Unlock your full potential in IAM

This is Identitrain

Master Identity and Access Management with world-class training designed by experts who live it every day.

Led by practitioners, not theorists, our training gives you the skills to design, implement, and secure identity solutions that protect what matters most.

Choose Your Path to IAM Mastery

Whether you’re starting your IAM journey or advancing toward certification, our structured learning paths guide you every step of the way. Select from Identity Management, Access Management, Governance, or Best Practices tracks designed to match your role and goals.

Explore Our Learning Paths

Built for Every IAM Professional

From architects and developers to project managers and business leaders, Identitrain delivers training that fits your role. Whether you’re designing IAM strategies, building integrations, or leading transformation projects, we’ve got a path for you.

See Our Classes

Training Designed by Practitioners, Proven in the Field

Our instructors bring years of real-world IAM experience into the classroom. We blend vendor-agnostic fundamentals with deep expertise in leading platforms like Ping, SailPoint, Okta, and beyond. Every course is modular, lab-focused, and designed to give you actionable skills you can immediately put to use!

Meet Our Instructors

Join a Growing Community of IAM Experts

Training doesn’t end with the last session. Graduates join our global practitioner network, gaining access to peer discussions, expert webinars, alumni resources, and exclusive discounts. Learn, connect, and grow alongside IAM professionals worldwide.

Get Connected!

Upcoming
Courses

AIC-330-BVP Rev A

Getting Started With PingOne Advanced Identity Cloud for Administrators

This course shows students how to administer PingOne Advanced Identity Cloud (Advanced Identity Cloud), formerly known as ForgeRock® Identity Cloud. This is achieved through the various online resources available to them, to a fully functional hands-on development environment, where they learn how to administer Advanced Identity Cloud in a training environment. Students are provided with a live Advanced Identity Cloud environment, where they learn the concepts and tasks necessary to successfully manage identities, applications, user journeys, and tenant configuration in their own Advanced Identity Cloud.

Upon completion of this course, you should be able to:

Describe how to access an Advanced Identity Cloud tenant as an administrator and understand UI integration options
Manage identities with the Advanced Identity Cloud admin UI and implement delegated administration to manage organizations and reset user passwords
Manage journeys, email templates used in journeys, and authentication sessions as an Advanced Identity Cloud administrator
Understand the use of Applications, synchronize identities between Advanced Identity Cloud and external applications, and explore how Identity Gateway can protect web applications when it is integrated with Advanced Identity Cloud
Manage the configuration, monitor tenant activities, and perform common administration tasks for Advanced Identity Cloud tenants

The following are the prerequisites for successfully completing this course:

Completion of the Product Essentials courses available at: https://backstage.forgerock.com/university/cloud-learning
Introduction to PingAM
PingIDM Essentials
PingGateway Essentials
Introduction to PingDS

Chapter 1: Accessing Advanced Identity Cloud

Describe how to access an Advanced Identity Cloud tenant as an administrator and understand UI integration options.

Lesson 1: Managing Administrators
Invite additional administrators using the Advanced Identity Cloud admin UI, which is an administrative interface to manage your tenant settings:

Introduce the Advanced Identity Cloud admin UI
Manage administrators
Invite an administrator

Lesson 2: Introducing UI Integration
Understand UI integration options:

Explain UI integration options
Configure themes for the Alpha and Bravo realms

Chapter 2: Administering Identities

Manage identities with the Advanced Identity Cloud admin UI and implement delegated administration to manage organizations and reset user passwords.

Lesson 1: Managing Identities
Manage user identities:

Introduce managed objects
Manage a user profile

Lesson 2: Adding Identities With Bulk Import
Bulk import user identities from a CSV file to add test users to your tenant:

Describe bulk import
Import test users

Lesson 3: Managing Organizations
Explain how an organization hierarchical structure can be used to model a brand hierarchy to control access to business applications:

Describe roles and privileges within an organization
Implement delegated administration for an organization model

Lesson 4: Delegating User Management
Explain how to delegate administration privileges to managed users:

Delegate administration privileges
Delegate password reset

Chapter 3: Managing User Journeys

Manage journeys, email templates used in journeys, and authentication sessions as an Advanced Identity Cloud administrator.

Lesson 1: Managing Journeys
Understand how journeys are used with Advanced Identity Cloud and how to import, export, and debug journeys:

Introduce journeys
Modify journeys
Describe how to export and import journeys
Export and import journeys
Describe how to debug a journey
Enable debug mode on a user journey

Lesson 2: Managing Server-Side Sessions
Understand how authentication sessions are used with Advanced Identity Cloud and how to invalidate server-side sessions:

Describe server-side sessions
Invalidate server-side sessions

Lesson 3: Configuring Email Templates
Understand the use of email templates in a journey flow:

Explore email templates and nodes
Configure email templates
Use email templates in user journeys

Chapter 4: Integrating With Advanced Identity Cloud

Understand the use of Applications, synchronize identities between Advanced Identity Cloud and external applications, and explore how PingGateway can protect web applications when it is integrated with Advanced Identity Cloud.

Lesson 1: Defining Applications
Describe the role of an application in Advanced Identity Cloud:

Introduce applications
Register a Bookmark app

Lesson 2: Synchronizing Identities
Connect to external resources using a Remote Connector Server (RCS), and synchronize identities between Advanced Identity Cloud and on-prem resources:

Explain how to connect to external resources
Configure an RCS cluster
Configure debug logging
Add an authoritative application
Explain synchronization
Create inbound mappings and run reconciliation
Synchronize passwords
Create a target Application with outbound mappings

Lesson 3: Protecting Web Resources
Demonstrate how PingGateway can protect a web application when it is integrated with Advanced Identity Cloud:

Introduce PingGateway
Integrate PingGateway with Advanced Identity Cloud
Integrate the PingGateway sample application with Advanced Identity Cloud

Chapter 5: Administering Your Tenant

Manage the configuration, monitor tenant activities, and perform common administration tasks for Advanced Identity Cloud tenants.

Lesson 1: Managing the Configuration
Explain how to create service accounts to use the REST API endpoints, create a baseline configuration repository for developers, manage ESVs, and understand the promotion process:

Introduce Service Accounts
Create and manage a service account
Introduce the Advanced Identity Cloud REST API
Display Advanced Identity Cloud identities using the REST API
Introduce configuration management
Create a baseline configuration repository
Describe how to manage ESVs
Create and call ESV variables
Promote your configuration

Lesson 2: Monitoring Tenant Activities
Explore and retrieve log data using the REST API and the Frodo CLI, monitor tenant activities, and visualize monitoring metrics using Prometheus and Grafana:

Explore Logs
Retrieve log data using the REST API
Retrieve log data using the Frodo CLI
Monitor your tenant
Monitor tenant health and visualize monitoring metrics
Explore the Advanced Identity Cloud analytics dashboard

Lesson 3: Managing Password Policies
Explain how an Advanced Identity Cloud administrator manages realm password policies:

Manage realm password policies
Configure password policies

Lesson 4: Additional Administration Tasks
Understand additional tasks that an Advanced Identity Cloud administrator should be aware of:

Introduce outbound static IP addresses
View outbound static IP addresses
Manage tenant certificates
Add a custom domain name

Apr 15

3 days

More information

AM-410-BVP Rev B.1

PingAM Deep Dive

The aim of this course is to showcase the key features and capabilities of the versatile and powerful PingAM (AM), formerly known as ForgeRock® Access Management. It provides the student with the knowledge and confidence to manage their own environment. It is accepted that this course is not able to demonstrate all the features and capabilities of AM. Further information and guidance can be found in the documentation and knowledge base in the online repositories at: Backstage https://backstage.forgerock.com.

Note: This course revision is based on version 7 of AM.

Upon completion of this course, you should be able to:

Start with an unprotected website and end up with a fully functional access management solution where every user trying to access the website is redirected to AM for authentication
Improve access management security in AM with multi-factor authentication (MFA), context-based risk analysis, and continuous risk checking
Implement OAuth 2.0 (OAuth2) based protocols; namely, OAuth2 and OpenID Connect 1.0 (OIDC), to enable low-level devices and mobile applications to make requests that access resources belonging to a subscriber. AM can be configured to function as an OIDC client and delegate authentication to social media OIDC providers
Demonstrate federation across entities using SAML v2.0 (SAML2) with AM
Install a new AM instance configured with external directory server data stores as the foundation for an AM cluster

The following are the prerequisites for successfully completing this course:

Completion of the PingAM Essentials course available at: https://backstage.forgerock.com/university/forgerock/on-demand/path/TGVhcm5pbmdQYXRoOjI%3D/chapter/Q291cnNlOjE1NzIy
Knowledge of UNIX/Linux commands
An understanding of HTTP and web applications
A basic understanding of how directory servers function
A basic understanding of REST
A basic knowledge of Java based environments would be beneficial, but no programming experience is required

Chapter 1: Enhancing Intelligent Access

Start with an unprotected website and end up with a fully functional access management solution where every user trying to access the website is redirected to AM for authentication.

Lesson 1: Exploring Authentication Mechanisms
Explore the AM admin UI, view the role of cookies used during and after authentication, and describe authentication trees and nodes:

Introduce AM authentication
Understand realms
Describe authentication life cycle
Explain sessions
Examine session cookies
Access the lab environment
Examine an initial AM installation
Configure a realm and examine AM default authentication
Experiment with session cookies
Describe the authentication mechanisms of AM
Create and manage trees
Explore tree nodes
Create a login tree
Test the login tree

Lesson 2: Protecting a Website With PingGateway
Show how PingGateway, formerly known as ForgeRock® Identity Gateway, integrated with AM, can protect a website:

Present AM edge clients
Describe PingGateway functionality as an edge client
Review the FEC website protected by PingGateway
Integrate the FEC website with AM
Observe the PingGateway token cookie
(Optional) Review PingGateway configuration
Authenticate identities with AM
Create an authentication tree with an LDAP Decision node
Integrate identities in AM with an identity store
Integrate an identity store with AM

Lesson 3: Controlling Access
Create security policies to control which users can access specific areas of the website:

Describe entitlements with AM authorization
Define AM policy components
Define policy environment conditions and response attributes
Describe the process of policy evaluation
Implement access control on a website

Chapter 2: Improving Access Management Security

Improve access management security in AM with MFA, context-based risk analysis, and continuous risk checking.

Lesson 1: Increasing Authentication Security
Increase authentication security using MFA:

Describe MFA
Register a device
Include recovery codes
Examine OATH authentication
Implement time-based one-time password (TOTP) authentication
(Optional) Implement HMAC-based one-time password (HOTP) authentication
Examine Push notification authentication
(Optional) Implement Push notification authentication
Implement passwordless WebAuthn
(Optional) Implement passwordless WebAuthn
Examine HOTP authentication using email or SMS
(Optional) Implement HOTP authentication using email or SMS

Lesson 2: Modifying a User’s Authentication Experience Based on Context
Describe how AM can take into account the context of an authentication request in order to make access decisions:

Introduce context-based risk analysis
Describe device profile nodes
Determine the risk based on the context
Implement a browser context change script
Lock and unlock accounts
Implement account lockout

Lesson 3: Checking Risk Continuously
Review the AM tools used to check the risk level of requests continuously:

Introduce continuous contextual authorization
Describe step-up authentication
Implement step-up authentication flow
Describe transactional authorization
Implement transactional authorization
Prevent users from bypassing the default tree

Chapter 3: Extending Services Using OAuth2-Based Protocols

Implement OAuth2 based protocols; namely, OAuth2 and OIDC, to enable low-level devices and mobile applications to make requests that access resources belonging to a subscriber. AM can be configured to function as an OIDC client and delegate authentication to social media OIDC providers.

Lesson 1: Integrating Applications With OAuth2
Integrate clients using OAuth2 by demonstrating the use of the OAuth2 Device Code grant type flow with AM configured as the OAuth2 authorization server (AS):

Discuss OAuth2 concepts
Describe OAuth2 tokens and codes
Describe refresh tokens, macaroons, and token modification
Request OAuth2 access tokens with OAuth2 grant types
Explain OAuth2 scopes and consent
Configure OAuth2 in AM
Configure AM as an OAuth2 provider
Configure AM with an OAuth2 client
Test the OAuth2 Device Code grant type flow

Lesson 2: Integrating Applications With OIDC
Integrate an application using OIDC and the Authorization grant type flow with AM as an OIDC provider:

Introduce OIDC
Describe OIDC tokens
Explain OIDC scopes and claims
List OIDC grant types
Create and use an OIDC script
Create an OIDC claims script
Register an OIDC client and configure the OAuth2 Provider settings
Test the OIDC Authorization Code grant type flow

Lesson 3: Authenticating OAuth2 Clients and using mTLS in OAuth2 for PoP
Authenticate OAuth2 clients with AM using various approaches and obtain certificate-bound access tokens using mutual TLS (mTLS) to provide token proof-of-possession (PoP):

Examine OAuth2 client authentication
Examine OAuth2 client authentication using JWT profiles
Examine OAuth2 client authentication using mTLS
Authenticate an OAuth2 client using mTLS
Examine certificate-bound PoP when mTLS is configured
Obtain a certificate-bound access token

Lesson 4: Transforming OAuth2 Tokens
Request and obtain security tokens from an OAuth2 authorization server, including security tokens that employ impersonation and delegation semantics:

Describe OAuth2 token exchange
Explain token exchange types and purpose for exchange
Describe token scopes and claims
Implement a token exchange impersonation pattern
Implement a token exchange delegation pattern
Configure token exchange in AM
Configure AM for token exchange
Test token exchange flows

Lesson 5: (Optional) Implementing Social Authentication
Provide a way for users to register and authenticate to AM using a social account:

Delegate registration and authentication to social media providers
Implement social registration and authentication with Google

Chapter 4: Federating Across Entities Using SAML2

Demonstrate federation across entities using SAML2 with AM.

Lesson 1: Implementing SSO Using SAML2
Demonstrate single sign-on (SSO) functionality across organizational boundaries:

Discuss SAML2 entities and profiles
Explain the SAML2 flow from the identity provider (IdP) point of view
Examine SSO across SPs
Configure AM as an IdP and integrate with third-party service providers (SPs)
Examine SSO between an SP and IdP and across SPs

Lesson 2: Delegating Authentication Using SAML2
Delegate authentication to a third-party IdP using SAML2 and examine the metadata:

Explain the SSO flow from the SP point of view
Describe the metadata content and purpose
Configure AM as a SAML2 SP and integrate with a third-party IdP

Chapter 5: Installing and Deploying AM

Install a new AM instance configured with external directory server data stores as the foundation for an AM cluster, modify the AM configuration to harden security, upgrade an AM instance to a new version, and deploy the Ping Identity Platform, formerly known as the ForgeRock® Identity Platform, to the Google Cloud Platform (GCP).

Lesson 1: Installing and Upgrading AM
Install AM using interactive and command-line methods creating the foundations for a cluster topology, and upgrade an AM 7.0.1 instance to AM 7.3:

Plan deployment configurations
Prepare before installing AM
Deploy AM
Outline tasks and methods to install AM
Install AM with the web wizard
Install an AM instance with the web wizard
Install AM and manage configuration with Amster
Install Amster
Describe the AM bootstrap process
Upgrade an AM instance
Upgrade AM with the web wizard
(Optional) Upgrade AM with the configuration tool

Lesson 2: Hardening AM Security
Explore a few default configuration and security settings that need to be modified before migrating to a production-ready solution:

Harden AM security
Adjust default settings
Harden AM security
Describe secrets, certificates, and keys
Describe keystores and secret stores
Manage the AM keystore, aliases, and passwords
Configure and manage secret stores
Configure an HSM secret store to sign OIDC ID tokens
Describe the monitoring tools
Describe the audit logging
Describe debug logging
Capture troubleshooting information
Capture troubleshooting information

Lesson 3: Clustering AM
Create an AM cluster with a second AM instance added to the first AM instance that has already been installed:

Explore high availability solutions
Scale AM deployments
Describe AM cluster concepts
Create an AM cluster
Prepare the initial AM cluster
Install another AM server in the cluster
Test AM cluster failover scenarios
(Optional) Modify the cluster to use client-side sessions

Lesson 4: Deploying the Identity Platform to the Cloud
Deploy the Identity Platform into a cluster in a Google Kubernetes Environment (GKE):

Describe the Identity Platform
Prepare your deployment environment
Deploy and access the Identity Platform
Access and authenticate your GCP account
Prepare to deploy the Identity Platform
Deploy the Identity Platform with the Cloud Development Kit (CDK)
Remove the Identity Platform deployment

Apr 20

5 days

More information

AM-410-BVP Rev B.1

PingAM Deep Dive

Note: This course revision is based on version 7 of AM.

Upon completion of this course, you should be able to:

Start with an unprotected website and end up with a fully functional access management solution where every user trying to access the website is redirected to AM for authentication
Improve access management security in AM with multi-factor authentication (MFA), context-based risk analysis, and continuous risk checking
Implement OAuth 2.0 (OAuth2) based protocols; namely, OAuth2 and OpenID Connect 1.0 (OIDC), to enable low-level devices and mobile applications to make requests that access resources belonging to a subscriber. AM can be configured to function as an OIDC client and delegate authentication to social media OIDC providers
Demonstrate federation across entities using SAML v2.0 (SAML2) with AM
Install a new AM instance configured with external directory server data stores as the foundation for an AM cluster

The following are the prerequisites for successfully completing this course:

Completion of the PingAM Essentials course available at: https://backstage.forgerock.com/university/forgerock/on-demand/path/TGVhcm5pbmdQYXRoOjI%3D/chapter/Q291cnNlOjE1NzIy
Knowledge of UNIX/Linux commands
An understanding of HTTP and web applications
A basic understanding of how directory servers function
A basic understanding of REST
A basic knowledge of Java based environments would be beneficial, but no programming experience is required

Chapter 1: Enhancing Intelligent Access

Start with an unprotected website and end up with a fully functional access management solution where every user trying to access the website is redirected to AM for authentication.

Lesson 1: Exploring Authentication Mechanisms
Explore the AM admin UI, view the role of cookies used during and after authentication, and describe authentication trees and nodes:

Introduce AM authentication
Understand realms
Describe authentication life cycle
Explain sessions
Examine session cookies
Access the lab environment
Examine an initial AM installation
Configure a realm and examine AM default authentication
Experiment with session cookies
Describe the authentication mechanisms of AM
Create and manage trees
Explore tree nodes
Create a login tree
Test the login tree

Lesson 2: Protecting a Website With PingGateway
Show how PingGateway, formerly known as ForgeRock® Identity Gateway, integrated with AM, can protect a website:

Present AM edge clients
Describe PingGateway functionality as an edge client
Review the FEC website protected by PingGateway
Integrate the FEC website with AM
Observe the PingGateway token cookie
(Optional) Review PingGateway configuration
Authenticate identities with AM
Create an authentication tree with an LDAP Decision node
Integrate identities in AM with an identity store
Integrate an identity store with AM

Lesson 3: Controlling Access
Create security policies to control which users can access specific areas of the website:

Describe entitlements with AM authorization
Define AM policy components
Define policy environment conditions and response attributes
Describe the process of policy evaluation
Implement access control on a website

Chapter 2: Improving Access Management Security

Improve access management security in AM with MFA, context-based risk analysis, and continuous risk checking.

Lesson 1: Increasing Authentication Security
Increase authentication security using MFA:

Describe MFA
Register a device
Include recovery codes
Examine OATH authentication
Implement time-based one-time password (TOTP) authentication
(Optional) Implement HMAC-based one-time password (HOTP) authentication
Examine Push notification authentication
(Optional) Implement Push notification authentication
Implement passwordless WebAuthn
(Optional) Implement passwordless WebAuthn
Examine HOTP authentication using email or SMS
(Optional) Implement HOTP authentication using email or SMS

Lesson 2: Modifying a User’s Authentication Experience Based on Context
Describe how AM can take into account the context of an authentication request in order to make access decisions:

Introduce context-based risk analysis
Describe device profile nodes
Determine the risk based on the context
Implement a browser context change script
Lock and unlock accounts
Implement account lockout

Lesson 3: Checking Risk Continuously
Review the AM tools used to check the risk level of requests continuously:

Introduce continuous contextual authorization
Describe step-up authentication
Implement step-up authentication flow
Describe transactional authorization
Implement transactional authorization
Prevent users from bypassing the default tree

Chapter 3: Extending Services Using OAuth2-Based Protocols

Discuss OAuth2 concepts
Describe OAuth2 tokens and codes
Describe refresh tokens, macaroons, and token modification
Request OAuth2 access tokens with OAuth2 grant types
Explain OAuth2 scopes and consent
Configure OAuth2 in AM
Configure AM as an OAuth2 provider
Configure AM with an OAuth2 client
Test the OAuth2 Device Code grant type flow

Lesson 2: Integrating Applications With OIDC
Integrate an application using OIDC and the Authorization grant type flow with AM as an OIDC provider:

Introduce OIDC
Describe OIDC tokens
Explain OIDC scopes and claims
List OIDC grant types
Create and use an OIDC script
Create an OIDC claims script
Register an OIDC client and configure the OAuth2 Provider settings
Test the OIDC Authorization Code grant type flow

Examine OAuth2 client authentication
Examine OAuth2 client authentication using JWT profiles
Examine OAuth2 client authentication using mTLS
Authenticate an OAuth2 client using mTLS
Examine certificate-bound PoP when mTLS is configured
Obtain a certificate-bound access token

Lesson 4: Transforming OAuth2 Tokens
Request and obtain security tokens from an OAuth2 authorization server, including security tokens that employ impersonation and delegation semantics:

Describe OAuth2 token exchange
Explain token exchange types and purpose for exchange
Describe token scopes and claims
Implement a token exchange impersonation pattern
Implement a token exchange delegation pattern
Configure token exchange in AM
Configure AM for token exchange
Test token exchange flows

Lesson 5: (Optional) Implementing Social Authentication
Provide a way for users to register and authenticate to AM using a social account:

Delegate registration and authentication to social media providers
Implement social registration and authentication with Google

Chapter 4: Federating Across Entities Using SAML2

Demonstrate federation across entities using SAML2 with AM.

Lesson 1: Implementing SSO Using SAML2
Demonstrate single sign-on (SSO) functionality across organizational boundaries:

Discuss SAML2 entities and profiles
Explain the SAML2 flow from the identity provider (IdP) point of view
Examine SSO across SPs
Configure AM as an IdP and integrate with third-party service providers (SPs)
Examine SSO between an SP and IdP and across SPs

Lesson 2: Delegating Authentication Using SAML2
Delegate authentication to a third-party IdP using SAML2 and examine the metadata:

Explain the SSO flow from the SP point of view
Describe the metadata content and purpose
Configure AM as a SAML2 SP and integrate with a third-party IdP

Chapter 5: Installing and Deploying AM

Lesson 1: Installing and Upgrading AM
Install AM using interactive and command-line methods creating the foundations for a cluster topology, and upgrade an AM 7.0.1 instance to AM 7.3:

Plan deployment configurations
Prepare before installing AM
Deploy AM
Outline tasks and methods to install AM
Install AM with the web wizard
Install an AM instance with the web wizard
Install AM and manage configuration with Amster
Install Amster
Describe the AM bootstrap process
Upgrade an AM instance
Upgrade AM with the web wizard
(Optional) Upgrade AM with the configuration tool

Lesson 2: Hardening AM Security
Explore a few default configuration and security settings that need to be modified before migrating to a production-ready solution:

Harden AM security
Adjust default settings
Harden AM security
Describe secrets, certificates, and keys
Describe keystores and secret stores
Manage the AM keystore, aliases, and passwords
Configure and manage secret stores
Configure an HSM secret store to sign OIDC ID tokens
Describe the monitoring tools
Describe the audit logging
Describe debug logging
Capture troubleshooting information
Capture troubleshooting information

Lesson 3: Clustering AM
Create an AM cluster with a second AM instance added to the first AM instance that has already been installed:

Explore high availability solutions
Scale AM deployments
Describe AM cluster concepts
Create an AM cluster
Prepare the initial AM cluster
Install another AM server in the cluster
Test AM cluster failover scenarios
(Optional) Modify the cluster to use client-side sessions

Lesson 4: Deploying the Identity Platform to the Cloud
Deploy the Identity Platform into a cluster in a Google Kubernetes Environment (GKE):

Describe the Identity Platform
Prepare your deployment environment
Deploy and access the Identity Platform
Access and authenticate your GCP account
Prepare to deploy the Identity Platform
Deploy the Identity Platform with the Cloud Development Kit (CDK)
Remove the Identity Platform deployment

Apr 20

5 days

More information

AIC-CERT-PREP Rev A.1

Certified Professional - PingOne Advanced Identity Cloud Exam Preparation

This course helps prepare students to take the Certified Professional - PingOne Advanced Identity Cloud exam, formerly known as the ForgeRock® Identity Cloud Certified Professional exam. This is accomplished by presenting students with information concerning exam contents, logistics, tips for preparing to take the exam, lab exercises to cover exam contents, and a sample exam that is representative of the exam, itself.

Upon completion of this course, you should be able to:

Register to take the exam
Prepare for the exam using recommended study materials
Take the exam either remotely or at a Pearson Testing Center

The following are the prerequisites for successfully completing this course:

Successful completion of the AIC-300 Getting Started With PingOne Advanced Identity Cloud for Administrators course
Thorough understanding of all PingOne Advanced Identity Cloud documentation and Knowledge Base articles on Backstage
3-6 months of experience configuring and administering PingOne Identity tenants
Working knowledge of OAuth 2.0, OpenID Connect and SAML v2.0

Course Contents

Exam Overview

Explain exam metrics and passing scores
Provide an approach for responding to test questions
Identify options for registering and taking the exam
Describe testing center requirements
Describe requirements for taking the exam online
Show how to access exam results

Exam Details

Review the exam details and requirements
Explain exam topics and study areas
Present the objectives covered in the exam
Review important concepts associated with exam objectives
Review sample questions associated with objectives
Provide applicable materials for review

Lab Exercises

Research topics which will be covered in the exam
Navigate the PingOne Advanced Identity Cloud admin UI
Describe PingOne Advanced Identity Cloud configuration settings
Explain how to perform PingOne Advanced Identity Cloud related tasks
Configure PingOne Advanced Identity Cloud related services

Sample Exam

Test a student’s knowledge of PingOne Advanced Identity Cloud
Provide students with a representative exam experience

Apr 23

1 day

More information

IGA-400-BVP Rev A.1

PingOne Advanced Identity Cloud Identity Governance

This course provides a hands-on technical introduction to PingOne Advanced Identity Cloud Identity Governance (Identity Governance). Further information and guidance can be found in the documentation and knowledge base in the online repositories at: Backstage https://backstage.forgerock.com.

Note: This course is based on PingOne Advanced Identity Cloud (Advanced Identity Cloud) with the Identity Governance functionality added.

Upon completion of this course, you should be able to:

Discover how to access, manage, and work with Identity Governance capabilities
Create target applications and configure their mapping with Advanced Identity Cloud, reconcile entitlements from the applications, and provision accounts to the applications
Create and manage workflows, access requests for resources (entitlements, applications, roles), forms for access requests, and governance glossary items
Create and start scheduled and event-based certification campaigns to verify user access, and manage compliance by implementing Segregation of Duties (SoD) policies and rules

The following are the prerequisites for successfully completing this course:

Completion of the Getting Started With PingOne Advanced Identity Cloud for Administrators course.
Recommended completion of the PingOne Advanced Identity Cloud Administration course.
Knowledge of basic Windows/PowerShell commands
An understanding of HTTP and web applications
A basic understanding of how directory servers function
A basic understanding of REST
A familiarity with the Advanced Identity Cloud admin and end-user UIs

Chapter 1: Introducing Identity Governance

Discover how to access, manage, and work Identity Governance capabilities.

Lesson 1: Introducing Identity Governance

Describe Identity Governance and the related capabilities available in Advanced Identity Cloud:

Describe the purpose of Identity GovernanceIntroduce Identity Governance
Access Advanced Identity CloudDescribe the course environment and architecture
Access your CloudShare environment
Access your Advanced Identity Cloud tenant
Access and explore your PingOne tenant environment

Lesson 2: Onboarding Applications and Identities

Create applications for onboarding users:

Explain Identity Governance terminology
Describe application typesRegister and manage applications
Connect an application with an identity source
Configure application provisioning
Onboard and provision users, roles, and entitlements
Create a connector server in Advanced Identity Cloud
Connect the RCS with Advanced Identity Cloud
Customize the Advanced Identity Cloud user schema
Register an authoritative application and onboard identities

Chapter 2: Managing Identity Lifecycle and Entitlements

Create target applications and configure their mapping with Advanced Identity Cloud, reconcile entitlements from the applications, and provision accounts to the applications.

Lesson 1: Reconciling Entitlements

Load and manage entitlements from target applications in Advanced Identity Cloud:

Describe entitlements
Manage entitlements
Assign and revoke entitlements to/from users and roles
Request access for an entitlement
Reconcile entitlements from Active Directory (AD)
Reconcile entitlements from PingOne

Lesson 2: Synchronizing Identity Data

Describe synchronization as a foundation of identity lifecycle management in Identity Governance, and provision and manage application accounts:

Describe the need for synchronization
Explore synchronization in Identity Governance
Describe how changes are managed during synchronization
Provision and manage application accounts
Provision an account to AD
Provision an account and entitlement to PingOne

Chapter 3: Creating and Managing Workflows and Access Requests

Create and manage workflows, access requests for resources (entitlements, applications, roles), forms for access requests, and governance glossary items.

Lesson 1: Managing Access Requests for Resources

Create, review, and manage access requests for resources, such as applications, entitlements, and roles:

Explain access request conceptsAccess request administration
Request access to resources
Review and handle access requests
Request to provision an AD account with entitlements
Request to provision PingOne accounts with entitlements
Define a conditional provisioning role
Define and request a provisioning role

Lesson 2: Managing Glossary Items and Scopes

Create and manage governance glossary items and scopes to manage what can be requested:

Describe the governance glossary
Define and populate glossary attribute values
Use glossary attribute values as filters
Request access to entities for others
Create scopes to control what can be requested
Define glossary items for use in workflows and scopes
Create access requests for others and add scopes

Lesson 3: Creating Workflows, Request Types, and Forms

Manage workflows, request types, and forms for customizing access requests, and schedule a task scanner job:

Create and manage workflows
Build a workflow with nodes
Create and manage request types
Create and manage forms for customized user-interaction
Designing forms in the form editorCreate and manage a task scanner
Create new workflows and update default workflows
Create and manage forms to customize user interaction

Chapter 4: Managing Certifications and Compliance

Create and start scheduled and event-based certification campaigns to verify user access, and manage compliance by implementing SoD policies and rules.

Lesson 1: Configuring and Running Certifications

Prepare and perform certification of access to applications:

Certify access in Identity Governance
Create certification templates
Configure the certification templateManage certification templates
Create certification campaigns
Perform access reviews
Certify access based on events
Configure and initiate entitlement certifications
Certify entitlements for the certification campaign
Configure an event that triggers certification
Configure an event that initiates a workflow
Manage approvals for triggered events

Lesson 2: Managing Compliance With SoD

Manage compliance and implement SoD policies:

Describe SoDDefine policy rules
Configure compliance policies
Run compliance scans
Manage violations and exceptions
Create an SoD rule and policy
Run a compliance scan
Make a request that violates compliance

Apr 27

4 days

More information

P1-400-BVP Rev A.1

PingOne Administration

This course gives learners the tools to get started with PingOne administration. It covers initial setup tasks, including creating and managing PingOne environments, application integration, and customization. This course also provides information on most common administration tasks, including user and group management, managing access policies, best practices, and troubleshooting of common issues.

Upon completion of this course, you should be able to:

Summarize PingOne capabilities and key features, describe PingOne support resources, and create a new PingOne environment
Demonstrate administration of PingOne user populations, user roles, attributes, and groups
Demonstrate integration and troubleshooting of PingOne applications
Demonstrate how to use access control policies within PingOne
Describe how to manage the process of establishing a person’s identity and then using this identity in later transactions within PingOne
Demonstrate troubleshooting techniques and best practices within PingOne

The following are the prerequisites for successfully completing this course:

Completion of the following courses available at: https://backstage.forgerock.com/university/ping/on-demand/category/PING
PingOne Fundamentals
Introduction to PingOne MFA
Getting Started With PingOne MFA
Getting Started With PingOne SSO
(Optional) Introduction to PingOne DaVinci

Chapter 1: Introducing PingOne

Summarize PingOne capabilities and key features, describe PingOne support resources, and create a new PingOne environment.

Lesson 1: Providing an Overview of PingOne

Summarize PingOne capabilities and key features:

Describe PingOne as a cloud-based IDaaS solution
Describe PingOne environment solutions
Create a new environment

Lesson 2: Introducing Ping Identity Support Resources

Describe PingOne support resources:

Locate Ping Identity support resources

Chapter 2: Managing Users

Demonstrate administration of PingOne user populations, user roles, attributes, and groups.

Lesson 1: Managing Users and Populations
Describe how to manage users in PingOne, including how to create populations and add individual users:

Review default users
Edit default users
Create populations
Create a new population
Create new users
Create a new user

Lesson 2: Managing User Roles, Attributes, and Groups

Create a new population and new users:

Manage administrator roles
Assign roles to administrators
Understand user attributes
Manage user attributes
Manage user groups
Manage user group memberships

Chapter 3: Defining Application Integration

Demonstrate integration and troubleshooting of PingOne applications

Lesson 1: Describing the Supported Federation Protocols

Understand the various identity federation protocols used within PingOne:

Understand federation protocols
Add an application from the catalog
Understand SAML2
Add a custom SAML2 application
Understand OAuth2
Understand OIDC
Add a custom OIDC application
Administer the Application Portal

Lesson 2: Troubleshooting Common PingOne Issues

Describe common issues that occur in PingOne, troubleshooting steps, and best practices:

Describe authentication failures
Define SSO failures
Describe attribute mapping errors
Determine certificate issues
Define group membership issues
Describe application integration issues
Define gateway access issues
Describe best practices

Chapter 4: Configuring Access Control

Demonstrate how to use access control policies within PingOne.

Lesson 1: Managing Authentication Policies

Describe how to create and manage authentication policies in PingOne:

Describe authentication policies
Create an authentication policy

Lesson 2: Managing Password Policies

Describe how to manage password policies in PingOne:

Define password policies
Edit a password policy

Lesson 3: Using Additional Authentication Methods

Describe how to create and manage authentication methods used in PingOne policies:

Describe MFA and FIDO policies
Create an MFA policy
Create a FIDO policy

Chapter 5: Managing the Identity Lifecycle

Describe how to manage the process of establishing a person’s identity and then using this identity in later transactions within PingOne.

Lesson 1: Managing User Onboarding

Discuss the initial stages of the identity lifecycle within PingOne, and describe how new user accounts are created and made ready for access:

Onboard users
Create users manually

Lesson 2: Understanding User Provisioning

Explain how PingOne automates the management of user access to applications, building upon the user identities created during onboarding:

Provision users

Lesson 3: Understanding User Maintenance

Describe how to manage the user maintenance capabilities in PingOne:

Administer user accounts
Manage a user account

Lesson 4: Managing User Offboarding

Understand the critical process of user offboarding within PingOne:

Offboard users

Lesson 5: Monitoring and Reporting

Explain the importance of monitoring and reporting within PingOne:

Monitor activity and view reports

Chapter 6: Troubleshooting and Best Practices

Demonstrate troubleshooting techniques and best practices within PingOne.

Lesson 1: Managing the Troubleshooting Process

Summarize the troubleshooting process and common techniques within PingOne:

Introduce the troubleshooting process
Understand common troubleshooting techniques

Lesson 2: Reviewing Best Practices

Summarize PingOne administration best practices:

Maintain a healthy PingOne environment

Apr 27

2 days

More information

Unlock your full potential in IAM

This is Identitrain

Choose Your Path to IAM Mastery

Built for Every IAM Professional

Training Designed by Practitioners, Proven in the Field

Join a Growing Community of IAM Experts

Upcoming Courses

Getting Started With PingOne Advanced Identity Cloud for Administrators

PingAM Deep Dive

PingAM Deep Dive

Certified Professional - PingOne Advanced Identity Cloud Exam Preparation

PingOne Advanced Identity Cloud Identity Governance

PingOne Administration

Unlock your full potential in IAM

This is Identitrain

Choose Your Path to IAM Mastery

Built for Every IAM Professional

Training Designed by Practitioners, Proven in the Field

Join a Growing Community of IAM Experts

Upcoming Courses

Getting Started With PingOne Advanced Identity Cloud for Administrators

PingAM Deep Dive

PingAM Deep Dive

Certified Professional - PingOne Advanced Identity Cloud Exam Preparation

PingOne Advanced Identity Cloud Identity Governance

PingOne Administration

Upcoming
Courses

Upcoming
Courses