provides the foundation to design, build, and integrate identity orchestration flows using PingOne DaVinci (DaVinci). You will create user interactions, extend flows with APIs, and integrate these solutions into applications. You will also leverage core PingOne services like SSO, identity management, and analytics. Through hands-on labs and instruction, you will gain the skills to deploy real-world orchestration solutions with confidence.
Upon completion of this course, you should be able to:
- Build basic user interactions with DaVinci flows
- Integrate a DaVinci flow into an application
- Integrate PingOne single sign-on (SSO) and identities in DaVinci flows
- Build an authentication flow in DaVinci
- Provide custom analytics in a DaVinci flow
The following are the prerequisites for successfully completing this course:
- Basic understanding of JavaScript, HTML, CSS, and the PingOne Platform
- Completion of the Introduction to PingOne DaVinci course available at:
Chapter 1: Building Basic User Interactions With DaVinci Flows
Build basic user interactions with DaVinci flows.
Lesson 1: Defining the Basic Flow and Interaction Steps
Define the basic flow and provide an introduction to the foundational concepts of DaVinci:
- Introduce the PingOne Platform and DaVinci
- Access and launch the DaVinci admin console
- Understand Flows
- Build basic user interaction in a flow
Lesson 2: Using Functions and API Calls
Define the basic flow and provide an introduction to the foundational concepts of DaVinci:
- Extend DaVinci flows
- Verify the age of the user
- Make an API callCollect the user’s email and password
- Implement a robot check
- Document the flow
Lesson 3: Improving the User Experience
Use more advanced concepts in DaVinci to implement your flows:
- Improve the UI
- Convert user interactions to use HTML templates
Lesson 4: Using Variables and Form Validation
Expand further the functionality of your existing flow by using flow variables and improving interaction with the user:
- Incorporate variables
- Understand localizing flows
- Use flow variables and form validation
- Incorporate form validation
- Improve form validation inputs
- Troubleshoot issues
Lesson 5: Using Subflows to Manage Complexity
Externalize functionality that is often reused or complex to its own flow; for example, if the flow needed to connect to an API that isn’t available as a native connector, CRUD operations could be built in a new flow that could be leveraged by many:
- Create and use subflows
- Implement the subflow
- Replace the API call with the subflow
Chapter 2: Integrating a DaVinci Flow Into an Application
Integrate a DaVinci flow into an application.
Lesson 1: Integrating an Application to Launch a Flow
Integrate the flow into a web application which allows the application to provide the CSS (look and feel). Other flows can also be integrated to enable a richer user experience:
- Add a flow to a web application
- Create and customize the application
Lesson 2: Using a CSS in Flows vs Applications
Review how CSS is leveraged in a flow vs an application, and determine the advantages of leaving the presentation layer controlled by your application rather than using a CSS in your flow:
- Leverage a CSS
- Determine how a custom CSS in a flow is embedded with a web application
Lesson 3: Adding a Flow to an Existing Applicatio
Take the flow and integrate it into a web application:
- Embed flows using the widget method
- Import the DaVinci JavaScript library
- Create a JavaScript method to call the flow
Lesson 4: Integrating Non-UI Flows
Explore how DaVinci can accelerate development when integrating with backend services and APIs, enriching the overall user experience:
- Integrate a non-UI flow
- Build out your flow
- Integrate the flow
Lesson 5: Passing Data Into a Flow From an Application
Run through the process of passing data into a flow, whether it has user interaction or not:
- Enable dynamic flows
- Create and integrate a DaVinci subflow
Lesson 6: Performing A/B Testing
Define a flow that deals with age first, instead of name, during registration:
- Understand A/B testing
- Define a new flow
- Incorporate flow policies
- Build out a flow policy
Chapter 3: Integrating PingOne SSO and Identities in DaVinci Flows
Integrate PingOne SSO and identities in DaVinci flows.
Lesson 1: Setting Up Parallel Processing
Set up a flow that has two paths that execute in parallel and then come to their own conclusion:
- Implement parallel processing
- Leverage the PingOne Notification service
Lesson 2: Automating Flows With DaVinci Admin APIs
Learn how to manage DaVinci programmatically using the DaVinci Admin APIs:
- Understand DaVinci Admin APIs
- Explain administrator roles
Lesson 3: Creating Registered Accounts
Take the information collected during the registration process and create a user account in PingOne, which is the first step to expanding the capabilities of the application to support authentication:
- Create registered accounts
- Review your PingOne setup
- Build out a new registration flow
- Verify if an account already exists
Lesson 4: Verifying an Email Address
Establish a process to verify the email address of the user:
- Configure email verification
- Create an email verification subflow
- Complete the subflow
Chapter 4: Building an Authentication Flow in DaVinci
Build an authentication flow in DaVinci.
Lesson 1: Handling Authentication
Handle authentication for the application:
- Design and implement the authentication flow
- Design the flow logic
- Implement teleports for flow efficiency
- Authenticate and validate user identity
Lesson 2: Handling Forgotten Passwords
Handle forgotten password in the authentication flow:
- Manage password recovery flows
- Develop the end-to-end forgot password flow
Lesson 3: Adding an Authentication Method
Add another method of authentication, an email magic link, for the users of the application:
- Implement magic link authentication
- Add a magic link authentication method
Chapter 5: Providing Custom Analytics in a DaVinci Flow
Provide custom analytics in a DaVinci flow.
Lesson 1: Leveraging analytics to monitor flow usage
Implement custom analytics to track key business milestones and user behavior across DaVinci flows:
- Understand and apply flow analytics
- Configure authentication analysis