Identitrain Central
Home
Courses
Schedule
Knowledge Base
About Us
Partnerships
Contact
Log in
Create an account
Identitrain
Copyright © Identitrain, Inc. 2026
Terms of usePrivacy PolicyReport a problem

Unlock your full potential in IAM

This is Identitrain

Master Identity and Access Management with world-class training designed by experts who live it every day.

Led by practitioners, not theorists, our training gives you the skills to design, implement, and secure identity solutions that protect what matters most.

Choose Your Path to IAM Mastery

Whether you’re starting your IAM journey or advancing toward certification, our structured learning paths guide you every step of the way. Select from Identity Management, Access Management, Governance, or Best Practices tracks designed to match your role and goals.
Explore Our Learning Paths

Built for Every IAM Professional

From architects and developers to project managers and business leaders, Identitrain delivers training that fits your role. Whether you’re designing IAM strategies, building integrations, or leading transformation projects, we’ve got a path for you.
See Our Classes

Training Designed by Practitioners, Proven in the Field

Our instructors bring years of real-world IAM experience into the classroom. We blend vendor-agnostic fundamentals with deep expertise in leading platforms like Ping, SailPoint, Okta, and beyond. Every course is modular, lab-focused, and designed to give you actionable skills you can immediately put to use!
Meet Our Instructors

Join a Growing Community of IAM Experts

Training doesn’t end with the last session. Graduates join our global practitioner network, gaining access to peer discussions, expert webinars, alumni resources, and exclusive discounts. Learn, connect, and grow alongside IAM professionals worldwide.
Get Connected!

Upcoming
Courses

Calendar
Upcoming Courses
ping logo
PA-400 BVP Rev A

PingAccess Administration

This course provides the information you need to set up and configure PingAccess as a policy server to protect both web applications and APIs. After completing this course, you will know how to configure PingAccess in both a gateway and agent model, and configure different types of policies that PingAccess offers.

Upon completion of this course, you should be able to:

  • Discover how to configure PingAccess as a reverse proxy, and connect PingAccess to a token provider (PingFederate)
  • Configure PingAccess as a Reverse Proxy
  • Configure policies in PingAccess to further bolster administration capabilities

The following are the prerequisites for successfully completing this course:

  • Completion of the following courses:https://backstage.pingidentity.com/university/on-demand/category/PING
  • Introduction to PingAccess
  • Getting Started With PingAccess
  • Introduction to PingFederate
  • Getting Started With PingFederate

Chapter 1: Configuring and Connecting PingAccess

Discover how to configure PingAccess as a reverse proxy, and connect PingAccess to a token provider (PingFederate).

Lesson 1: Configuring PingAccess as a Reverse Proxy (Gateway Model)

Describe how to configure PingAccess as a reverse proxy (gateway model):

  • Introduce the gateway model
  • Enable PingAccess as a reverse proxy
  • Configure PingAccess resources and rewrite rules

Lesson 2: Connecting PingAccess to a Token Provider (PingFederate)

Describe the responsibilities of token providers and how to configure PingAccess to use PingFederate as a token provider:

  • Introduce token providers
  • Configure OAuth2 in PingFederate
  • Configure PingAccess using the gateway model

Chapter 2: Configuring PingAccess Applications, Agents, and Sites

Configure PingAccess as a Reverse Proxy.

Lesson 1: Protecting Web Apps

Describe how to protect web apps by configuring them with PingAccess and OpenID Connect (OIDC):

  • Define the OIDC protocol
  • Introduce web sessions
  • Create a web session using OIDC claims

Lesson 2: Working With Sites

Create identity mappings and advanced web session:

  • Create identity mappings and advanced web sessions

Lesson 3: Working With Rules and Policies

Describe how to work with rules and policies within PingAccess:

  • Describe the rules and policies process
  • Create web access rules
  • Create API access control rules

Chapter 3: Configuring Policies and Administration

Configure policies in PingAccess to further bolster administration capabilities.

Lesson 1: Maintaining PingAccess Discuss how to maintain PingAccess through resources, audit logs, and redirection:

  • Dive deeper into resources
  • Examine audit logs
  • Manage redirection

Lesson 2: Configuring PingAccess as a Policy Server (Agent Model)

Configure PIngAccess to be a policy server by implementing the agent model:

  • Introduce the agent model

Lesson 3: Optimizing and Configuring PingAccess

Optimize PingAccess through configuration, single sign-on (SSO), and the admin API:

  • Implement improvements
  • Enable PingAccess administrator SSO
  • Use the PingAccess administrative API
  • Increase the JVM Heap Size

Lesson 4: Creating PingAccess Clusters

Create PingAccess clusters to increase resilience and simplify procedures:

  • Deploy clustersConfigure simple clusters in PingAccess (Optional)
PingAccessPingFederate
May 21
2 days
More information
ping logo
PD-400-BVP Rev A.1

PingDirectory Administration

This course provides the knowledge you need to install and administer each component of the PingDirectory platform which includes: PingDirectory server, PingDirectoryProxy server, PingDataSync server, the PingData Software Development Kit (SDK), and Delegated User Administration. This course references real-world scenarios driven by recurring use cases. You learn how to install each PingDirectory platform component, perform basic maintenance, using the monitoring and troubleshooting tools. While, hands-on lab exercises provide the first-hand experience installing, configuring, tuning, and using the troubleshooting tools


This course is built on version 10.

Upon completion of this course, you should be able to:

  • Describe the PingDirectory capabilities and key features, summarize the installation procedures, and review the initial configuration tasks
  • Deploy, fine tune, and configure the PingDirectory server to meet the needs of your production environment
  • Describe how to install and manage the PingDirectoryProxy server
  • Describe the functions provided by the PingDataSync server, and how to install, configure, and synchronize the PingDataSync server
  • Describe common maintenance and necessary troubleshooting tasks needed to optimize PingDirectory performance.

The following are the prerequisites for successfully completing this course:

  • Knowledge of UNIX/Linux commands.
  • A basic understanding of how directory servers function.
  • A basic understanding of REST and HTTP.
  • A basic knowledge of Java based environments would be beneficial, but no programming experience is required.
  • Completion of the Introduction to PingDirectory available at: https://backstage.pingidentity.com/university/

Chapter 1: Installing PingDirectory

Describe the PingDirectory capabilities and key features, summarize the installation procedures, and review the initial configuration tasks.

Lesson 1: Providing an Overview of PingDirectory
Describe the capabilities and key features of PingDirectory:
  • Describe the key features of PingDirectory
Lesson 2: Installing the PingDirectory Server
Summarize the PingDirectory server installation procedures:
  • Perform pre-installation procedures
  • Install PingDirectory
  • Describe post-installation procedures
Lesson 3: Completing Initial Configuration
Complete the PingDirectory server initial configuration settings:
  • Use server profiles
  • (Optional) Install PingDirectory

Chapter 2: Deploying PingDirectory

Deploy, fine tune, and configure the PingDirectory server to meet the needs of your production environment.

Lesson 1: Managing the Schema
Describe the functions of the schema, and modify the schema by creating new attribute types, object classes, and a new custom user:
  • Describe the schema
  • Modify the schema
  • Modify the schema
  • Modify object classes
  • Create auxiliary object classes
  • Load custom schema elements
Lesson 2: Managing Objects
Define objects in LDAP and use the command-line tools to search, add, modify, and delete entries:
  • Search entries
  • Manage entries
  • Create objects
Lesson 3: Using Security and Encryption
Describe the basic vulnerabilities in LDAP server implementations, secure server data, use the encryption-settings tool to create an encryption settings database, and create sensitive attributes:
  • Prevent data vulnerability
  • Keep data secure
  • Configure encryption settings
Lesson 4: Using Virtual Attributes
Define virtual attributes and their use, recall the virtual attribute types, and create mirrored virtual attributes:
  • Define virtual attributes
  • Administer virtual attributes
Lesson 5: Managing Password Policies
Describe how to use password policies, and then create and assign password policies to individual accounts and/or user groups:
  • Describe password policies
  • Create a password policy
Lesson 6: Administering JSON Attributes
Describe how to manage and create JSON attributes:
  • Manage JSON attributes
  • Create JSON attributes
  • Manage the Password Policy State JSON
  • Administer JSON Attributes
Lesson 7: Managing the REST APIs
Describe the available REST APIs, list the HTTP methods available, and use the Directory REST API to create and update user entries:
  • Understand the Rest APIs
  • Use the SCIM 2.0 REST API
  • Administer the Directory REST API
Lesson 8: Managing Logging
List the three types of available log publishers, describe the elements of the log format, and create log publishers:
  • Manage log publishers
  • Configure logging
  • Create a log publisher
Lesson 9: Managing Replication
Define the replication process and architecture, set up a server topology, enable the replication process, and initialize new replicas:
  • Understand replication
  • Enable replication
  • Resolve conflicts
  • Understand the replication protocol
  • Use replication over WAN
  • Plan deployment
  • Configure replication
  • Scale replication
  • Enable the replication process
Lesson 10: Managing Server Topologies
Discuss the topology registry, create server groups to aid in configuration changes, and compare configurations on separate directory servers:
  • Define the topology registry
  • Administer the server topology
Chapter 3: Administering the PingDirectoryProxy Server

Describe how to install and manage the PingDirectoryProxy server.

Lesson 1: Providing an Overview of the PingDirectoryProxy Server
Describe the capabilities and key features of the PingDirectoryProxy server:
  • Describe the key features
Lesson 2: Installing the PingDirectoryProxy Server
Describe how to install the PingDirectoryProxy server:
  • Describe the installation process
  • Install the PingDirectoryProxy server
  • Lesson 3: Managing the PingDirectoryProxy Server
  • Describe the key advanced PingDirectoryProxy server transformation features:
  • Describe the proxy transformations
  • Understand entry balancing
  • Create transformations
Chapter 4: Administering the PingDataSync Server

Describe the functions provided by the PingDataSync server, and how to install, configure, and synchronize the PingDataSync server.

Lesson 1: Providing an Overview of PingDataSync
Describe the capabilities and key features of the PingDataSync server:
  • Describe the key features
Lesson 2: Installing the PingDataSync Server
Summarize the PingDataSync server installation procedures:
  • Install the PingDataSync server
  • Use the start, stop, and restart commands
  • Describe the failover server
  • Install the failover server
  • Install the PingDataSync server
Lesson 3: Configuring the PingDataSync Server
Define and install the PingDataSync server components:
  • Define Sync Pipe components
  • Create the synchronization flow
  • Use the retry mechanism
  • Configure the PingDataSync server
  • Configure and synchronize the PingDataSync server
Lesson 4: Synchronizing the PingDataSync Server
Describe the features needed, in a relational database and AD, to allow synchronization through the PingDataSync serve:
  • Synchronize with a relational database
  • Synchronize with AD
Chapter 5: Troubleshooting and Maintenance

Describe common maintenance and necessary troubleshooting tasks needed to optimize PingDirectory performance.

Lesson 1: Providing an Overview of the Server SDK
Provide an overview of the Server SDK:
  • Describe the key features of the Server SDK
Lesson 2: Maintaining the PingDirectory Server
Summarize common PingDirectory maintenance tasks:
  • Use the start, stop, and restart server commands
  • Understand common maintenance tasks
  • Perform maintenance tasks
  • Understand Delegated Admin
  • Configure Delegated Admin
  • Administer Delegated Admin
  • Understand data recovery
  • Perform data recovery
Lesson 3: Monitoring a PingDirectory Deployment
Explain how monitoring is a vital part of a PingDirectory deployment:
  • Monitor the PingDirectory server
Lesson 4: Troubleshooting the PingDirectory server
Provide information about available troubleshooting tools and log files to help ensure the resolution of any problems:
  • Understand how to troubleshoot issues
  • Repair a conflict resolution
  • Use troubleshooting tools


PingDirectoryPingDirectoryProxyPingDataSync
May 24
3 days
More information
ping logo
IG-430-BVP Rev A

PingGateway Deep Dive

The aim of this course is to showcase the key features and capabilities of the versatile and powerful edge security solution with the PingGateway environment, formerly known as ForgeRock® Identity Gateway. It provides the student with the knowledge and confidence to manage their own environment. It is accepted that this course is not able to demonstrate all the features and capabilities of PingGateway. Further information and guidance can be found in the documentation and knowledge base documents in the online repositories at: Backstage https://backstage.forgerock.com.

Note: Revision A of this course is based on version 7.2 of PingGateway.

Upon completion of this course, you should be able to:

  • Integrate and protect web applications, APIs, legacy applications, and microservices with the Ping Identity Platform (Identity Platform), formerly known as ForgeRock® Identity Platform, by using PingGateway
  • Add authentication to the ForgeRock Entertainment Company (FEC) solution using PingOne Advanced Identity Cloud (Advanced Identity Cloud), formerly known as ForgeRock® Identity Cloud, or PingAM (AM), formerly known as ForgeRock® Access Management, as the access manager, OpenID Connect (OIDC) provider, and Security Assertion Markup Language (SAML2) identity provider (IdP)
  • Demonstrate how to use PingGateway to manage access to a website using Advanced Identity Cloud (or AM) policies and policies with advice
  • Protect a REST API with PingGateway and extend PingGateway functionality with scripting
  • Highlight various areas that must be taken into account when preparing PingGateway for a production environment. Topics discussed include auditing, monitoring, tuning, security, and deployment

The following are the prerequisites for successfully completing this course:

  • Completion of the PingGateway Essentials course available at: https://backstage.forgerock.com/university/forgerock/on-demand/path/TGVhcm5pbmdQYXRoOjQ%3D/chapter/Q291cnNlOjE1NzI2

Chapter 1: Integrating Applications With PingGateway

Integrate and protect web applications, APIs, legacy applications, and microservices with Identity Platform by using PingGateway.

Lesson 1: Introducing PingGateway
Introduce PingGateway and discuss scenarios for protecting web applications, APIs, and legacy applications:
  • Introduce PingGateway
  • Describe PingGateway features
  • Compare PingGateway with policy agents
  • Explore PingGateway integration with web applications
  • Describe PingGateway integration with OIDC and SAML
  • Explore PingGateway policy enforcement and second-factor authentication (2FA)
  • Describe PingGateway protection of APIs
  • Access your CloudShare VM
  • Examine the lab environment
  • Access the FEC and DVD4U websites
Lesson 2: Fronting a Website With PingGateway
Configure PingGateway to listen for secure connections, operate in development mode, and be a reverse proxy in front of the FEC website:
  • Examine the PingGateway configuration structure
  • Describe required PingGateway configuration
  • Configure PingGateway for secure connections
  • Configure PingGateway routes
  • Creating and managing routes in PingGateway Studio
  • Protect a website by using PingGateway Studio
  • Upgrade a route to use WebSockets
  • Configure PingGateway for development mode and TLS connections
  • Protect the FEC website with PingGateway by using PingGateway Studio
  • Manage routes in PingGateway Studio and examine PingGateway log files
Lesson 3: Routing Requests and Responses
Configure PingGateway to route requests depending on external conditions, and use various filters and handlers to process requests and responses within a route:
  • Describe the PingGateway object model
  • Examine objects available in routes
  • Retrieve context data and configure sessions
  • Route requests depending on conditions
  • Describe route handlers
  • Manage requests and responses with a route handler
  • Process requests and responses with filters
  • Create a route to allow access to a public area of FEC
  • Add a page not found route
  • Create a route to access the legacy DVD4U application
  • Add password replay for the DVD4U application
Lesson 4: Configuring PingGateway Logging and Capturing Route Communication
Introduce decorators, capture information in the PingGateway logs information using the CaptureDecorator, and retrieve credentials from a file with a FileAttributesFilter:
  • Manage PingGateway logs
  • Introduce Decorators
  • Configure route activity logs
  • Capture inbound and outbound communication
  • Retrieve credentials from a file
  • Observe requests and responses in PingGateway logs
  • Test different capture configuration settings
  • Centralize PingGateway logging configuration
  • Modify the DVD4U route to get credentials from a file
  • Use Logback configuration for troubleshooting
Chapter 2: Configuring Agentless Single Sign-On

Add authentication to the FEC solution, using Advanced Identity Cloud or AM as the access manager, OIDC provider, and SAML2 identity provider.

Lesson 1: Implementing Authentication with the SSO Filter
Implement authentication for websites with the single sign-on (SSO) filter by using PingGateway to interact with Advanced Identity Cloud or AM as the authentication server, to ensure access to non-public content requires authentication:
  • Create a route by using the PingGateway Studio Freeform Designer
  • Configure Advanced Identity Cloud or AM as a service
  • Describe how to use the SSO Filter
  • Retrieve user data from the authentication provider
  • Configure PingGateway as an HTTPS client
  • Create a route with the PingGateway Studio Freeform Designer
  • Redirect requests to AM for authentication
  • Configure PingGateway for client-side HTTPS
  • Access properties in SSO token context
  • Retrieve user profile data for display in a web page
  • Store information in a PingGateway HTTP session
  • Configure capture decorators in Freeform Designer
Lesson 2: Configuring CDSSO for the Legacy Application
Configure cross-domain single sign-on (CDSSO) to support applications located in different domains, by using the CrossDomainSingleSignOnFilter:
  • Describe the CDSSO Filter
  • Configure the CDSSO Filter Solution
  • Configure CDSSO redirect endpoints
  • Integrate the legacy application with CDSSO
  • Create a new route to protect DVD4U with CDSSO and AM
  • Update the DVD4U route to automatically log in the authenticated user
  • Prepare the Advanced Identity Cloud tenant
  • Protect the DVD4U and FEC websites using CDSSO with Advanced Identity Cloud
Lesson 3: Performing SSO With PingGateway as an OIDC Relying Party
Configure PingGateway to operate as an OIDC client (relying party) to offer potential subscriber users access to the trial sections and immediate access to promotional content of the website by using their Gmail account:
  • Describe basic OIDC concepts
  • Configure PingGateway as an OIDC client
  • Examine the flow of OIDC redirects for authentication and consent
  • Explore the flow of OIDC callbacks and data injection
  • Configure an OIDC relying party route
  • Examine the OIDC relying party solution
Lesson 4: Providing SSO with PingGateway as a SAML2 SP
Configure PingGateway to act as a SAML2 service provider (SP), enabling an application to be SAML2-compliant:
  • Authenticate with a SAML2 identity provider (IdP)
  • Describe the use of the SAML federation handler
  • Describe the use of the dispatch handler
  • Describe the SAML2 implementation flow
  • Set up SAML2 configuration files for PingGateway
  • Configure a SAML2 route for the trial section
  • Examine the SAML2 solution (optional)
Chapter 3: Controlling Access with PingGateway as Policy Enforcement Point

Demonstrate how to use PingGateway to manage access to a website using Advanced Identity Cloud (or AM) policies and policies with advice.

Lesson 1: Implementing Authorization With a Policy Enforcement Filter
Configure PingGateway to manage access to a website by evaluating policies configured in Advanced Identity Cloud (or AM) and using a PolicyEnforcementFilter:
  • Describe the use of the Policy Enforcement Filter
  • Illustrate the use of the Policy Enforcement Filter
  • Configure a policy enforcement point (PEP) route for the premium section of FEC
  • Examine the PEP solution (optional)
Lesson 2: Providing Step-Up Authentication and Transactional Authorization
Illustrate how PingGateway handles step-up authentication and transactional authorization policy advices with Advanced Identity Cloud (or AM):
  • Describe step-up authentication
  • Illustrate how PingGateway handles step-up authentication
  • Describe transactional authorization
  • Illustrate how PingGateway handles transactional authorization
  • Configure a PEP route for the on demand and profile sections of FEC
  • Examine the profile solution (optional)
  • Examine the on-demand solution (optional)
Chapter 4: Protecting a REST API

Protect a REST API with PingGateway and extend PingGateway functionality with scripting.

Lesson 1: Configuring PingGateway as an OAuth2 Resource Server
Configure PingGateway to act as an OAuth2 resource server that protects a REST API:

  • Describe the use of the OAuth2 resource server filter
  • List access token resolvers
  • Validate certificate-bound access tokens
  • Observe the flow with the token introspection resolver
  • Prepare the OAuth2 solution to protect the FEC REST API
  • Configure PingGateway to protect the FEC REST APIs
  • Examine the REST API solution (optional)
Lesson 2: Extending Functionality With Scripts
Log information on context, implement dynamic scopes to manage access to resources, and refine allowed access using script-based objects in PingGateway:
  • Describe the scripting functionality for extending PingGateway
  • Explore scriptable objects
  • Examine dynamic scopes solution
  • Describe OAuth2 token swapping in PingGateway
  • Configure a scriptable filter to log the content of the OAuth2 context
  • Configure a dynamic scopes script
  • Configure a scriptable filter to retrieve the correct favorite list
Chapter 5: Preparing for Production with PingGateway

Highlight various areas that must be taken into account when preparing PingGateway for a production environment. Topics discussed include auditing, monitoring, tuning, security, and deployment.

Lesson 1: Auditing, Monitoring, and Tuning a PingGateway Solution
Prepare PingGateway for a production environment by considering auditing, monitoring, tuning, security, and deployment topics:
  • Describe the audit framework
  • Excluding sensitive data from audit logs
  • Accessing the Common REST API monitoring endpoint
  • Decreasing the number of requests through caching
Lesson 2: Developing an Awareness of Security Questions With PingGateway
Develop awareness of best practices, describe JwtSessions, examine common secrets, and manage request rates and throttling:
  • Discuss PingGateway best practices regarding security
  • Examine the common secrets
  • Explore secret store types
  • Describe throttling
  • Create common secret stores
  • Configure throttling
Lesson 3: Deploying PingGateway
Explore how to deploy PingGateway into a production context by using property value substitution and clustering:
  • Describe property value substitution
  • Set up multiple PingGateway instances
  • Integrate configuration tokens in the solution
  • Deploy a second PingGateway instance
PingAM
May 25
5 days
More information
ping logo
PD-400-BVP Rev A.1

PingDirectory Administration

This course provides the knowledge you need to install and administer each component of the PingDirectory platform which includes: PingDirectory server, PingDirectoryProxy server, PingDataSync server, the PingData Software Development Kit (SDK), and Delegated User Administration. This course references real-world scenarios driven by recurring use cases. You learn how to install each PingDirectory platform component, perform basic maintenance, using the monitoring and troubleshooting tools. While, hands-on lab exercises provide the first-hand experience installing, configuring, tuning, and using the troubleshooting tools


This course is built on version 10.

Upon completion of this course, you should be able to:

  • Describe the PingDirectory capabilities and key features, summarize the installation procedures, and review the initial configuration tasks
  • Deploy, fine tune, and configure the PingDirectory server to meet the needs of your production environment
  • Describe how to install and manage the PingDirectoryProxy server
  • Describe the functions provided by the PingDataSync server, and how to install, configure, and synchronize the PingDataSync server
  • Describe common maintenance and necessary troubleshooting tasks needed to optimize PingDirectory performance.

The following are the prerequisites for successfully completing this course:

  • Knowledge of UNIX/Linux commands.
  • A basic understanding of how directory servers function.
  • A basic understanding of REST and HTTP.
  • A basic knowledge of Java based environments would be beneficial, but no programming experience is required.
  • Completion of the Introduction to PingDirectory available at: https://backstage.pingidentity.com/university/

Chapter 1: Installing PingDirectory

Describe the PingDirectory capabilities and key features, summarize the installation procedures, and review the initial configuration tasks.

Lesson 1: Providing an Overview of PingDirectory
Describe the capabilities and key features of PingDirectory:
  • Describe the key features of PingDirectory
Lesson 2: Installing the PingDirectory Server
Summarize the PingDirectory server installation procedures:
  • Perform pre-installation procedures
  • Install PingDirectory
  • Describe post-installation procedures
Lesson 3: Completing Initial Configuration
Complete the PingDirectory server initial configuration settings:
  • Use server profiles
  • (Optional) Install PingDirectory

Chapter 2: Deploying PingDirectory

Deploy, fine tune, and configure the PingDirectory server to meet the needs of your production environment.

Lesson 1: Managing the Schema
Describe the functions of the schema, and modify the schema by creating new attribute types, object classes, and a new custom user:
  • Describe the schema
  • Modify the schema
  • Modify the schema
  • Modify object classes
  • Create auxiliary object classes
  • Load custom schema elements
Lesson 2: Managing Objects
Define objects in LDAP and use the command-line tools to search, add, modify, and delete entries:
  • Search entries
  • Manage entries
  • Create objects
Lesson 3: Using Security and Encryption
Describe the basic vulnerabilities in LDAP server implementations, secure server data, use the encryption-settings tool to create an encryption settings database, and create sensitive attributes:
  • Prevent data vulnerability
  • Keep data secure
  • Configure encryption settings
Lesson 4: Using Virtual Attributes
Define virtual attributes and their use, recall the virtual attribute types, and create mirrored virtual attributes:
  • Define virtual attributes
  • Administer virtual attributes
Lesson 5: Managing Password Policies
Describe how to use password policies, and then create and assign password policies to individual accounts and/or user groups:
  • Describe password policies
  • Create a password policy
Lesson 6: Administering JSON Attributes
Describe how to manage and create JSON attributes:
  • Manage JSON attributes
  • Create JSON attributes
  • Manage the Password Policy State JSON
  • Administer JSON Attributes
Lesson 7: Managing the REST APIs
Describe the available REST APIs, list the HTTP methods available, and use the Directory REST API to create and update user entries:
  • Understand the Rest APIs
  • Use the SCIM 2.0 REST API
  • Administer the Directory REST API
Lesson 8: Managing Logging
List the three types of available log publishers, describe the elements of the log format, and create log publishers:
  • Manage log publishers
  • Configure logging
  • Create a log publisher
Lesson 9: Managing Replication
Define the replication process and architecture, set up a server topology, enable the replication process, and initialize new replicas:
  • Understand replication
  • Enable replication
  • Resolve conflicts
  • Understand the replication protocol
  • Use replication over WAN
  • Plan deployment
  • Configure replication
  • Scale replication
  • Enable the replication process
Lesson 10: Managing Server Topologies
Discuss the topology registry, create server groups to aid in configuration changes, and compare configurations on separate directory servers:
  • Define the topology registry
  • Administer the server topology
Chapter 3: Administering the PingDirectoryProxy Server

Describe how to install and manage the PingDirectoryProxy server.

Lesson 1: Providing an Overview of the PingDirectoryProxy Server
Describe the capabilities and key features of the PingDirectoryProxy server:
  • Describe the key features
Lesson 2: Installing the PingDirectoryProxy Server
Describe how to install the PingDirectoryProxy server:
  • Describe the installation process
  • Install the PingDirectoryProxy server
  • Lesson 3: Managing the PingDirectoryProxy Server
  • Describe the key advanced PingDirectoryProxy server transformation features:
  • Describe the proxy transformations
  • Understand entry balancing
  • Create transformations
Chapter 4: Administering the PingDataSync Server

Describe the functions provided by the PingDataSync server, and how to install, configure, and synchronize the PingDataSync server.

Lesson 1: Providing an Overview of PingDataSync
Describe the capabilities and key features of the PingDataSync server:
  • Describe the key features
Lesson 2: Installing the PingDataSync Server
Summarize the PingDataSync server installation procedures:
  • Install the PingDataSync server
  • Use the start, stop, and restart commands
  • Describe the failover server
  • Install the failover server
  • Install the PingDataSync server
Lesson 3: Configuring the PingDataSync Server
Define and install the PingDataSync server components:
  • Define Sync Pipe components
  • Create the synchronization flow
  • Use the retry mechanism
  • Configure the PingDataSync server
  • Configure and synchronize the PingDataSync server
Lesson 4: Synchronizing the PingDataSync Server
Describe the features needed, in a relational database and AD, to allow synchronization through the PingDataSync serve:
  • Synchronize with a relational database
  • Synchronize with AD
Chapter 5: Troubleshooting and Maintenance

Describe common maintenance and necessary troubleshooting tasks needed to optimize PingDirectory performance.

Lesson 1: Providing an Overview of the Server SDK
Provide an overview of the Server SDK:
  • Describe the key features of the Server SDK
Lesson 2: Maintaining the PingDirectory Server
Summarize common PingDirectory maintenance tasks:
  • Use the start, stop, and restart server commands
  • Understand common maintenance tasks
  • Perform maintenance tasks
  • Understand Delegated Admin
  • Configure Delegated Admin
  • Administer Delegated Admin
  • Understand data recovery
  • Perform data recovery
Lesson 3: Monitoring a PingDirectory Deployment
Explain how monitoring is a vital part of a PingDirectory deployment:
  • Monitor the PingDirectory server
Lesson 4: Troubleshooting the PingDirectory server
Provide information about available troubleshooting tools and log files to help ensure the resolution of any problems:
  • Understand how to troubleshoot issues
  • Repair a conflict resolution
  • Use troubleshooting tools


PingDirectoryPingDirectoryProxyPingDataSync
May 26
3 days
More information
ping logo
AIC-400-BVP Rev A

PingOne Advanced Identity Cloud Administration

This course builds upon the Getting Started With PingOne Advanced Identity Cloud for Administrators training to provide advanced techniques for managing and configuring PingOne Advanced Identity Cloud (Advanced Identity Cloud). Students will master advanced authentication journeys with multi-factor authentication (MFA), implement context-based authorization policies, and learn to model complex identity objects with relationships between managed objects. The course covers essential synchronization techniques, including connector configuration, reconciliation, LiveSync, and role-based provisioning to manage identity flow between Advanced Identity Cloud and external resources. Participants will gain hands-on experience with the REST API for programmatic access to identity management features, enabling automation and integration with external systems. Through practical exercises, students will learn to deploy and configure PingGateway to protect websites, implement continuous contextual authorization, and create comprehensive identity management solutions.


Upon completion of this course, you should be able to:

  • Recap authentication with Advanced Identity Cloud. Increase security by introducing MFA as well as context-based user journeys. Protect a website using PingGateway
  • Implement and manage comprehensive authorization policies in Advanced Identity Cloud to control resource access and enable continuous contextual authorization
  • Understand and configure Advanced Identity Cloud managed objects, their properties, and relationships to effectively model your identity data structures and implement delegated administration
  • Configure and manage connections between Advanced Identity Cloud and external resources to enable identity synchronization, reconciliation, and role-based provisioning
  • Master the Advanced Identity Cloud REST interfaces to authenticate, query, and manage identity objects programmatically

The following are the prerequisites for successfully completing this course:

  • Completion of the Getting Started With PingOne Advanced Identity Cloud for Administrators course available at: https://backstage.pingidentity.com/university/
  • Experience with Identity and Access Management
  • Working knowledge of REST communication
Chapter 1: Administering Authentication Journeys

Recap authentication with Advanced Identity Cloud. Increase security by introducing MFA as well as context-based user journeys. Protect a website using PingGateway.

Lesson 1: (Recap) Exploring Authentication in Advanced Identity Cloud
  • Provide a recap of authentication in Advanced Identity Cloud:
  • Introduce the basic concepts of authentication
  • Prepare the lab environment
  • Describe the authentication mechanisms of Advanced Identity Cloud
  • Examine Advanced Identity Cloud default authentication
  • Create and manage journeys
  • Explore journey nodes
  • Create a login journey
  • Test the login journey
Lesson 2: Increasing Authentication Security
Increase authentication security using MFA:
  • Describe MFA
  • Register a device
  • Include recovery codes
  • Examine OATH authentication
  • Implement TOTP authentication
  • Examine Push notification authentication
  • Implement passwordless WebAuthn
  • (Optional) Implement passwordless WebAuthn
Lesson 3: Modifying a User’s Journey Based on Context
Describe how Advanced Identity Cloud can take into account the context of an authentication request in order to take access decisions:
  • Introduce context-based risk analysis
  • Describe device profile nodes
  • Determine the risk based on the context
  • Implement a browser context change script
  • Lock and unlock accounts
  • (Optional) Implement account lockout
Lesson 4: Protecting a Website With PingGateway
Show how PingGateway, integrated with Advanced Identity Cloud, can protect a website:
  • Present Advanced Identity Cloud edge clients
  • Describe PingGateway functionality as an edge client
  • Review the BXE website protected by PingGateway
  • Integrate the BXE website with Advanced Identity Cloud
  • Observe the PingGateway token cookie
  • (Optional) Review PingGateway configuration
Chapter 2: Administering Authorization Policies

Implement and manage comprehensive authorization policies in Advanced Identity Cloud to control resource access and enable continuous contextual authorization.

Lesson 1: Controlling Access
Create security policies to control which users can access specific areas of the website:
  • Describe entitlements with Advanced Identity Cloud authorization
  • Define Advanced Identity Cloud policy components
  • Define policy environment conditions and response attributes
  • Process of Advanced Identity Cloud policy evaluation
  • Implement access control on a website
Lesson 2: Checking Risk Continuously
Review the Advanced Identity Cloud tools used to check the risk level of requests continuously:
  • Introduce continuous contextual authorization
  • Describe step-up authentication
  • Implement step-up authentication flow
  • Describe transactional authorization
  • Implement transactional authorization
  • (Optional) Prevent users from bypassing the default journey
Chapter 3: Administering Managed Objects

Understand and configure Advanced Identity Cloud managed objects, their properties, and relationships to effectively model your identity data structures and implement delegated administration.

Lesson 1: Modeling an Identity Profile
Learn about the different object types in Advanced Identity Cloud, and how you can model a custom user profile onto an existing managed user object type in Advanced Identity Cloud:
  • Review the Advanced Identity Cloud documentation
  • Describe the different object types in Advanced Identity Cloud
  • Map an identity object to a managed object
  • Describe how to use placeholder attributes
  • Model a managed user object in Advanced Identity Cloud
Lesson 2: Introducing Relationships
Describe relationships between managed objects:
  • Describe the purpose of relationships
  • Describe how relationships are stored in the schema
  • Query an object relationship using the REST interface
Lesson 3: Managing Organizations
Set up managed organizations to delegate user administration based on the owner of hierarchical trees:
  • Describe the roles and privileges within an organization
  • Implement the organization example
Chapter 4: Administering Connectors, Synchronization, and Provisioning

Configure and manage connections between Advanced Identity Cloud and external resources to enable identity synchronization, reconciliation, and role-based provisioning.

Lesson 1: Connecting to External Resources Using Connectors
Describe the connectors supported in Advanced Identity Cloud, and how to create connector configurations to communicate with external resources:
  • Describe how to connect external resources to Advanced Identity Cloud
  • Configure communication between Advanced Identity Cloud and a remote connector server (RCS)
  • Describe how to connect to external resources using ICF connectors
Lesson 2: Configuring Connectors Over the Identity Management Admin UI
  • Describe the process for creating a connector configuration using the Identity Management admin UI
  • Describe the object types and property mappings
  • Add a connector configuration for an external LDAP resource
Lesson 3: Performing Basic Synchronization
Describe how to use the Identity Management admin UI to create synchronization mappings (sync mappings) to reconcile identities between Advanced Identity Cloud and an external resource:
  • Describe how to create mappings to synchronize identity objects and properties
  • Describe how to create a sync mapping from Advanced Identity Cloud to an external resource
  • Describe how to add source and target properties to the sync mapping
  • Describe how to add a correlation query and a situational event script
  • Describe how to set the situational behaviors and run reconciliation
  • Add a sync mapping from Advanced Identity Cloud to an LDAP server
  • Describe the sync mapping from an LDAP server to Advanced Identity Cloud
  • Add a sync mapping from an LDAP server to Advanced Identity Cloud
Lesson 4: Running Selective Synchronization and LiveSync
Filter objects that are synchronized and automate synchronization using LiveSync:
  • Describe the different methods that you can use to filter entries
  • Run selective synchronization using filters
  • Describe how to use LiveSync to synchronize changes
  • Trigger LiveSync on a connector
  • Describe how to schedule LiveSync
  • Schedule LiveSync with an external resource
Lesson 5: Configuring Role-Based Provisioning
Automatically provision users to a set of LDAP groups based on role membership:
  • Describe how to provision attributes to a target system based on static role assignments
  • Describe the steps to enable role-based provisioning
  • Query the role assignment properties using the REST interface
  • Provision attributes to a target resource based on static role assignments
  • Describe how to provision attributes to a target system based on dynamic role assignments
  • Provision attributes to a target resource based on dynamic role assignments
  • Describe how to add temporal constraints to a role
  • Add temporal constraints to a role
Chapter 5: Access Advanced Identity Cloud Over REST

Master the Advanced Identity Cloud REST interfaces to authenticate, query, and manage identity objects programmatically.

Lesson 1: Authenticating Over REST
Use Postman to access the Advanced Identity Cloud REST API and authenticate either using a simple (header-based) approach or a more complex approach, where the server may request additional information from the client using callback:
  • Understand the REST authentication protocol
  • Authenticate with REST
  • Authenticate using header-based simple authentication
  • Authenticate using callback-based complex authentication

Lesson 2: Querying Advanced Identity Cloud Objects Over REST

  • Create security policies to control which users can access specific areas of the website:
  • Describe how to query objects using the REST interface
  • Describe how to use the Advanced Identity Cloud Postman collection
  • Query Advanced Identity Cloud Identity objects using Postman
PingOne Advanced Identity CloudPingGateway
May 26
3 days
More information
ping logo
PDS-400-BVP Rev A

PingDS Administration

This course is designed to provide students with the knowledge and concepts necessary to install, configure, and maintain a PingDS (DS), formerly known as ForgeRock® Directory Services, deployment.

Note: Revision A of this course is based on version 8.0.0 of DS.


Upon completion of this course, you should be able to:

  • Understand how to deploy directory servers, and directory proxy servers, manage replication, upgrade DS servers, and configure the DS password synchronization plugin
  • Measure performance, tune, and troubleshoot DS
  • Use the HTTP Directory Access Protocol (HDAP) APIs for REST-based HTTP(S) access to directory services

The following are the prerequisites for successfully completing this course:

  • Knowledge of Lightweight Directory Access Protocol (LDAP).
  • An understanding of how directory servers function.
  • An understanding of REST and HTTP.
  • Knowledge of UNIX/Linux commands.
  • A basic knowledge of Java based environments would be beneficial, but no programming experience is required.

Completion of the PDS-100: Introduction to PingDS and PDS-330: Getting Started with PingDS on-demand courses.

Chapter 1: Deploying Directory Services

Understand how to deploy directory servers, and directory proxy servers, manage replication, upgrade DS servers, and configure the DS password synchronization plugin.

Lesson 1: Installing Directory Servers
  • Install directory servers for custom and Ping Identity Platform (Identity Platform) product deployments:
  • Prepare for a directory server installation
  • Access your lab environment
  • Prepare the lab environment
  • Install a directory server
  • Prepare directory servers for Identity Platform installations
  • Set up directory servers for AM
  • Set up a directory server as an IDM repository
  • Synchronize passwords with IDM
  • Configure password synchronization

Lesson 2: Replicating Data

  • Implement high availability for directory servers and maintain, monitor, and restore a replicated directory server topology:
  • Plan for replication
  • Install a replicated topology
  • Manage a replicated topology
  • Monitor and maintain replication
Lesson 3: Upgrading DS Servers
  • Prepare for and perform an upgrade of directory servers in a DS 7 replicated topology to DS 8:
  • Describe upgrade options
  • Upgrade DS 7 servers to DS 8
Lesson 4: Installing DS Directory Proxy
  • Understand the role of DS directory proxy and install DS directory proxy to provide a single point of entry to directory servers:
  • Introduce DS directory proxy
  • Install DS directory proxy
  • Provide a single point of access to replicas
Chapter 2: Tuning and Troubleshooting DS

Measure performance, tune, and troubleshoot DS.

Lesson 1: Measuring Performance
  • Understand performance requirements and settings that may be tuned to improve directory server performance:
  • Explain settings that affect performance
  • Prepare the lab environment
  • Tune the JE DB cache and generate performance tests
Lesson 2: Troubleshooting
  • Configure log files, collect troubleshooting data for Support, and monitor a DS deployment with Prometheus and Grafana:
  • Explain how to collect data for support
  • Collect data for support
  • Explore log files
  • Manage log files
  • Monitor a DS deployment
  • Observe monitoring metrics
Chapter 3: Accessing PingDS over HTTP(S)

Use the HTTP Directory Access Protocol (HDAP) APIs for REST-based HTTP(S) access to directory services.

Lesson 1: Introducing HDAP
  • Access directory servers and perform operations over HTTP(S):
  • Describe REST-based HTTP access
  • Prepare the lab environment
  • Examine HTTP and HDAP configuration properties
  • Verify HDAP authentication
  • Explain HDAP operations
  • Manage resources with HDAP
Lesson 2: Using Account Management Actions
  • Manage passwords and display account usability information and resource schema:
  • Manage passwords
  • Update passwords
  • View JSON Schema
  • Get JSON schema
PingDS
May 27
3 days
More information