Unlock your full potential in IAM

This course provides the knowledge you need to install and administer each component of the PingDirectory platform which includes: PingDirectory server, PingDirectoryProxy server, PingDataSync server, the PingData Software Development Kit (SDK), and Delegated User Administration. This course references real-world scenarios driven by recurring use cases. You learn how to install each PingDirectory platform component, perform basic maintenance, using the monitoring and troubleshooting tools. While, hands-on lab exercises provide the first-hand experience installing, configuring, tuning, and using the troubleshooting tools

This course is built on version 10.

Upon completion of this course, you should be able to:

• Describe the PingDirectory capabilities and key features, summarize the installation procedures, and review the initial configuration tasks
• Deploy, fine tune, and configure the PingDirectory server to meet the needs of your production environment
• Describe how to install and manage the PingDirectoryProxy server
• Describe the functions provided by the PingDataSync server, and how to install, configure, and synchronize the PingDataSync server
• Describe common maintenance and necessary troubleshooting tasks needed to optimize PingDirectory performance.

The following are the prerequisites for successfully completing this course:

• Knowledge of UNIX/Linux commands.
• A basic understanding of how directory servers function.
• A basic understanding of REST and HTTP.
• A basic knowledge of Java based environments would be beneficial, but no programming experience is required.
• Completion of the Introduction to PingDirectory available at: https://backstage.pingidentity.com/university/

Chapter 1: Installing PingDirectory

Describe the PingDirectory capabilities and key features, summarize the installation procedures, and review the initial configuration tasks.

• Describe the key features of PingDirectory

• Perform pre-installation procedures
• Install PingDirectory
• Describe post-installation procedures

• Use server profiles
• (Optional) Install PingDirectory

Chapter 2: Deploying PingDirectory

• Describe the schema
  
• Modify the schema
• Modify the schema
• Modify object classes
• Create auxiliary object classes
• Load custom schema elements

• Search entries
• Manage entries
• Create objects

• Prevent data vulnerability
• Keep data secure
• Configure encryption settings

• Define virtual attributes
• Administer virtual attributes

• Describe password policies
• Create a password policy

• Manage JSON attributes
• Create JSON attributes
• Manage the Password Policy State JSON
• Administer JSON Attributes

• Understand the Rest APIs
• Use the SCIM 2.0 REST API
• Administer the Directory REST API

• Manage log publishers
• Configure logging
• Create a log publisher

• Understand replication
• Enable replication
• Resolve conflicts
• Understand the replication protocol
• Use replication over WAN
• Plan deployment
• Configure replication
• Scale replication
• Enable the replication process

• Define the topology registry
• Administer the server topology

• Describe the key features

• Describe the installation process
• Install the PingDirectoryProxy server
• Lesson 3: Managing the PingDirectoryProxy Server
• Describe the key advanced PingDirectoryProxy server transformation features:
• Describe the proxy transformations
• Understand entry balancing
• Create transformations

• Describe the key features

• Install the PingDataSync server
• Use the start, stop, and restart commands
• Describe the failover server
• Install the failover server
• Install the PingDataSync server

• Define Sync Pipe components
• Create the synchronization flow
• Use the retry mechanism
• Configure the PingDataSync server
• Configure and synchronize the PingDataSync server

• Synchronize with a relational database
  
• Synchronize with AD

• Describe the key features of the Server SDK

• Use the start, stop, and restart server commands
• Understand common maintenance tasks
• Perform maintenance tasks
• Understand Delegated Admin
• Configure Delegated Admin
• Administer Delegated Admin
• Understand data recovery
• Perform data recovery

• Monitor the PingDirectory server

• Understand how to troubleshoot issues
• Repair a conflict resolution
• Use troubleshooting tools

This course provides a hands-on technical introduction to PingOne Advanced Identity Cloud Identity Governance (Identity Governance). Further information and guidance can be found in the documentation and knowledge base in the online repositories at: Backstage https://backstage.forgerock.com.

Note: This course is based on PingOne Advanced Identity Cloud (Advanced Identity Cloud) with the Identity Governance functionality added.

Upon completion of this course, you should be able to:

• Discover how to access, manage, and work with Identity Governance capabilities
• Create target applications and configure their mapping with Advanced Identity Cloud, reconcile entitlements from the applications, and provision accounts to the applications
• Create and manage workflows, access requests for resources (entitlements, applications, roles), forms for access requests, and governance glossary items
• Create and start scheduled and event-based certification campaigns to verify user access, and manage compliance by implementing Segregation of Duties (SoD) policies and rules

The following are the prerequisites for successfully completing this course:

• Completion of the Getting Started With PingOne Advanced Identity Cloud for Administrators course.
• Recommended completion of the PingOne Advanced Identity Cloud Administration course.
• Knowledge of basic Windows/PowerShell commands
• An understanding of HTTP and web applications
• A basic understanding of how directory servers function
• A basic understanding of REST
• A familiarity with the Advanced Identity Cloud admin and end-user UIs

Chapter 1: Introducing Identity Governance

Discover how to access, manage, and work Identity Governance capabilities.

Lesson 1: Introducing Identity Governance

Describe Identity Governance and the related capabilities available in Advanced Identity Cloud:

• Describe the purpose of Identity GovernanceIntroduce Identity Governance
• Access Advanced Identity CloudDescribe the course environment and architecture
• Access your CloudShare environment
• Access your Advanced Identity Cloud tenant
• Access and explore your PingOne tenant environment

Lesson 2: Onboarding Applications and Identities

Create applications for onboarding users:

• Explain Identity Governance terminology
• Describe application typesRegister and manage applications
• Connect an application with an identity source
• Configure application provisioning
• Onboard and provision users, roles, and entitlements
• Create a connector server in Advanced Identity Cloud
• Connect the RCS with Advanced Identity Cloud
• Customize the Advanced Identity Cloud user schema
• Register an authoritative application and onboard identities

Chapter 2: Managing Identity Lifecycle and Entitlements

Create target applications and configure their mapping with Advanced Identity Cloud, reconcile entitlements from the applications, and provision accounts to the applications.

Lesson 1: Reconciling Entitlements

Load and manage entitlements from target applications in Advanced Identity Cloud:

• Describe entitlements
• Manage entitlements
• Assign and revoke entitlements to/from users and roles
• Request access for an entitlement
• Reconcile entitlements from Active Directory (AD)
• Reconcile entitlements from PingOne

Lesson 2: Synchronizing Identity Data

Describe synchronization as a foundation of identity lifecycle management in Identity Governance, and provision and manage application accounts:

• Describe the need for synchronization
• Explore synchronization in Identity Governance
• Describe how changes are managed during synchronization
• Provision and manage application accounts
• Provision an account to AD
• Provision an account and entitlement to PingOne

Chapter 3: Creating and Managing Workflows and Access Requests

Create and manage workflows, access requests for resources (entitlements, applications, roles), forms for access requests, and governance glossary items.

Lesson 1: Managing Access Requests for Resources

Create, review, and manage access requests for resources, such as applications, entitlements, and roles:

• Explain access request conceptsAccess request administration
• Request access to resources
• Review and handle access requests
• Request to provision an AD account with entitlements
• Request to provision PingOne accounts with entitlements
• Define a conditional provisioning role
• Define and request a provisioning role

Lesson 2: Managing Glossary Items and Scopes

Create and manage governance glossary items and scopes to manage what can be requested:

• Describe the governance glossary
• Define and populate glossary attribute values
• Use glossary attribute values as filters
• Request access to entities for others
• Create scopes to control what can be requested
• Define glossary items for use in workflows and scopes
• Create access requests for others and add scopes

Lesson 3: Creating Workflows, Request Types, and Forms

Manage workflows, request types, and forms for customizing access requests, and schedule a task scanner job:

• Create and manage workflows
• Build a workflow with nodes
• Create and manage request types
• Create and manage forms for customized user-interaction
• Designing forms in the form editorCreate and manage a task scanner
• Create new workflows and update default workflows
• Create and manage forms to customize user interaction

Chapter 4: Managing Certifications and Compliance

Create and start scheduled and event-based certification campaigns to verify user access, and manage compliance by implementing SoD policies and rules.

Lesson 1: Configuring and Running Certifications

Prepare and perform certification of access to applications:

• Certify access in Identity Governance
• Create certification templates
• Configure the certification templateManage certification templates
• Create certification campaigns
• Perform access reviews
• Certify access based on events
• Configure and initiate entitlement certifications
• Certify entitlements for the certification campaign
• Configure an event that triggers certification
• Configure an event that initiates a workflow
• Manage approvals for triggered events

Lesson 2: Managing Compliance With SoD

Manage compliance and implement SoD policies:

• Describe SoDDefine policy rules
• Configure compliance policies
• Run compliance scans
• Manage violations and exceptions
• Create an SoD rule and policy
• Run a compliance scan
• Make a request that violates compliance