Unlock your full potential in IAM

This is Identitrain

Master Identity and Access Management with world-class training designed by experts who live it every day.

Led by practitioners, not theorists, our training gives you the skills to design, implement, and secure identity solutions that protect what matters most.

Choose Your Path to IAM Mastery

Whether you’re starting your IAM journey or advancing toward certification, our structured learning paths guide you every step of the way. Select from Identity Management, Access Management, Governance, or Best Practices tracks designed to match your role and goals.

Explore Our Learning Paths

Built for Every IAM Professional

From architects and developers to project managers and business leaders, Identitrain delivers training that fits your role. Whether you’re designing IAM strategies, building integrations, or leading transformation projects, we’ve got a path for you.

See Our Classes

Training Designed by Practitioners, Proven in the Field

Our instructors bring years of real-world IAM experience into the classroom. We blend vendor-agnostic fundamentals with deep expertise in leading platforms like Ping, SailPoint, Okta, and beyond. Every course is modular, lab-focused, and designed to give you actionable skills you can immediately put to use!

Meet Our Instructors

Join a Growing Community of IAM Experts

Training doesn’t end with the last session. Graduates join our global practitioner network, gaining access to peer discussions, expert webinars, alumni resources, and exclusive discounts. Learn, connect, and grow alongside IAM professionals worldwide.

Get Connected!

Upcoming
Courses

PA-400 BVP Rev A

PingAccess Administration

This course provides the information you need to set up and configure PingAccess as a policy server to protect both web applications and APIs. After completing this course, you will know how to configure PingAccess in both a gateway and agent model, and configure different types of policies that PingAccess offers.

Upon completion of this course, you should be able to:

Discover how to configure PingAccess as a reverse proxy, and connect PingAccess to a token provider (PingFederate)
Configure PingAccess as a Reverse Proxy
Configure policies in PingAccess to further bolster administration capabilities

The following are the prerequisites for successfully completing this course:

Completion of the following courses:https://backstage.pingidentity.com/university/on-demand/category/PING
Introduction to PingAccess
Getting Started With PingAccess
Introduction to PingFederate
Getting Started With PingFederate

Chapter 1: Configuring and Connecting PingAccess

Discover how to configure PingAccess as a reverse proxy, and connect PingAccess to a token provider (PingFederate).

Lesson 1: Configuring PingAccess as a Reverse Proxy (Gateway Model)

Describe how to configure PingAccess as a reverse proxy (gateway model):

Introduce the gateway model
Enable PingAccess as a reverse proxy
Configure PingAccess resources and rewrite rules

Lesson 2: Connecting PingAccess to a Token Provider (PingFederate)

Describe the responsibilities of token providers and how to configure PingAccess to use PingFederate as a token provider:

Introduce token providers
Configure OAuth2 in PingFederate
Configure PingAccess using the gateway model

Chapter 2: Configuring PingAccess Applications, Agents, and Sites

Configure PingAccess as a Reverse Proxy.

Lesson 1: Protecting Web Apps

Describe how to protect web apps by configuring them with PingAccess and OpenID Connect (OIDC):

Define the OIDC protocol
Introduce web sessions
Create a web session using OIDC claims

Lesson 2: Working With Sites

Create identity mappings and advanced web session:

Create identity mappings and advanced web sessions

Lesson 3: Working With Rules and Policies

Describe how to work with rules and policies within PingAccess:

Describe the rules and policies process
Create web access rules
Create API access control rules

Chapter 3: Configuring Policies and Administration

Configure policies in PingAccess to further bolster administration capabilities.

Lesson 1: Maintaining PingAccess Discuss how to maintain PingAccess through resources, audit logs, and redirection:

Dive deeper into resources
Examine audit logs
Manage redirection

Lesson 2: Configuring PingAccess as a Policy Server (Agent Model)

Configure PIngAccess to be a policy server by implementing the agent model:

Introduce the agent model

Lesson 3: Optimizing and Configuring PingAccess

Optimize PingAccess through configuration, single sign-on (SSO), and the admin API:

Implement improvements
Enable PingAccess administrator SSO
Use the PingAccess administrative API
Increase the JVM Heap Size

Lesson 4: Creating PingAccess Clusters

Create PingAccess clusters to increase resilience and simplify procedures:

Deploy clustersConfigure simple clusters in PingAccess (Optional)

PingAccessPingFederate

May 21

2 days

More information

IG-430-BVP Rev A

PingGateway Deep Dive

The aim of this course is to showcase the key features and capabilities of the versatile and powerful edge security solution with the PingGateway environment, formerly known as ForgeRock® Identity Gateway. It provides the student with the knowledge and confidence to manage their own environment. It is accepted that this course is not able to demonstrate all the features and capabilities of PingGateway. Further information and guidance can be found in the documentation and knowledge base documents in the online repositories at: Backstage https://backstage.forgerock.com.

Note: Revision A of this course is based on version 7.2 of PingGateway.

Upon completion of this course, you should be able to:

Integrate and protect web applications, APIs, legacy applications, and microservices with the Ping Identity Platform (Identity Platform), formerly known as ForgeRock® Identity Platform, by using PingGateway
Add authentication to the ForgeRock Entertainment Company (FEC) solution using PingOne Advanced Identity Cloud (Advanced Identity Cloud), formerly known as ForgeRock® Identity Cloud, or PingAM (AM), formerly known as ForgeRock® Access Management, as the access manager, OpenID Connect (OIDC) provider, and Security Assertion Markup Language (SAML2) identity provider (IdP)
Demonstrate how to use PingGateway to manage access to a website using Advanced Identity Cloud (or AM) policies and policies with advice
Protect a REST API with PingGateway and extend PingGateway functionality with scripting
Highlight various areas that must be taken into account when preparing PingGateway for a production environment. Topics discussed include auditing, monitoring, tuning, security, and deployment

The following are the prerequisites for successfully completing this course:

Completion of the PingGateway Essentials course available at: https://backstage.forgerock.com/university/forgerock/on-demand/path/TGVhcm5pbmdQYXRoOjQ%3D/chapter/Q291cnNlOjE1NzI2

Chapter 1: Integrating Applications With PingGateway

Integrate and protect web applications, APIs, legacy applications, and microservices with Identity Platform by using PingGateway.

Lesson 1: Introducing PingGateway
Introduce PingGateway and discuss scenarios for protecting web applications, APIs, and legacy applications:

Introduce PingGateway
Describe PingGateway features
Compare PingGateway with policy agents
Explore PingGateway integration with web applications
Describe PingGateway integration with OIDC and SAML
Explore PingGateway policy enforcement and second-factor authentication (2FA)
Describe PingGateway protection of APIs
Access your CloudShare VM
Examine the lab environment
Access the FEC and DVD4U websites

Lesson 2: Fronting a Website With PingGateway
Configure PingGateway to listen for secure connections, operate in development mode, and be a reverse proxy in front of the FEC website:

Examine the PingGateway configuration structure
Describe required PingGateway configuration
Configure PingGateway for secure connections
Configure PingGateway routes
Creating and managing routes in PingGateway Studio
Protect a website by using PingGateway Studio
Upgrade a route to use WebSockets
Configure PingGateway for development mode and TLS connections
Protect the FEC website with PingGateway by using PingGateway Studio
Manage routes in PingGateway Studio and examine PingGateway log files

Lesson 3: Routing Requests and Responses
Configure PingGateway to route requests depending on external conditions, and use various filters and handlers to process requests and responses within a route:

Describe the PingGateway object model
Examine objects available in routes
Retrieve context data and configure sessions
Route requests depending on conditions
Describe route handlers
Manage requests and responses with a route handler
Process requests and responses with filters
Create a route to allow access to a public area of FEC
Add a page not found route
Create a route to access the legacy DVD4U application
Add password replay for the DVD4U application

Lesson 4: Configuring PingGateway Logging and Capturing Route Communication
Introduce decorators, capture information in the PingGateway logs information using the CaptureDecorator, and retrieve credentials from a file with a FileAttributesFilter:

Manage PingGateway logs
Introduce Decorators
Configure route activity logs
Capture inbound and outbound communication
Retrieve credentials from a file
Observe requests and responses in PingGateway logs
Test different capture configuration settings
Centralize PingGateway logging configuration
Modify the DVD4U route to get credentials from a file
Use Logback configuration for troubleshooting

Chapter 2: Configuring Agentless Single Sign-On

Add authentication to the FEC solution, using Advanced Identity Cloud or AM as the access manager, OIDC provider, and SAML2 identity provider.

Lesson 1: Implementing Authentication with the SSO Filter
Implement authentication for websites with the single sign-on (SSO) filter by using PingGateway to interact with Advanced Identity Cloud or AM as the authentication server, to ensure access to non-public content requires authentication:

Create a route by using the PingGateway Studio Freeform Designer
Configure Advanced Identity Cloud or AM as a service
Describe how to use the SSO Filter
Retrieve user data from the authentication provider
Configure PingGateway as an HTTPS client
Create a route with the PingGateway Studio Freeform Designer
Redirect requests to AM for authentication
Configure PingGateway for client-side HTTPS
Access properties in SSO token context
Retrieve user profile data for display in a web page
Store information in a PingGateway HTTP session
Configure capture decorators in Freeform Designer

Lesson 2: Configuring CDSSO for the Legacy Application
Configure cross-domain single sign-on (CDSSO) to support applications located in different domains, by using the CrossDomainSingleSignOnFilter:

Describe the CDSSO Filter
Configure the CDSSO Filter Solution
Configure CDSSO redirect endpoints
Integrate the legacy application with CDSSO
Create a new route to protect DVD4U with CDSSO and AM
Update the DVD4U route to automatically log in the authenticated user
Prepare the Advanced Identity Cloud tenant
Protect the DVD4U and FEC websites using CDSSO with Advanced Identity Cloud

Lesson 3: Performing SSO With PingGateway as an OIDC Relying Party
Configure PingGateway to operate as an OIDC client (relying party) to offer potential subscriber users access to the trial sections and immediate access to promotional content of the website by using their Gmail account:

Describe basic OIDC concepts
Configure PingGateway as an OIDC client
Examine the flow of OIDC redirects for authentication and consent
Explore the flow of OIDC callbacks and data injection
Configure an OIDC relying party route
Examine the OIDC relying party solution

Lesson 4: Providing SSO with PingGateway as a SAML2 SP
Configure PingGateway to act as a SAML2 service provider (SP), enabling an application to be SAML2-compliant:

Authenticate with a SAML2 identity provider (IdP)
Describe the use of the SAML federation handler
Describe the use of the dispatch handler
Describe the SAML2 implementation flow
Set up SAML2 configuration files for PingGateway
Configure a SAML2 route for the trial section
Examine the SAML2 solution (optional)

Chapter 3: Controlling Access with PingGateway as Policy Enforcement Point

Demonstrate how to use PingGateway to manage access to a website using Advanced Identity Cloud (or AM) policies and policies with advice.

Lesson 1: Implementing Authorization With a Policy Enforcement Filter
Configure PingGateway to manage access to a website by evaluating policies configured in Advanced Identity Cloud (or AM) and using a PolicyEnforcementFilter:

Describe the use of the Policy Enforcement Filter
Illustrate the use of the Policy Enforcement Filter
Configure a policy enforcement point (PEP) route for the premium section of FEC
Examine the PEP solution (optional)

Lesson 2: Providing Step-Up Authentication and Transactional Authorization
Illustrate how PingGateway handles step-up authentication and transactional authorization policy advices with Advanced Identity Cloud (or AM):

Describe step-up authentication
Illustrate how PingGateway handles step-up authentication
Describe transactional authorization
Illustrate how PingGateway handles transactional authorization
Configure a PEP route for the on demand and profile sections of FEC
Examine the profile solution (optional)
Examine the on-demand solution (optional)

Chapter 4: Protecting a REST API

Protect a REST API with PingGateway and extend PingGateway functionality with scripting.

Lesson 1: Configuring PingGateway as an OAuth2 Resource Server
Configure PingGateway to act as an OAuth2 resource server that protects a REST API:

Describe the use of the OAuth2 resource server filter
List access token resolvers
Validate certificate-bound access tokens
Observe the flow with the token introspection resolver
Prepare the OAuth2 solution to protect the FEC REST API
Configure PingGateway to protect the FEC REST APIs
Examine the REST API solution (optional)

Lesson 2: Extending Functionality With Scripts
Log information on context, implement dynamic scopes to manage access to resources, and refine allowed access using script-based objects in PingGateway:

Describe the scripting functionality for extending PingGateway
Explore scriptable objects
Examine dynamic scopes solution
Describe OAuth2 token swapping in PingGateway
Configure a scriptable filter to log the content of the OAuth2 context
Configure a dynamic scopes script
Configure a scriptable filter to retrieve the correct favorite list

Chapter 5: Preparing for Production with PingGateway

Highlight various areas that must be taken into account when preparing PingGateway for a production environment. Topics discussed include auditing, monitoring, tuning, security, and deployment.

Lesson 1: Auditing, Monitoring, and Tuning a PingGateway Solution
Prepare PingGateway for a production environment by considering auditing, monitoring, tuning, security, and deployment topics:

Describe the audit framework
Excluding sensitive data from audit logs
Accessing the Common REST API monitoring endpoint
Decreasing the number of requests through caching

Lesson 2: Developing an Awareness of Security Questions With PingGateway
Develop awareness of best practices, describe JwtSessions, examine common secrets, and manage request rates and throttling:

Discuss PingGateway best practices regarding security
Examine the common secrets
Explore secret store types
Describe throttling
Create common secret stores
Configure throttling

Lesson 3: Deploying PingGateway
Explore how to deploy PingGateway into a production context by using property value substitution and clustering:

Describe property value substitution
Set up multiple PingGateway instances
Integrate configuration tokens in the solution
Deploy a second PingGateway instance

PingAM

May 25

5 days

More information

PD-400-BVP Rev A.1

PingDirectory Administration

This course provides the knowledge you need to install and administer each component of the PingDirectory platform which includes: PingDirectory server, PingDirectoryProxy server, PingDataSync server, the PingData Software Development Kit (SDK), and Delegated User Administration. This course references real-world scenarios driven by recurring use cases. You learn how to install each PingDirectory platform component, perform basic maintenance, using the monitoring and troubleshooting tools. While, hands-on lab exercises provide the first-hand experience installing, configuring, tuning, and using the troubleshooting tools

This course is built on version 10.

Upon completion of this course, you should be able to:

Describe the PingDirectory capabilities and key features, summarize the installation procedures, and review the initial configuration tasks
Deploy, fine tune, and configure the PingDirectory server to meet the needs of your production environment
Describe how to install and manage the PingDirectoryProxy server
Describe the functions provided by the PingDataSync server, and how to install, configure, and synchronize the PingDataSync server
Describe common maintenance and necessary troubleshooting tasks needed to optimize PingDirectory performance.

The following are the prerequisites for successfully completing this course:

Knowledge of UNIX/Linux commands.
A basic understanding of how directory servers function.
A basic understanding of REST and HTTP.
A basic knowledge of Java based environments would be beneficial, but no programming experience is required.
Completion of the Introduction to PingDirectory available at: https://backstage.pingidentity.com/university/

Chapter 1: Installing PingDirectory

Describe the PingDirectory capabilities and key features, summarize the installation procedures, and review the initial configuration tasks.

Lesson 1: Providing an Overview of PingDirectory

Describe the capabilities and key features of PingDirectory:

Describe the key features of PingDirectory

Lesson 2: Installing the PingDirectory Server

Summarize the PingDirectory server installation procedures:

Perform pre-installation procedures
Install PingDirectory
Describe post-installation procedures

Lesson 3: Completing Initial Configuration

Complete the PingDirectory server initial configuration settings:

Use server profiles
(Optional) Install PingDirectory

Chapter 2: Deploying PingDirectory

Deploy, fine tune, and configure the PingDirectory server to meet the needs of your production environment.

Lesson 1: Managing the Schema

Describe the functions of the schema, and modify the schema by creating new attribute types, object classes, and a new custom user:

Describe the schema
Modify the schema
Modify the schema
Modify object classes
Create auxiliary object classes
Load custom schema elements

Lesson 2: Managing Objects

Define objects in LDAP and use the command-line tools to search, add, modify, and delete entries:

Search entries
Manage entries
Create objects

Lesson 3: Using Security and Encryption

Describe the basic vulnerabilities in LDAP server implementations, secure server data, use the encryption-settings tool to create an encryption settings database, and create sensitive attributes:

Prevent data vulnerability
Keep data secure
Configure encryption settings

Lesson 4: Using Virtual Attributes

Define virtual attributes and their use, recall the virtual attribute types, and create mirrored virtual attributes:

Define virtual attributes
Administer virtual attributes

Lesson 5: Managing Password Policies

Describe how to use password policies, and then create and assign password policies to individual accounts and/or user groups:

Describe password policies
Create a password policy

Lesson 6: Administering JSON Attributes

Describe how to manage and create JSON attributes:

Manage JSON attributes
Create JSON attributes
Manage the Password Policy State JSON
Administer JSON Attributes

Lesson 7: Managing the REST APIs

Describe the available REST APIs, list the HTTP methods available, and use the Directory REST API to create and update user entries:

Understand the Rest APIs
Use the SCIM 2.0 REST API
Administer the Directory REST API

Lesson 8: Managing Logging

List the three types of available log publishers, describe the elements of the log format, and create log publishers:

Manage log publishers
Configure logging
Create a log publisher

Lesson 9: Managing Replication

Define the replication process and architecture, set up a server topology, enable the replication process, and initialize new replicas:

Understand replication
Enable replication
Resolve conflicts
Understand the replication protocol
Use replication over WAN
Plan deployment
Configure replication
Scale replication
Enable the replication process

Lesson 10: Managing Server Topologies

Discuss the topology registry, create server groups to aid in configuration changes, and compare configurations on separate directory servers:

Define the topology registry
Administer the server topology

Chapter 3: Administering the PingDirectoryProxy Server

Describe how to install and manage the PingDirectoryProxy server.

Lesson 1: Providing an Overview of the PingDirectoryProxy Server

Describe the capabilities and key features of the PingDirectoryProxy server:

Describe the key features

Lesson 2: Installing the PingDirectoryProxy Server

Describe how to install the PingDirectoryProxy server:

Describe the installation process
Install the PingDirectoryProxy server
Lesson 3: Managing the PingDirectoryProxy Server
Describe the key advanced PingDirectoryProxy server transformation features:
Describe the proxy transformations
Understand entry balancing
Create transformations

Chapter 4: Administering the PingDataSync Server

Describe the functions provided by the PingDataSync server, and how to install, configure, and synchronize the PingDataSync server.

Lesson 1: Providing an Overview of PingDataSync

Describe the capabilities and key features of the PingDataSync server:

Describe the key features

Lesson 2: Installing the PingDataSync Server

Summarize the PingDataSync server installation procedures:

Install the PingDataSync server
Use the start, stop, and restart commands
Describe the failover server
Install the failover server
Install the PingDataSync server

Lesson 3: Configuring the PingDataSync Server

Define and install the PingDataSync server components:

Define Sync Pipe components
Create the synchronization flow
Use the retry mechanism
Configure the PingDataSync server
Configure and synchronize the PingDataSync server

Lesson 4: Synchronizing the PingDataSync Server

Describe the features needed, in a relational database and AD, to allow synchronization through the PingDataSync serve:

Synchronize with a relational database
Synchronize with AD

Chapter 5: Troubleshooting and Maintenance

Describe common maintenance and necessary troubleshooting tasks needed to optimize PingDirectory performance.

Lesson 1: Providing an Overview of the Server SDK

Provide an overview of the Server SDK:

Describe the key features of the Server SDK

Lesson 2: Maintaining the PingDirectory Server

Summarize common PingDirectory maintenance tasks:

Use the start, stop, and restart server commands
Understand common maintenance tasks
Perform maintenance tasks
Understand Delegated Admin
Configure Delegated Admin
Administer Delegated Admin
Understand data recovery
Perform data recovery

Lesson 3: Monitoring a PingDirectory Deployment

Explain how monitoring is a vital part of a PingDirectory deployment:

Monitor the PingDirectory server

Lesson 4: Troubleshooting the PingDirectory server

Provide information about available troubleshooting tools and log files to help ensure the resolution of any problems:

Understand how to troubleshoot issues
Repair a conflict resolution
Use troubleshooting tools

PingDirectoryPingDirectoryProxyPingDataSync

May 26

3 days

More information

AIC-400-BVP Rev A

PingOne Advanced Identity Cloud Administration

This course builds upon the Getting Started With PingOne Advanced Identity Cloud for Administrators training to provide advanced techniques for managing and configuring PingOne Advanced Identity Cloud (Advanced Identity Cloud). Students will master advanced authentication journeys with multi-factor authentication (MFA), implement context-based authorization policies, and learn to model complex identity objects with relationships between managed objects. The course covers essential synchronization techniques, including connector configuration, reconciliation, LiveSync, and role-based provisioning to manage identity flow between Advanced Identity Cloud and external resources. Participants will gain hands-on experience with the REST API for programmatic access to identity management features, enabling automation and integration with external systems. Through practical exercises, students will learn to deploy and configure PingGateway to protect websites, implement continuous contextual authorization, and create comprehensive identity management solutions.

Upon completion of this course, you should be able to:

Recap authentication with Advanced Identity Cloud. Increase security by introducing MFA as well as context-based user journeys. Protect a website using PingGateway
Implement and manage comprehensive authorization policies in Advanced Identity Cloud to control resource access and enable continuous contextual authorization
Understand and configure Advanced Identity Cloud managed objects, their properties, and relationships to effectively model your identity data structures and implement delegated administration
Configure and manage connections between Advanced Identity Cloud and external resources to enable identity synchronization, reconciliation, and role-based provisioning
Master the Advanced Identity Cloud REST interfaces to authenticate, query, and manage identity objects programmatically

The following are the prerequisites for successfully completing this course:

Completion of the Getting Started With PingOne Advanced Identity Cloud for Administrators course available at: https://backstage.pingidentity.com/university/
Experience with Identity and Access Management
Working knowledge of REST communication

Chapter 1: Administering Authentication Journeys

Recap authentication with Advanced Identity Cloud. Increase security by introducing MFA as well as context-based user journeys. Protect a website using PingGateway.

Lesson 1: (Recap) Exploring Authentication in Advanced Identity Cloud

Provide a recap of authentication in Advanced Identity Cloud:
Introduce the basic concepts of authentication
Prepare the lab environment
Describe the authentication mechanisms of Advanced Identity Cloud
Examine Advanced Identity Cloud default authentication
Create and manage journeys
Explore journey nodes
Create a login journey
Test the login journey

Lesson 2: Increasing Authentication Security

Increase authentication security using MFA:

Describe MFA
Register a device
Include recovery codes
Examine OATH authentication
Implement TOTP authentication
Examine Push notification authentication
Implement passwordless WebAuthn
(Optional) Implement passwordless WebAuthn

Lesson 3: Modifying a User’s Journey Based on Context

Describe how Advanced Identity Cloud can take into account the context of an authentication request in order to take access decisions:

Introduce context-based risk analysis
Describe device profile nodes
Determine the risk based on the context
Implement a browser context change script
Lock and unlock accounts
(Optional) Implement account lockout

Lesson 4: Protecting a Website With PingGateway

Show how PingGateway, integrated with Advanced Identity Cloud, can protect a website:

Present Advanced Identity Cloud edge clients
Describe PingGateway functionality as an edge client
Review the BXE website protected by PingGateway
Integrate the BXE website with Advanced Identity Cloud
Observe the PingGateway token cookie
(Optional) Review PingGateway configuration

Chapter 2: Administering Authorization Policies

Implement and manage comprehensive authorization policies in Advanced Identity Cloud to control resource access and enable continuous contextual authorization.

Lesson 1: Controlling Access

Create security policies to control which users can access specific areas of the website:

Describe entitlements with Advanced Identity Cloud authorization
Define Advanced Identity Cloud policy components
Define policy environment conditions and response attributes
Process of Advanced Identity Cloud policy evaluation
Implement access control on a website

Lesson 2: Checking Risk Continuously

Review the Advanced Identity Cloud tools used to check the risk level of requests continuously:

Introduce continuous contextual authorization
Describe step-up authentication
Implement step-up authentication flow
Describe transactional authorization
Implement transactional authorization
(Optional) Prevent users from bypassing the default journey

Chapter 3: Administering Managed Objects

Understand and configure Advanced Identity Cloud managed objects, their properties, and relationships to effectively model your identity data structures and implement delegated administration.

Lesson 1: Modeling an Identity Profile

Learn about the different object types in Advanced Identity Cloud, and how you can model a custom user profile onto an existing managed user object type in Advanced Identity Cloud:

Review the Advanced Identity Cloud documentation
Describe the different object types in Advanced Identity Cloud
Map an identity object to a managed object
Describe how to use placeholder attributes
Model a managed user object in Advanced Identity Cloud

Lesson 2: Introducing Relationships

Describe relationships between managed objects:

Describe the purpose of relationships
Describe how relationships are stored in the schema
Query an object relationship using the REST interface

Lesson 3: Managing Organizations

Set up managed organizations to delegate user administration based on the owner of hierarchical trees:

Describe the roles and privileges within an organization
Implement the organization example

Chapter 4: Administering Connectors, Synchronization, and Provisioning

Configure and manage connections between Advanced Identity Cloud and external resources to enable identity synchronization, reconciliation, and role-based provisioning.

Lesson 1: Connecting to External Resources Using Connectors

Describe the connectors supported in Advanced Identity Cloud, and how to create connector configurations to communicate with external resources:

Describe how to connect external resources to Advanced Identity Cloud
Configure communication between Advanced Identity Cloud and a remote connector server (RCS)
Describe how to connect to external resources using ICF connectors

Lesson 2: Configuring Connectors Over the Identity Management Admin UI

Describe the process for creating a connector configuration using the Identity Management admin UI
Describe the object types and property mappings
Add a connector configuration for an external LDAP resource

Lesson 3: Performing Basic Synchronization

Describe how to use the Identity Management admin UI to create synchronization mappings (sync mappings) to reconcile identities between Advanced Identity Cloud and an external resource:

Describe how to create mappings to synchronize identity objects and properties
Describe how to create a sync mapping from Advanced Identity Cloud to an external resource
Describe how to add source and target properties to the sync mapping
Describe how to add a correlation query and a situational event script
Describe how to set the situational behaviors and run reconciliation
Add a sync mapping from Advanced Identity Cloud to an LDAP server
Describe the sync mapping from an LDAP server to Advanced Identity Cloud
Add a sync mapping from an LDAP server to Advanced Identity Cloud

Lesson 4: Running Selective Synchronization and LiveSync

Filter objects that are synchronized and automate synchronization using LiveSync:

Describe the different methods that you can use to filter entries
Run selective synchronization using filters
Describe how to use LiveSync to synchronize changes
Trigger LiveSync on a connector
Describe how to schedule LiveSync
Schedule LiveSync with an external resource

Lesson 5: Configuring Role-Based Provisioning

Automatically provision users to a set of LDAP groups based on role membership:

Describe how to provision attributes to a target system based on static role assignments
Describe the steps to enable role-based provisioning
Query the role assignment properties using the REST interface
Provision attributes to a target resource based on static role assignments
Describe how to provision attributes to a target system based on dynamic role assignments
Provision attributes to a target resource based on dynamic role assignments
Describe how to add temporal constraints to a role
Add temporal constraints to a role

Chapter 5: Access Advanced Identity Cloud Over REST

Master the Advanced Identity Cloud REST interfaces to authenticate, query, and manage identity objects programmatically.

Lesson 1: Authenticating Over REST

Use Postman to access the Advanced Identity Cloud REST API and authenticate either using a simple (header-based) approach or a more complex approach, where the server may request additional information from the client using callback:

Understand the REST authentication protocol
Authenticate with REST
Authenticate using header-based simple authentication
Authenticate using callback-based complex authentication

Lesson 2: Querying Advanced Identity Cloud Objects Over REST

Create security policies to control which users can access specific areas of the website:
Describe how to query objects using the REST interface
Describe how to use the Advanced Identity Cloud Postman collection
Query Advanced Identity Cloud Identity objects using Postman

PingOne Advanced Identity CloudPingGateway

May 26

3 days

More information

SDK-541-BVP Rev B

Developing Applications Using SDKs

This course is for students who want to learn how to use the SDKs to speed up the integration of JavaScript, Android, and iOS applications, within an access management solution. The course presents key use cases and features of the SDKs.

Note: Revision B of this course is based on version 7 of the Ping Identity Platform (Identity Platform), formerly known as ForgeRock® Identity Platform, and SDK 3.

Upon completion of this course, you should be able to:

Introduce the SDKs, describe how they fit into the Identity Platform, and how they interact with PingAM, formerly known as ForgeRock® Access Management
Present the centralized login flow, implement centralized login authentication, and observe device single sign-on (SSO)
Present the Embedded Login flow and execute authentication, registration, and self-service journey
Increase the security of your application and enhance the user experience with social authentication, passwordless biometric authentication, device profile and location collection and analysis, and multi-factor authentication (MFA) with one-time passwords (OTPs) and push authentication

The following are the prerequisites for successfully completing this course:

Basic knowledge and skills using the Linux and Windows operating systems to complete labs
Basic knowledge of HTTP and communications between clients and servers is critical to understanding the interaction between the SDKs and AM
Basic knowledge of JSON, JavaScript, REST, and Java
Good knowledge of either JavaScript, Android, or iOS application development
Attendance on the PingAM Deep Dive (AM-410) course or equivalent knowledge

Chapter 1: Introducing the SDKs

Introduce the SDKs, describe how they fit into the Identity Platform, and how they interact with AM.

Lesson 1: The SDKs and Common Use Cases
Introduce the SDKs and common use cases:

Describe the SDKs
Explore the role of the SDKs through common use cases
Technical overview of the SDKs
Using SDK components
Interaction between the SDKs and AM

Lesson 2: Mobile Development Environment and Project Quickstart for Android and iOS
Learn how to set up a development environment:

Preparing the server
iOS Environment and Project Setup
Android Environment and Project Setup
JavaScript Environment and Project Setup
Preface to the exercises
Set up an iOS development environment
Set up an Android development environment
Set up a JavaScript development environment

Chapter 2: Authentication with Centralized Login

Present the centralized login flow, implement centralized login authentication, and observe device SSO.

Lesson 1: Authenticate With Centralized Login

Learn how to use the SDKs with centralized login:
Understand the login flow choices
Implement centralized login on mobile
Implement centralized login in JavaScript
Authenticate with centralized login on iOS
Authenticate with centralized login on Android
Authenticate with centralized login in JavaScript

Lesson 2: (Optional) Observe SSO Between Mobile Apps
Learn how to implement SSO between mobile apps with centralized login:

SSO between mobile apps with centralized login

Chapter 3: Working with Embedded Login

Present the Embedded Login flow and execute authentication, registration, and self-service journeys

Lesson 1: Authenticate with Embedded Login
Learn how to use the SDKs with Embedded Login to authenticate:

Understand the APIs for Embedded Login
Authenticate with embedded login on iOS
Authenticate with embedded login on Android
Authenticate with embedded login in JavaScript

Lesson 2: Follow Authentication Journeys
Learn how to follow authentication journeys:

Respond to Callbacks
Respond to Stages
Respond to stages on iOS
Respond to stages on Android
Respond to stages in JavaScript
(Optional) Transactional authorization

Lesson 3: Registration and Self-Service Journeys
Learn how to follow registration and self-service journeys:

Respond to registration or self-service journeys
Implement self-service registration on iOS
Implement self-service registration on Android
Implement self-service registration in JavaScript
Call other journeys / Intercept REST calls
Implement self-service password change on iOS
Implement self-service password change on Android
Implement self-service password change in JavaScript

Lesson 4: Send and Process Verification Emails
Learn how to suspend journey processing and resume after the user followed the resume link sent in email:

Suspend the journey and await the user following the resume link
Suspend and resume authentication on iOS
Suspend and resume authentication on Android
Suspend and resume authentication in JavaScript

Chapter 4: Increasing Security and Enhancing User Experience

Increase the security of your application and enhance the user experience with social authentication, passwordless biometric authentication, device profile and location collection and analysis, and MFA with OTPs and push authentication.

Lesson 1: Authenticate with Social Login
Learn how to implement social authentication:

Implement social login
Login with Google on iOS
Login with Google on Android
Login with Google in JavaScript

Lesson 2: Authenticate with WebAuthn and Biometrics
Learn how to implement biometric authentication on mobile:

Review WebAuthn concepts
Implement biometric authentication on mobile
Implement WebAuthn on iOS
Implement WebAuthn on Android
Implement web biometric authentication
Implement WebAuthn in JavaScript

Lesson 3: Collect and Validate Device Profiles and Geolocation
Learn how to collect device profile data and geolocation for validation:

Configure a user journey to verify and save device profile data
Device profile processing in the SDKs
Collect device profile data on iOS
Implement device profile collection on iOS
Collect device profile data on Android
Implement device profile collection on Android
Collect device profile data in JavaScript
Implement device profile collection in JavaScript
Analyze device context
Implement location-based security
Collect location information on iOS, Android or in JavaScript
Implement device tampering detection
Customize what data is collected
Check for device tampering and customize device profile collection on iOS
Check for device tampering and customize device profile collection on Android
Customize device profile collection in JavaScript

Lesson 4: MFA with Push and OATH on Mobile
Learn how to provide MFA with Push Authentication and Soft Token:

Integrate the ForgeRock Authenticator Module in a mobile app
Examine using the Authenticator Module on iOS
Examine using the Authenticator Module on Android

PingAM

May 27

3 days

More information

P1-400-BVP Rev A.1

PingOne Administration

This course gives learners the tools to get started with PingOne administration. It covers initial setup tasks, including creating and managing PingOne environments, application integration, and customization. This course also provides information on most common administration tasks, including user and group management, managing access policies, best practices, and troubleshooting of common issues.

Upon completion of this course, you should be able to:

Summarize PingOne capabilities and key features, describe PingOne support resources, and create a new PingOne environment
Demonstrate administration of PingOne user populations, user roles, attributes, and groups
Demonstrate integration and troubleshooting of PingOne applications
Demonstrate how to use access control policies within PingOne
Describe how to manage the process of establishing a person’s identity and then using this identity in later transactions within PingOne
Demonstrate troubleshooting techniques and best practices within PingOne

The following are the prerequisites for successfully completing this course:

Completion of the following courses available at: https://backstage.forgerock.com/university/ping/on-demand/category/PING
PingOne Fundamentals
Introduction to PingOne MFA
Getting Started With PingOne MFA
Getting Started With PingOne SSO
(Optional) Introduction to PingOne DaVinci

Chapter 1: Introducing PingOne

Summarize PingOne capabilities and key features, describe PingOne support resources, and create a new PingOne environment.

Lesson 1: Providing an Overview of PingOne

Summarize PingOne capabilities and key features:

Describe PingOne as a cloud-based IDaaS solution
Describe PingOne environment solutions
Create a new environment

Lesson 2: Introducing Ping Identity Support Resources

Describe PingOne support resources:

Locate Ping Identity support resources

Chapter 2: Managing Users

Demonstrate administration of PingOne user populations, user roles, attributes, and groups.

Lesson 1: Managing Users and Populations
Describe how to manage users in PingOne, including how to create populations and add individual users:

Review default users
Edit default users
Create populations
Create a new population
Create new users
Create a new user

Lesson 2: Managing User Roles, Attributes, and Groups

Create a new population and new users:

Manage administrator roles
Assign roles to administrators
Understand user attributes
Manage user attributes
Manage user groups
Manage user group memberships

Chapter 3: Defining Application Integration

Demonstrate integration and troubleshooting of PingOne applications

Lesson 1: Describing the Supported Federation Protocols

Understand the various identity federation protocols used within PingOne:

Understand federation protocols
Add an application from the catalog
Understand SAML2
Add a custom SAML2 application
Understand OAuth2
Understand OIDC
Add a custom OIDC application
Administer the Application Portal

Lesson 2: Troubleshooting Common PingOne Issues

Describe common issues that occur in PingOne, troubleshooting steps, and best practices:

Describe authentication failures
Define SSO failures
Describe attribute mapping errors
Determine certificate issues
Define group membership issues
Describe application integration issues
Define gateway access issues
Describe best practices

Chapter 4: Configuring Access Control

Demonstrate how to use access control policies within PingOne.

Lesson 1: Managing Authentication Policies

Describe how to create and manage authentication policies in PingOne:

Describe authentication policies
Create an authentication policy

Lesson 2: Managing Password Policies

Describe how to manage password policies in PingOne:

Define password policies
Edit a password policy

Lesson 3: Using Additional Authentication Methods

Describe how to create and manage authentication methods used in PingOne policies:

Describe MFA and FIDO policies
Create an MFA policy
Create a FIDO policy

Chapter 5: Managing the Identity Lifecycle

Describe how to manage the process of establishing a person’s identity and then using this identity in later transactions within PingOne.

Lesson 1: Managing User Onboarding

Discuss the initial stages of the identity lifecycle within PingOne, and describe how new user accounts are created and made ready for access:

Onboard users
Create users manually

Lesson 2: Understanding User Provisioning

Explain how PingOne automates the management of user access to applications, building upon the user identities created during onboarding:

Provision users

Lesson 3: Understanding User Maintenance

Describe how to manage the user maintenance capabilities in PingOne:

Administer user accounts
Manage a user account

Lesson 4: Managing User Offboarding

Understand the critical process of user offboarding within PingOne:

Offboard users

Lesson 5: Monitoring and Reporting

Explain the importance of monitoring and reporting within PingOne:

Monitor activity and view reports

Chapter 6: Troubleshooting and Best Practices

Demonstrate troubleshooting techniques and best practices within PingOne.

Lesson 1: Managing the Troubleshooting Process

Summarize the troubleshooting process and common techniques within PingOne:

Introduce the troubleshooting process
Understand common troubleshooting techniques

Lesson 2: Reviewing Best Practices

Summarize PingOne administration best practices:

Maintain a healthy PingOne environment

PingOne

Jun 1

2 days

More information

Unlock your full potential in IAM

This is Identitrain

Choose Your Path to IAM Mastery

Built for Every IAM Professional

Training Designed by Practitioners, Proven in the Field

Join a Growing Community of IAM Experts

Upcoming Courses

PingAccess Administration

PingGateway Deep Dive

PingDirectory Administration

PingOne Advanced Identity Cloud Administration

Developing Applications Using SDKs

PingOne Administration

Unlock your full potential in IAM

This is Identitrain

Choose Your Path to IAM Mastery

Built for Every IAM Professional

Training Designed by Practitioners, Proven in the Field

Join a Growing Community of IAM Experts

Upcoming Courses

PingAccess Administration

PingGateway Deep Dive

PingDirectory Administration

PingOne Advanced Identity Cloud Administration

Developing Applications Using SDKs

PingOne Administration

Upcoming
Courses

Upcoming
Courses