Unlock your full potential in IAM
This is Identitrain
Master Identity and Access Management with world-class training designed by experts who live it every day.
Led by practitioners, not theorists, our training gives you the skills to design, implement, and secure identity solutions that protect what matters most.
Choose Your Path to IAM Mastery
Built for Every IAM Professional
Training Designed by Practitioners, Proven in the Field
Join a Growing Community of IAM Experts
Upcoming
Courses
PingOne Administration
This course gives learners the tools to get started with PingOne administration. It covers initial setup tasks, including creating and managing PingOne environments, application integration, and customization. This course also provides information on most common administration tasks, including user and group management, managing access policies, best practices, and troubleshooting of common issues.
Upon completion of this course, you should be able to:
- Summarize PingOne capabilities and key features, describe PingOne support resources, and create a new PingOne environment
- Demonstrate administration of PingOne user populations, user roles, attributes, and groups
- Demonstrate integration and troubleshooting of PingOne applications
- Demonstrate how to use access control policies within PingOne
- Describe how to manage the process of establishing a person’s identity and then using this identity in later transactions within PingOne
- Demonstrate troubleshooting techniques and best practices within PingOne
The following are the prerequisites for successfully completing this course:
- Completion of the following courses available at: https://backstage.forgerock.com/university/ping/on-demand/category/PING
- PingOne Fundamentals
- Introduction to PingOne MFA
- Getting Started With PingOne MFA
- Getting Started With PingOne SSO
- (Optional) Introduction to PingOne DaVinci
- Describe PingOne as a cloud-based IDaaS solution
- Describe PingOne environment solutions
- Create a new environment
- Locate Ping Identity support resources
Lesson 1: Managing Users and Populations
Describe how to manage users in PingOne, including how to create populations and add individual users:
- Review default users
- Edit default users
- Create populations
- Create a new population
- Create new users
- Create a new user
- Manage administrator roles
- Assign roles to administrators
- Understand user attributes
- Manage user attributes
- Manage user groups
- Manage user group memberships
Lesson 1: Describing the Supported Federation Protocols
- Understand federation protocols
- Add an application from the catalog
- Understand SAML2
- Add a custom SAML2 application
- Understand OAuth2
- Understand OIDC
- Add a custom OIDC application
- Administer the Application Portal
- Describe authentication failures
- Define SSO failures
- Describe attribute mapping errors
- Determine certificate issues
- Define group membership issues
- Describe application integration issues
- Define gateway access issues
- Describe best practices
Lesson 1: Managing Authentication Policies
- Describe authentication policies
- Create an authentication policy
- Define password policies
- Edit a password policy
- Describe MFA and FIDO policies
- Create an MFA policy
- Create a FIDO policy
Lesson 1: Managing User Onboarding
- Onboard users
- Create users manually
- Provision users
- Administer user accounts
- Manage a user account
- Offboard users
- Monitor activity and view reports
Chapter 6: Troubleshooting and Best Practices
Demonstrate troubleshooting techniques and best practices within PingOne.
- Introduce the troubleshooting process
- Understand common troubleshooting techniques
- Maintain a healthy PingOne environment
PingFederate Administration
This course implements various use cases with PingFederate and introduces industry concepts such as federation, SAML, and OAuth. The course also includes PingFederate-specific topics such as integration kits, adapters, SSO connections, and OAuth configuration. Hands-on exercises allow the participants to have first-hand experience in configuring PingFederate, establishing a web SSO connection and OAuth clients, and doing some basic troubleshooting.
The following are the prerequisites for successfully completing this course:
- Completion of the Getting Started With PingFederate course available at:
Day 1: Background of Federation Web SSO and Core Product
- Introduction to identity federation
- Introduction to integration kits
- Configuring SP and IdP adapters and password credential validators
- Lab 1: HTML Form Adapter and Reference ID adapter configuration
- Introduction to SAML
- Configuring IdP and SP SSO connection
- Lab 2: Creating connections for IdP and SP web SSO
- Lab 2: Creating connections for IdP and SP web SSO
- Server logs
- Lab 3: Review the server logs to follow and SSO transaction
Day 2: Further Integration and PingFederate Functionality
- Attribute mapping and data source
- Lab 4: Mapping attributes from external sources
- Lab 5: Using an external source for authentication
- Introduction to authentication policies
- Lab 6: Creating authentication selectors, policy contracts, and authentication policies
- Lab 7: Tracing SSO transactions in the PingFederate logs
Day 3: OAuth2 and Advanced Administration
- Introduction to OAuth2
- OAuth2 scopes and access tokens
- Lab 8: Configuring OAuth2 grants (including token validation, authorization code)
- Lab 9: Create an OAuth client for client Credentials grant type
- Lab 10: Create an OAuth client for a resource server
- Lab 11: Create an OAuth client for authorization grant type
- PingFederate administrative API
- Lab 12: Using the admin API
- Server Administration
- Deployment scenarios and clustering
- Lab 13 (optional): Configuring a cluster
PingDirectory Administration
This course provides the knowledge you need to install and administer each component of the PingDirectory platform which includes: PingDirectory server, PingDirectoryProxy server, PingDataSync server, the PingData Software Development Kit (SDK), and Delegated User Administration. This course references real-world scenarios driven by recurring use cases. You learn how to install each PingDirectory platform component, perform basic maintenance, using the monitoring and troubleshooting tools. While, hands-on lab exercises provide the first-hand experience installing, configuring, tuning, and using the troubleshooting tools
This course is built on version 10.
Upon completion of this course, you should be able to:
- Describe the PingDirectory capabilities and key features, summarize the installation procedures, and review the initial configuration tasks
- Deploy, fine tune, and configure the PingDirectory server to meet the needs of your production environment
- Describe how to install and manage the PingDirectoryProxy server
- Describe the functions provided by the PingDataSync server, and how to install, configure, and synchronize the PingDataSync server
- Describe common maintenance and necessary troubleshooting tasks needed to optimize PingDirectory performance.
The following are the prerequisites for successfully completing this course:
- Knowledge of UNIX/Linux commands.
- A basic understanding of how directory servers function.
- A basic understanding of REST and HTTP.
- A basic knowledge of Java based environments would be beneficial, but no programming experience is required.
- Completion of the Introduction to PingDirectory available at: https://backstage.pingidentity.com/university/
Chapter 1: Installing PingDirectory
Describe the PingDirectory capabilities and key features, summarize the installation procedures, and review the initial configuration tasks.
- Describe the key features of PingDirectory
- Perform pre-installation procedures
- Install PingDirectory
- Describe post-installation procedures
- Use server profiles
- (Optional) Install PingDirectory
Chapter 2: Deploying PingDirectory
Lesson 1: Managing the Schema
- Describe the schema
- Modify the schema
- Modify the schema
- Modify object classes
- Create auxiliary object classes
- Load custom schema elements
- Search entries
- Manage entries
- Create objects
- Prevent data vulnerability
- Keep data secure
- Configure encryption settings
- Define virtual attributes
- Administer virtual attributes
- Describe password policies
- Create a password policy
- Manage JSON attributes
- Create JSON attributes
- Manage the Password Policy State JSON
- Administer JSON Attributes
- Understand the Rest APIs
- Use the SCIM 2.0 REST API
- Administer the Directory REST API
- Manage log publishers
- Configure logging
- Create a log publisher
- Understand replication
- Enable replication
- Resolve conflicts
- Understand the replication protocol
- Use replication over WAN
- Plan deployment
- Configure replication
- Scale replication
- Enable the replication process
- Define the topology registry
- Administer the server topology
- Describe the key features
- Describe the installation process
- Install the PingDirectoryProxy server
- Lesson 3: Managing the PingDirectoryProxy Server
- Describe the key advanced PingDirectoryProxy server transformation features:
- Describe the proxy transformations
- Understand entry balancing
- Create transformations
- Describe the key features
- Install the PingDataSync server
- Use the start, stop, and restart commands
- Describe the failover server
- Install the failover server
- Install the PingDataSync server
- Define Sync Pipe components
- Create the synchronization flow
- Use the retry mechanism
- Configure the PingDataSync server
- Configure and synchronize the PingDataSync server
- Synchronize with a relational database
- Synchronize with AD
- Describe the key features of the Server SDK
- Use the start, stop, and restart server commands
- Understand common maintenance tasks
- Perform maintenance tasks
- Understand Delegated Admin
- Configure Delegated Admin
- Administer Delegated Admin
- Understand data recovery
- Perform data recovery
- Monitor the PingDirectory server
- Understand how to troubleshoot issues
- Repair a conflict resolution
- Use troubleshooting tools
PingOne Protect Administration
This course shows students how to deploy, configure, and administer PingOne Protect. Through a combination of guided instruction and hands-on exercises, students work in a live environment to learn how to implement risk-based policies, integrate with PingOne DaVinci (DaVinci), and monitor threats using real-time dashboards. Students are provided with a functional PingOne Protect environment where they learn how to configure risk predictors and policies, orchestrate risk-based multi-factor authentication (MFA) experiences, and reduce MFA fatigue while maintaining strong security controls. The course also guides students through preventing Account Takeover (ATO) and New Account Fraud (NAF) by correlating risk signals, tuning policies, and applying best practices to optimize fraud detection and minimize false positives.
Upon completion of this course, you should be able to:
- Deploy PingOne Protect by configuring predictors and risk policies, integrating with DaVinci, and monitoring risk through the Threat Protection Dashboard
- Analyze risk signals and adjust multi-factor authentication (MFA) requirements using DaVinci orchestration flows to balance security and user experience
- Identify complex fraud patterns and implement risk-based policies to proactively mitigate ATO and NAF across your environments
- Monitor risk events and evaluate policy performance in PingOne Protect so you can use reporting and analytics to identify trends, investigate anomalies, and refine risk policies while preserving a seamless user experience
The following are the prerequisites for successfully completing this course:
- Completion of the following courses available at:https://training.pingidentity.com/on-demand/category/PING
- Introduction to PingOne Protect
- Introduction to PingOne DaVinci
- Introduction to PingOne MFA
Chapter 1: Deploying PingOne Protect
Deploy PingOne Protect by configuring predictors and risk policies, integrating with DaVinci, and monitoring risk through the Threat Protection Dashboard.
Lesson 1: Introducing PingOne Protect
Describe the core features of PingOne Protect and how it fits within the PingOne Identity Platform (Identity Platform):
- Identify PingOne Protect
- Analyze scenarios
- Set up the Ping Identity environment (optional)
Lesson 2: Reviewing Architecture and Components
Understand how PingOne Protect integrates with DaVinci, define its core operational components (predictors and risk policies), and examine the architecture that connects and orchestrates these elements:
- Define risk predictors
- Administrate risk predictors
- Configure risk policies
- Create risk policies
Lesson 3: Integrating and Monitoring Threat Protection
Use the PingOne Protect connector and the Threat Protection Dashboard to integrate risk evaluation into DaVinci flows and monitor threats across your environment:
- Integrate PingOne Protect with DaVinci
- Monitor Risk with the Threat Protection Dashboard
Chapter 2: Optimizing MFA for Risk and Experience
Analyze risk signals and adjust MFA requirements using DaVinci orchestration flows to balance security and user experience.
Lesson 1: Understanding Risk-Based MFA
Differentiate risk-based MFA from traditional static MFA and configure your environment to support adaptive MFA:
- Contrast traditional and risk-based MFA
- Configure the environment post-MFA setup (optional)
Lesson 2: Implementing MFA Scenarios
Configure MFA for PingOne Protect and run DaVinci workflows to observe and troubleshoot different risk-based login scenarios:
- Initiate a new user account interaction
- Log in as a High-Risk user
- Log in as a Medium-Risk user
- Log in as a Low-Risk user
Lesson 3: Reducing MFA Fatigue
Apply techniques and configurations that minimize unnecessary MFA prompts without compromising security:
- Understand MFA fatigue
- Mitigate MFA fatigue
- Test risk-based authentication flows
Chapter 3: Preventing Account Takeover and New Account Fraud
Identify complex fraud patterns and implement risk-based policies to proactively mitigate ATO and NAF across your environments.
Lesson 1: Understanding the Fraud Cycle
Analyze fraud stages, map indicators to risk signals, and configure the Protect Synthesizer (ProtectSynth) to implement ATO and NAF risk policies that disrupt fraudulent activity:
- Define the fraud cycle
- Disrupt the fraud cycle using PingOne Protect
- Illustrate fraud cycle scenarios
- Create ATO and NAF risk policies
- Install and configure ProtectSynth
Lesson 2: Configuring Risk Policies to Prevent ATO
Correlate PingOne Protect predictors with risk signals, simulate user events, and optimize risk policies to maximize detection accuracy while minimizing false positives and false negatives:
- Correlate ATO risk patterns with predictors
- Deploy composite predictors to minimize false negatives
- Mitigate ATO risk using composite predictors
Lesson 3: Configuring Risk Policies to Prevent NAF
Configure and validate a NAF risk policy in PingOne Protect, by correlating risk predictors and detecting coordinated fraud patterns:
- Correlate and detect NAF risk patterns
- Configure and validate the NAF risk policy
Lesson 4: Optimizing Risk Policies for ATO and NAF
Apply ATO and NAF prevention best practices and tune corresponding risk policies to optimize fraud detection while minimizing false positives and operational impact:
- Describe best practices to prevent ATO and NAF
- Implement best practices to prevent ATO and NAF
- Tune the ATO risk policy
- Tune the NAF risk policy
Chapter 4: Managing PingOne Protect
Monitor risk events and evaluate policy performance in PingOne Protect so you can use reporting and analytics to identify trends, investigate anomalies, and refine risk policies while preserving a seamless user experience.
Lesson 1: Monitoring Risk Events and Policy Performance
Analyze and monitor PingOne Protect components, interpret flow types and associated risk policies, and regulate false positives so you maintain accurate risk evaluation and strong policy performance:
- Observe PingOne Protect components
- Understand flow types and risk policies
- Monitor user events
Lesson 2: Tuning Risk Policies
Optimize PingOne Protect risk policies by preparing for effective tuning, adjusting key predictors, and using staging policies and dashboards to validate and improve policy performance before production:
- Prepare for tuning
- Harness risk predictors and staging policies
- Use staging policies to refine risk policies
Lesson 3: Reporting and Analytics Best Practices
Apply reporting and analytics best practices by explaining the strategic value of PingOne Protect risk data and analyzing the Threat Protection Dashboard views to support informed, data-driven security decisions:
- Emphasize reporting and analytics
- Analyze risks in the Threat Protection Dashboard
PingFederate Advanced Administration
This course steps the learner through various advanced PingFederate administration topics, such as configuring memory options for PingFederate, logging to a database server, configuring certificate revocation checking and certificate rotation, configuring self-service features of the HTML Form Adapter, identity provider (IdP) to service provider (SP) bridging, clustering with dynamic discovery, and more.
The following are the prerequisites for successfully completing this course:
- Completion of the PingFederate Administration course, or
- Equivalent experience with PingFederate
Day 1: Course Introduction
- Server Administration
- Configuring JVM memory options
- Configuring virtual host names
- Certificate based console administration
- Lab 1: Configuring OIDC-based console single sign-on (SSO)
- Customizing audit logs
- The log4j2.xml file
- Logging to an external database
- Lab 2: Logging with PingFederate
- Certificates
- Certificate revocation checking
- Certificate rotation
- HTML Form Adapter Self-Service Features
- Password spray and account lockout prevention
- Self-service password change
- Self-service password reset
- Self-service username recovery
- Lab 3: HTML Form Adapter self-service options
- HTML Form Adapter Self-Registration
- Customer IAM with local identity profiles
- Self-registration with local identity profiles
- Self-registration using third-party IdPs
- Lab 4: HTML Form Adapter customer registration
- Advanced Attribute Mapping
- Using multiple datastores
- Using REST API as a datastore
- Extended properties
- PingDirectory virtual attributes
- SSO Connections
- Customizing SSO URLs
- SP target URL mapping
- IdP-to-SP bridging
- Session management
- Lab 5: SSO connections
- Federation Hub
- Bridging an IdP to an SP
- Bridging an IdP to multiple SPs
- Bridging multiple IdPs to an SP
- Bridging multiple IdPs to multiple SPs
- OAuth2 and OIDC
- Dynamic client registration
- Using directories for persistent grant storage
- Creating and managing OIDC profiles
- Lab 6: Configuring OIDC profiles
- Clustering
- Cluster protocol architecture
- Runtime state management architecture
- Adaptive clustering
- Directed clustering
- Dynamic discovery
- Cluster replication
- Lab 7: Clustering
- Troubleshooting
- SSO issues
- OAuth2 issues
- Certificate issues
Getting Started With PingOne Advanced Identity Cloud for Administrators
Upon completion of this course, you should be able to:
- Describe how to access an Advanced Identity Cloud tenant as an administrator and understand UI integration options
- Manage identities with the Advanced Identity Cloud admin UI and implement delegated administration to manage organizations and reset user passwords
- Manage journeys, email templates used in journeys, and authentication sessions as an Advanced Identity Cloud administrator
- Understand the use of Applications, synchronize identities between Advanced Identity Cloud and external applications, and explore how Identity Gateway can protect web applications when it is integrated with Advanced Identity Cloud
- Manage the configuration, monitor tenant activities, and perform common administration tasks for Advanced Identity Cloud tenants
The following are the prerequisites for successfully completing this course:
- Completion of the Product Essentials courses available at: https://backstage.forgerock.com/university/cloud-learning
- Introduction to PingAM
- PingIDM Essentials
- PingGateway Essentials
- Introduction to PingDS
Invite additional administrators using the Advanced Identity Cloud admin UI, which is an administrative interface to manage your tenant settings:
- Introduce the Advanced Identity Cloud admin UI
- Manage administrators
- Invite an administrator
Understand UI integration options:
- Explain UI integration options
- Configure themes for the Alpha and Bravo realms
Chapter 2: Administering Identities
Manage user identities:
- Introduce managed objects
- Manage a user profile
Bulk import user identities from a CSV file to add test users to your tenant:
- Describe bulk import
- Import test users
Explain how an organization hierarchical structure can be used to model a brand hierarchy to control access to business applications:
- Describe roles and privileges within an organization
- Implement delegated administration for an organization model
Explain how to delegate administration privileges to managed users:
- Delegate administration privileges
- Delegate password reset
Understand how journeys are used with Advanced Identity Cloud and how to import, export, and debug journeys:
- Introduce journeys
- Modify journeys
- Describe how to export and import journeys
- Export and import journeys
- Describe how to debug a journey
- Enable debug mode on a user journey
Understand how authentication sessions are used with Advanced Identity Cloud and how to invalidate server-side sessions:
- Describe server-side sessions
- Invalidate server-side sessions
Understand the use of email templates in a journey flow:
- Explore email templates and nodes
- Configure email templates
- Use email templates in user journeys
Describe the role of an application in Advanced Identity Cloud:
- Introduce applications
- Register a Bookmark app
Connect to external resources using a Remote Connector Server (RCS), and synchronize identities between Advanced Identity Cloud and on-prem resources:
- Explain how to connect to external resources
- Configure an RCS cluster
- Configure debug logging
- Add an authoritative application
- Explain synchronization
- Create inbound mappings and run reconciliation
- Synchronize passwords
- Create a target Application with outbound mappings
Demonstrate how PingGateway can protect a web application when it is integrated with Advanced Identity Cloud:
- Introduce PingGateway
- Integrate PingGateway with Advanced Identity Cloud
- Integrate the PingGateway sample application with Advanced Identity Cloud
Explain how to create service accounts to use the REST API endpoints, create a baseline configuration repository for developers, manage ESVs, and understand the promotion process:
- Introduce Service Accounts
- Create and manage a service account
- Introduce the Advanced Identity Cloud REST API
- Display Advanced Identity Cloud identities using the REST API
- Introduce configuration management
- Create a baseline configuration repository
- Describe how to manage ESVs
- Create and call ESV variables
- Promote your configuration
Explore and retrieve log data using the REST API and the Frodo CLI, monitor tenant activities, and visualize monitoring metrics using Prometheus and Grafana:
- Explore Logs
- Retrieve log data using the REST API
- Retrieve log data using the Frodo CLI
- Monitor your tenant
- Monitor tenant health and visualize monitoring metrics
- Explore the Advanced Identity Cloud analytics dashboard
Explain how an Advanced Identity Cloud administrator manages realm password policies:
- Manage realm password policies
- Configure password policies
Understand additional tasks that an Advanced Identity Cloud administrator should be aware of:
- Introduce outbound static IP addresses
- View outbound static IP addresses
- Manage tenant certificates
- Add a custom domain name