Unlock your full potential in IAM
This is Identitrain
Master Identity and Access Management with world-class training designed by experts who live it every day.
Led by practitioners, not theorists, our training gives you the skills to design, implement, and secure identity solutions that protect what matters most.
Choose Your Path to IAM Mastery
Whether you’re starting your IAM journey or advancing toward certification, our structured
learning paths guide you every step of the way. Select from Identity Management, Access Management,
Governance, or Best Practices tracks designed to match your role and goals.
Built for Every IAM Professional
From architects and developers to project managers and business leaders, Identitrain delivers
training that fits your role. Whether you’re designing IAM strategies, building integrations, or
leading transformation projects, we’ve got a path for you.
Training Designed by Practitioners, Proven in the Field
Our instructors bring years of real-world IAM experience into the classroom. We blend
vendor-agnostic fundamentals with deep expertise in leading platforms like Ping, SailPoint, Okta, and
beyond. Every course is modular, lab-focused, and designed to give you actionable skills you can
immediately put to use!
Join a Growing Community of IAM Experts
Training doesn’t end with the last session. Graduates join our global practitioner network,
gaining access to peer discussions, expert webinars, alumni resources, and exclusive discounts.
Learn, connect, and grow alongside IAM professionals worldwide.
Upcoming
Courses
IG-430-BVP Rev A
PingGateway Deep Dive
The aim of this course is to showcase the key features and capabilities of the versatile and powerful edge security solution with the PingGateway environment, formerly known as ForgeRock® Identity Gateway. It provides the student with the knowledge and confidence to manage their own environment. It is accepted that this course is not able to demonstrate all the features and capabilities of PingGateway. Further information and guidance can be found in the documentation and knowledge base documents in the online repositories at: Backstage https://backstage.forgerock.com.
Note: Revision A of this course is based on version 7.2 of PingGateway.
Upon completion of this course, you should be able to:
- Integrate and protect web applications, APIs, legacy applications, and microservices with the Ping Identity Platform (Identity Platform), formerly known as ForgeRock® Identity Platform, by using PingGateway
- Add authentication to the ForgeRock Entertainment Company (FEC) solution using PingOne Advanced Identity Cloud (Advanced Identity Cloud), formerly known as ForgeRock® Identity Cloud, or PingAM (AM), formerly known as ForgeRock® Access Management, as the access manager, OpenID Connect (OIDC) provider, and Security Assertion Markup Language (SAML2) identity provider (IdP)
- Demonstrate how to use PingGateway to manage access to a website using Advanced Identity Cloud (or AM) policies and policies with advice
- Protect a REST API with PingGateway and extend PingGateway functionality with scripting
- Highlight various areas that must be taken into account when preparing PingGateway for a production environment. Topics discussed include auditing, monitoring, tuning, security, and deployment
The following are the prerequisites for successfully completing this course:
- Completion of the PingGateway Essentials course available at: https://backstage.forgerock.com/university/forgerock/on-demand/path/TGVhcm5pbmdQYXRoOjQ%3D/chapter/Q291cnNlOjE1NzI2
Chapter 1: Integrating Applications With PingGateway
Integrate and protect web applications, APIs, legacy applications, and microservices with Identity Platform by using PingGateway.
Lesson 1: Introducing PingGateway
Introduce PingGateway and discuss scenarios for protecting web applications, APIs, and legacy applications:
Introduce PingGateway and discuss scenarios for protecting web applications, APIs, and legacy applications:
- Introduce PingGateway
- Describe PingGateway features
- Compare PingGateway with policy agents
- Explore PingGateway integration with web applications
- Describe PingGateway integration with OIDC and SAML
- Explore PingGateway policy enforcement and second-factor authentication (2FA)
- Describe PingGateway protection of APIs
- Access your CloudShare VM
- Examine the lab environment
- Access the FEC and DVD4U websites
Lesson 2: Fronting a Website With PingGateway
Configure PingGateway to listen for secure connections, operate in development mode, and be a reverse proxy in front of the FEC website:
Configure PingGateway to listen for secure connections, operate in development mode, and be a reverse proxy in front of the FEC website:
- Examine the PingGateway configuration structure
- Describe required PingGateway configuration
- Configure PingGateway for secure connections
- Configure PingGateway routes
- Creating and managing routes in PingGateway Studio
- Protect a website by using PingGateway Studio
- Upgrade a route to use WebSockets
- Configure PingGateway for development mode and TLS connections
- Protect the FEC website with PingGateway by using PingGateway Studio
- Manage routes in PingGateway Studio and examine PingGateway log files
Lesson 3: Routing Requests and Responses
Configure PingGateway to route requests depending on external conditions, and use various filters and handlers to process requests and responses within a route:
Configure PingGateway to route requests depending on external conditions, and use various filters and handlers to process requests and responses within a route:
- Describe the PingGateway object model
- Examine objects available in routes
- Retrieve context data and configure sessions
- Route requests depending on conditions
- Describe route handlers
- Manage requests and responses with a route handler
- Process requests and responses with filters
- Create a route to allow access to a public area of FEC
- Add a page not found route
- Create a route to access the legacy DVD4U application
- Add password replay for the DVD4U application
Lesson 4: Configuring PingGateway Logging and Capturing Route Communication
Introduce decorators, capture information in the PingGateway logs information using the CaptureDecorator, and retrieve credentials from a file with a FileAttributesFilter:
Introduce decorators, capture information in the PingGateway logs information using the CaptureDecorator, and retrieve credentials from a file with a FileAttributesFilter:
- Manage PingGateway logs
- Introduce Decorators
- Configure route activity logs
- Capture inbound and outbound communication
- Retrieve credentials from a file
- Observe requests and responses in PingGateway logs
- Test different capture configuration settings
- Centralize PingGateway logging configuration
- Modify the DVD4U route to get credentials from a file
- Use Logback configuration for troubleshooting
Chapter 2: Configuring Agentless Single Sign-On
Add authentication to the FEC solution, using Advanced Identity Cloud or AM as the access manager, OIDC provider, and SAML2 identity provider.
Lesson 1: Implementing Authentication with the SSO Filter
Implement authentication for websites with the single sign-on (SSO) filter by using PingGateway to interact with Advanced Identity Cloud or AM as the authentication server, to ensure access to non-public content requires authentication:
Implement authentication for websites with the single sign-on (SSO) filter by using PingGateway to interact with Advanced Identity Cloud or AM as the authentication server, to ensure access to non-public content requires authentication:
- Create a route by using the PingGateway Studio Freeform Designer
- Configure Advanced Identity Cloud or AM as a service
- Describe how to use the SSO Filter
- Retrieve user data from the authentication provider
- Configure PingGateway as an HTTPS client
- Create a route with the PingGateway Studio Freeform Designer
- Redirect requests to AM for authentication
- Configure PingGateway for client-side HTTPS
- Access properties in SSO token context
- Retrieve user profile data for display in a web page
- Store information in a PingGateway HTTP session
- Configure capture decorators in Freeform Designer
Lesson 2: Configuring CDSSO for the Legacy Application
Configure cross-domain single sign-on (CDSSO) to support applications located in different domains, by using the CrossDomainSingleSignOnFilter:
Configure cross-domain single sign-on (CDSSO) to support applications located in different domains, by using the CrossDomainSingleSignOnFilter:
- Describe the CDSSO Filter
- Configure the CDSSO Filter Solution
- Configure CDSSO redirect endpoints
- Integrate the legacy application with CDSSO
- Create a new route to protect DVD4U with CDSSO and AM
- Update the DVD4U route to automatically log in the authenticated user
- Prepare the Advanced Identity Cloud tenant
- Protect the DVD4U and FEC websites using CDSSO with Advanced Identity Cloud
Lesson 3: Performing SSO With PingGateway as an OIDC Relying Party
Configure PingGateway to operate as an OIDC client (relying party) to offer potential subscriber users access to the trial sections and immediate access to promotional content of the website by using their Gmail account:
Configure PingGateway to operate as an OIDC client (relying party) to offer potential subscriber users access to the trial sections and immediate access to promotional content of the website by using their Gmail account:
- Describe basic OIDC concepts
- Configure PingGateway as an OIDC client
- Examine the flow of OIDC redirects for authentication and consent
- Explore the flow of OIDC callbacks and data injection
- Configure an OIDC relying party route
- Examine the OIDC relying party solution
Lesson 4: Providing SSO with PingGateway as a SAML2 SP
Configure PingGateway to act as a SAML2 service provider (SP), enabling an application to be SAML2-compliant:
Configure PingGateway to act as a SAML2 service provider (SP), enabling an application to be SAML2-compliant:
- Authenticate with a SAML2 identity provider (IdP)
- Describe the use of the SAML federation handler
- Describe the use of the dispatch handler
- Describe the SAML2 implementation flow
- Set up SAML2 configuration files for PingGateway
- Configure a SAML2 route for the trial section
- Examine the SAML2 solution (optional)
Chapter 3: Controlling Access with PingGateway as Policy Enforcement Point
Demonstrate how to use PingGateway to manage access to a website using Advanced Identity Cloud (or AM) policies and policies with advice.
Lesson 1: Implementing Authorization With a Policy Enforcement Filter
Configure PingGateway to manage access to a website by evaluating policies configured in Advanced Identity Cloud (or AM) and using a PolicyEnforcementFilter:
Configure PingGateway to manage access to a website by evaluating policies configured in Advanced Identity Cloud (or AM) and using a PolicyEnforcementFilter:
- Describe the use of the Policy Enforcement Filter
- Illustrate the use of the Policy Enforcement Filter
- Configure a policy enforcement point (PEP) route for the premium section of FEC
- Examine the PEP solution (optional)
Lesson 2: Providing Step-Up Authentication and Transactional Authorization
Illustrate how PingGateway handles step-up authentication and transactional authorization policy advices with Advanced Identity Cloud (or AM):
Illustrate how PingGateway handles step-up authentication and transactional authorization policy advices with Advanced Identity Cloud (or AM):
- Describe step-up authentication
- Illustrate how PingGateway handles step-up authentication
- Describe transactional authorization
- Illustrate how PingGateway handles transactional authorization
- Configure a PEP route for the on demand and profile sections of FEC
- Examine the profile solution (optional)
- Examine the on-demand solution (optional)
Chapter 4: Protecting a REST API
Protect a REST API with PingGateway and extend PingGateway functionality with scripting.
Lesson 1: Configuring PingGateway as an OAuth2 Resource Server
Configure PingGateway to act as an OAuth2 resource server that protects a REST API:
- Describe the use of the OAuth2 resource server filter
- List access token resolvers
- Validate certificate-bound access tokens
- Observe the flow with the token introspection resolver
- Prepare the OAuth2 solution to protect the FEC REST API
- Configure PingGateway to protect the FEC REST APIs
- Examine the REST API solution (optional)
Lesson 2: Extending Functionality With Scripts
Log information on context, implement dynamic scopes to manage access to resources, and refine allowed access using script-based objects in PingGateway:
Log information on context, implement dynamic scopes to manage access to resources, and refine allowed access using script-based objects in PingGateway:
- Describe the scripting functionality for extending PingGateway
- Explore scriptable objects
- Examine dynamic scopes solution
- Describe OAuth2 token swapping in PingGateway
- Configure a scriptable filter to log the content of the OAuth2 context
- Configure a dynamic scopes script
- Configure a scriptable filter to retrieve the correct favorite list
Chapter 5: Preparing for Production with PingGateway
Highlight various areas that must be taken into account when preparing PingGateway for a production environment. Topics discussed include auditing, monitoring, tuning, security, and deployment.
Lesson 1: Auditing, Monitoring, and Tuning a PingGateway Solution
Prepare PingGateway for a production environment by considering auditing, monitoring, tuning, security, and deployment topics:
Prepare PingGateway for a production environment by considering auditing, monitoring, tuning, security, and deployment topics:
- Describe the audit framework
- Excluding sensitive data from audit logs
- Accessing the Common REST API monitoring endpoint
- Decreasing the number of requests through caching
Lesson 2: Developing an Awareness of Security Questions With PingGateway
Develop awareness of best practices, describe JwtSessions, examine common secrets, and manage request rates and throttling:
Develop awareness of best practices, describe JwtSessions, examine common secrets, and manage request rates and throttling:
- Discuss PingGateway best practices regarding security
- Examine the common secrets
- Explore secret store types
- Describe throttling
- Create common secret stores
- Configure throttling
Lesson 3: Deploying PingGateway
Explore how to deploy PingGateway into a production context by using property value substitution and clustering:
Explore how to deploy PingGateway into a production context by using property value substitution and clustering:
- Describe property value substitution
- Set up multiple PingGateway instances
- Integrate configuration tokens in the solution
- Deploy a second PingGateway instance
PingGatewayForgeRock Identity PlatformPingOne Advanced Identity CloudPingAM
PD-400-BVP Rev A.1
PingDirectory Administration
This course provides the knowledge you need to install and administer each component of the PingDirectory platform which includes: PingDirectory server, PingDirectoryProxy server, PingDataSync server, the PingData Software Development Kit (SDK), and Delegated User Administration. This course references real-world scenarios driven by recurring use cases. You learn how to install each PingDirectory platform component, perform basic maintenance, using the monitoring and troubleshooting tools. While, hands-on lab exercises provide the first-hand experience installing, configuring, tuning, and using the troubleshooting tools
This course is built on version 10.
Upon completion of this course, you should be able to:
- Describe the PingDirectory capabilities and key features, summarize the installation procedures, and review the initial configuration tasks
- Deploy, fine tune, and configure the PingDirectory server to meet the needs of your production environment
- Describe how to install and manage the PingDirectoryProxy server
- Describe the functions provided by the PingDataSync server, and how to install, configure, and synchronize the PingDataSync server
- Describe common maintenance and necessary troubleshooting tasks needed to optimize PingDirectory performance.
The following are the prerequisites for successfully completing this course:
- Knowledge of UNIX/Linux commands.
- A basic understanding of how directory servers function.
- A basic understanding of REST and HTTP.
- A basic knowledge of Java based environments would be beneficial, but no programming experience is required.
- Completion of the Introduction to PingDirectory available at: https://backstage.pingidentity.com/university/
Chapter 1: Installing PingDirectory
Describe the PingDirectory capabilities and key features, summarize the installation procedures, and review the initial configuration tasks.
Lesson 1: Providing an Overview of PingDirectory
Describe the capabilities and key features of PingDirectory:
- Describe the key features of PingDirectory
Lesson 2: Installing the PingDirectory Server
Summarize the PingDirectory server installation procedures:
- Perform pre-installation procedures
- Install PingDirectory
- Describe post-installation procedures
Lesson 3: Completing Initial Configuration
Complete the PingDirectory server initial configuration settings:
- Use server profiles
- (Optional) Install PingDirectory
Chapter 2: Deploying PingDirectory
Deploy, fine tune, and configure the PingDirectory server to meet the needs of your production environment.
Lesson 1: Managing the Schema
Lesson 1: Managing the Schema
Describe the functions of the schema, and modify the schema by creating new attribute types, object classes, and a new custom user:
- Describe the schema
- Modify the schema
- Modify the schema
- Modify object classes
- Create auxiliary object classes
- Load custom schema elements
Lesson 2: Managing Objects
Define objects in LDAP and use the command-line tools to search, add, modify, and delete entries:
- Search entries
- Manage entries
- Create objects
Lesson 3: Using Security and Encryption
Describe the basic vulnerabilities in LDAP server implementations, secure server data, use the encryption-settings tool to create an encryption settings database, and create sensitive attributes:
- Prevent data vulnerability
- Keep data secure
- Configure encryption settings
Lesson 4: Using Virtual Attributes
Define virtual attributes and their use, recall the virtual attribute types, and create mirrored virtual attributes:
- Define virtual attributes
- Administer virtual attributes
Lesson 5: Managing Password Policies
Describe how to use password policies, and then create and assign password policies to individual accounts and/or user groups:
- Describe password policies
- Create a password policy
Lesson 6: Administering JSON Attributes
Describe how to manage and create JSON attributes:
- Manage JSON attributes
- Create JSON attributes
- Manage the Password Policy State JSON
- Administer JSON Attributes
Lesson 7: Managing the REST APIs
Describe the available REST APIs, list the HTTP methods available, and use the Directory REST API to create and update user entries:
- Understand the Rest APIs
- Use the SCIM 2.0 REST API
- Administer the Directory REST API
Lesson 8: Managing Logging
List the three types of available log publishers, describe the elements of the log format, and create log publishers:
- Manage log publishers
- Configure logging
- Create a log publisher
Lesson 9: Managing Replication
Define the replication process and architecture, set up a server topology, enable the replication process, and initialize new replicas:
- Understand replication
- Enable replication
- Resolve conflicts
- Understand the replication protocol
- Use replication over WAN
- Plan deployment
- Configure replication
- Scale replication
- Enable the replication process
Lesson 10: Managing Server Topologies
Discuss the topology registry, create server groups to aid in configuration changes, and compare configurations on separate directory servers:
- Define the topology registry
- Administer the server topology
Chapter 3: Administering the PingDirectoryProxy Server
Describe how to install and manage the PingDirectoryProxy server.
Lesson 1: Providing an Overview of the PingDirectoryProxy Server
Describe the capabilities and key features of the PingDirectoryProxy server:
- Describe the key features
Lesson 2: Installing the PingDirectoryProxy Server
Describe how to install the PingDirectoryProxy server:
- Describe the installation process
- Install the PingDirectoryProxy server
- Lesson 3: Managing the PingDirectoryProxy Server
- Describe the key advanced PingDirectoryProxy server transformation features:
- Describe the proxy transformations
- Understand entry balancing
- Create transformations
Chapter 4: Administering the PingDataSync Server
Describe the functions provided by the PingDataSync server, and how to install, configure, and synchronize the PingDataSync server.
Lesson 1: Providing an Overview of PingDataSync
Describe the capabilities and key features of the PingDataSync server:
- Describe the key features
Lesson 2: Installing the PingDataSync Server
Summarize the PingDataSync server installation procedures:
- Install the PingDataSync server
- Use the start, stop, and restart commands
- Describe the failover server
- Install the failover server
- Install the PingDataSync server
Lesson 3: Configuring the PingDataSync Server
Define and install the PingDataSync server components:
- Define Sync Pipe components
- Create the synchronization flow
- Use the retry mechanism
- Configure the PingDataSync server
- Configure and synchronize the PingDataSync server
Lesson 4: Synchronizing the PingDataSync Server
Describe the features needed, in a relational database and AD, to allow synchronization through the PingDataSync serve:
- Synchronize with a relational database
- Synchronize with AD
Chapter 5: Troubleshooting and Maintenance
Describe common maintenance and necessary troubleshooting tasks needed to optimize PingDirectory performance.
Lesson 1: Providing an Overview of the Server SDK
Provide an overview of the Server SDK:
- Describe the key features of the Server SDK
Lesson 2: Maintaining the PingDirectory Server
Summarize common PingDirectory maintenance tasks:
- Use the start, stop, and restart server commands
- Understand common maintenance tasks
- Perform maintenance tasks
- Understand Delegated Admin
- Configure Delegated Admin
- Administer Delegated Admin
- Understand data recovery
- Perform data recovery
Lesson 3: Monitoring a PingDirectory Deployment
Explain how monitoring is a vital part of a PingDirectory deployment:
- Monitor the PingDirectory server
Lesson 4: Troubleshooting the PingDirectory server
Provide information about available troubleshooting tools and log files to help ensure the resolution of any problems:
- Understand how to troubleshoot issues
- Repair a conflict resolution
- Use troubleshooting tools
PingDirectoryPingDirectoryProxyPingDataSync
AIC-400-BVP Rev A
PingOne Advanced Identity Cloud Administration
This course builds upon the Getting Started With PingOne Advanced Identity Cloud for Administrators training to provide advanced techniques for managing and configuring PingOne Advanced Identity Cloud (Advanced Identity Cloud). Students will master advanced authentication journeys with multi-factor authentication (MFA), implement context-based authorization policies, and learn to model complex identity objects with relationships between managed objects. The course covers essential synchronization techniques, including connector configuration, reconciliation, LiveSync, and role-based provisioning to manage identity flow between Advanced Identity Cloud and external resources. Participants will gain hands-on experience with the REST API for programmatic access to identity management features, enabling automation and integration with external systems. Through practical exercises, students will learn to deploy and configure PingGateway to protect websites, implement continuous contextual authorization, and create comprehensive identity management solutions.
Upon completion of this course, you should be able to:
- Recap authentication with Advanced Identity Cloud. Increase security by introducing MFA as well as context-based user journeys. Protect a website using PingGateway
- Implement and manage comprehensive authorization policies in Advanced Identity Cloud to control resource access and enable continuous contextual authorization
- Understand and configure Advanced Identity Cloud managed objects, their properties, and relationships to effectively model your identity data structures and implement delegated administration
- Configure and manage connections between Advanced Identity Cloud and external resources to enable identity synchronization, reconciliation, and role-based provisioning
- Master the Advanced Identity Cloud REST interfaces to authenticate, query, and manage identity objects programmatically
The following are the prerequisites for successfully completing this course:
- Completion of the Getting Started With PingOne Advanced Identity Cloud for Administrators course available at: https://backstage.pingidentity.com/university/
- Experience with Identity and Access Management
- Working knowledge of REST communication
Chapter 1: Administering Authentication Journeys
Recap authentication with Advanced Identity Cloud. Increase security by introducing MFA as well as context-based user journeys. Protect a website using PingGateway.
Lesson 1: (Recap) Exploring Authentication in Advanced Identity Cloud
- Provide a recap of authentication in Advanced Identity Cloud:
- Introduce the basic concepts of authentication
- Prepare the lab environment
- Describe the authentication mechanisms of Advanced Identity Cloud
- Examine Advanced Identity Cloud default authentication
- Create and manage journeys
- Explore journey nodes
- Create a login journey
- Test the login journey
Lesson 2: Increasing Authentication Security
Increase authentication security using MFA:
- Describe MFA
- Register a device
- Include recovery codes
- Examine OATH authentication
- Implement TOTP authentication
- Examine Push notification authentication
- Implement passwordless WebAuthn
- (Optional) Implement passwordless WebAuthn
Lesson 3: Modifying a User’s Journey Based on Context
Describe how Advanced Identity Cloud can take into account the context of an authentication request in order to take access decisions:
- Introduce context-based risk analysis
- Describe device profile nodes
- Determine the risk based on the context
- Implement a browser context change script
- Lock and unlock accounts
- (Optional) Implement account lockout
Lesson 4: Protecting a Website With PingGateway
Show how PingGateway, integrated with Advanced Identity Cloud, can protect a website:
- Present Advanced Identity Cloud edge clients
- Describe PingGateway functionality as an edge client
- Review the BXE website protected by PingGateway
- Integrate the BXE website with Advanced Identity Cloud
- Observe the PingGateway token cookie
- (Optional) Review PingGateway configuration
Chapter 2: Administering Authorization Policies
Implement and manage comprehensive authorization policies in Advanced Identity Cloud to control resource access and enable continuous contextual authorization.
Lesson 1: Controlling Access
Create security policies to control which users can access specific areas of the website:
- Describe entitlements with Advanced Identity Cloud authorization
- Define Advanced Identity Cloud policy components
- Define policy environment conditions and response attributes
- Process of Advanced Identity Cloud policy evaluation
- Implement access control on a website
Lesson 2: Checking Risk Continuously
Review the Advanced Identity Cloud tools used to check the risk level of requests continuously:
- Introduce continuous contextual authorization
- Describe step-up authentication
- Implement step-up authentication flow
- Describe transactional authorization
- Implement transactional authorization
- (Optional) Prevent users from bypassing the default journey
Chapter 3: Administering Managed Objects
Understand and configure Advanced Identity Cloud managed objects, their properties, and relationships to effectively model your identity data structures and implement delegated administration.
Lesson 1: Modeling an Identity Profile
Learn about the different object types in Advanced Identity Cloud, and how you can model a custom user profile onto an existing managed user object type in Advanced Identity Cloud:
- Review the Advanced Identity Cloud documentation
- Describe the different object types in Advanced Identity Cloud
- Map an identity object to a managed object
- Describe how to use placeholder attributes
- Model a managed user object in Advanced Identity Cloud
Lesson 2: Introducing Relationships
Describe relationships between managed objects:
- Describe the purpose of relationships
- Describe how relationships are stored in the schema
- Query an object relationship using the REST interface
Lesson 3: Managing Organizations
Set up managed organizations to delegate user administration based on the owner of hierarchical trees:
- Describe the roles and privileges within an organization
- Implement the organization example
Chapter 4: Administering Connectors, Synchronization, and Provisioning
Configure and manage connections between Advanced Identity Cloud and external resources to enable identity synchronization, reconciliation, and role-based provisioning.
Lesson 1: Connecting to External Resources Using Connectors
Describe the connectors supported in Advanced Identity Cloud, and how to create connector configurations to communicate with external resources:
- Describe how to connect external resources to Advanced Identity Cloud
- Configure communication between Advanced Identity Cloud and a remote connector server (RCS)
- Describe how to connect to external resources using ICF connectors
Lesson 2: Configuring Connectors Over the Identity Management Admin UI
- Describe the process for creating a connector configuration using the Identity Management admin UI
- Describe the object types and property mappings
- Add a connector configuration for an external LDAP resource
Lesson 3: Performing Basic Synchronization
Describe how to use the Identity Management admin UI to create synchronization mappings (sync mappings) to reconcile identities between Advanced Identity Cloud and an external resource:
- Describe how to create mappings to synchronize identity objects and properties
- Describe how to create a sync mapping from Advanced Identity Cloud to an external resource
- Describe how to add source and target properties to the sync mapping
- Describe how to add a correlation query and a situational event script
- Describe how to set the situational behaviors and run reconciliation
- Add a sync mapping from Advanced Identity Cloud to an LDAP server
- Describe the sync mapping from an LDAP server to Advanced Identity Cloud
- Add a sync mapping from an LDAP server to Advanced Identity Cloud
Lesson 4: Running Selective Synchronization and LiveSync
Filter objects that are synchronized and automate synchronization using LiveSync:
- Describe the different methods that you can use to filter entries
- Run selective synchronization using filters
- Describe how to use LiveSync to synchronize changes
- Trigger LiveSync on a connector
- Describe how to schedule LiveSync
- Schedule LiveSync with an external resource
Lesson 5: Configuring Role-Based Provisioning
Automatically provision users to a set of LDAP groups based on role membership:
- Describe how to provision attributes to a target system based on static role assignments
- Describe the steps to enable role-based provisioning
- Query the role assignment properties using the REST interface
- Provision attributes to a target resource based on static role assignments
- Describe how to provision attributes to a target system based on dynamic role assignments
- Provision attributes to a target resource based on dynamic role assignments
- Describe how to add temporal constraints to a role
- Add temporal constraints to a role
Chapter 5: Access Advanced Identity Cloud Over REST
Master the Advanced Identity Cloud REST interfaces to authenticate, query, and manage identity objects programmatically.
Lesson 1: Authenticating Over REST
Use Postman to access the Advanced Identity Cloud REST API and authenticate either using a simple (header-based) approach or a more complex approach, where the server may request additional information from the client using callback:
- Understand the REST authentication protocol
- Authenticate with REST
- Authenticate using header-based simple authentication
- Authenticate using callback-based complex authentication
Lesson 2: Querying Advanced Identity Cloud Objects Over REST
- Create security policies to control which users can access specific areas of the website:
- Describe how to query objects using the REST interface
- Describe how to use the Advanced Identity Cloud Postman collection
- Query Advanced Identity Cloud Identity objects using Postman
PingOne Advanced Identity CloudPingGateway
SDK-541-BVP Rev B
Developing Applications Using SDKs
This course is for students who want to learn how to use the SDKs to speed up the integration of JavaScript, Android, and iOS applications, within an access management solution. The course presents key use cases and features of the SDKs.
Note: Revision B of this course is based on version 7 of the Ping Identity Platform (Identity Platform), formerly known as ForgeRock® Identity Platform, and SDK 3.
Upon completion of this course, you should be able to:
- Introduce the SDKs, describe how they fit into the Identity Platform, and how they interact with PingAM, formerly known as ForgeRock® Access Management
- Present the centralized login flow, implement centralized login authentication, and observe device single sign-on (SSO)
- Present the Embedded Login flow and execute authentication, registration, and self-service journey
- Increase the security of your application and enhance the user experience with social authentication, passwordless biometric authentication, device profile and location collection and analysis, and multi-factor authentication (MFA) with one-time passwords (OTPs) and push authentication
The following are the prerequisites for successfully completing this course:
- Basic knowledge and skills using the Linux and Windows operating systems to complete labs
- Basic knowledge of HTTP and communications between clients and servers is critical to understanding the interaction between the SDKs and AM
- Basic knowledge of JSON, JavaScript, REST, and Java
- Good knowledge of either JavaScript, Android, or iOS application development
- Attendance on the PingAM Deep Dive (AM-410) course or equivalent knowledge
Chapter 1: Introducing the SDKs
Introduce the SDKs, describe how they fit into the Identity Platform, and how they interact with AM.
Lesson 1: The SDKs and Common Use Cases
Introduce the SDKs and common use cases:
Introduce the SDKs and common use cases:
- Describe the SDKs
- Explore the role of the SDKs through common use cases
- Technical overview of the SDKs
- Using SDK components
- Interaction between the SDKs and AM
Lesson 2: Mobile Development Environment and Project Quickstart for Android and iOS
Learn how to set up a development environment:
Learn how to set up a development environment:
- Preparing the server
- iOS Environment and Project Setup
- Android Environment and Project Setup
- JavaScript Environment and Project Setup
- Preface to the exercises
- Set up an iOS development environment
- Set up an Android development environment
- Set up a JavaScript development environment
Chapter 2: Authentication with Centralized Login
Present the centralized login flow, implement centralized login authentication, and observe device SSO.
Lesson 1: Authenticate With Centralized Login
- Learn how to use the SDKs with centralized login:
- Understand the login flow choices
- Implement centralized login on mobile
- Implement centralized login in JavaScript
- Authenticate with centralized login on iOS
- Authenticate with centralized login on Android
- Authenticate with centralized login in JavaScript
Lesson 2: (Optional) Observe SSO Between Mobile Apps
Learn how to implement SSO between mobile apps with centralized login:
Learn how to implement SSO between mobile apps with centralized login:
- SSO between mobile apps with centralized login
Chapter 3: Working with Embedded Login
Present the Embedded Login flow and execute authentication, registration, and self-service journeys
Lesson 1: Authenticate with Embedded Login
Learn how to use the SDKs with Embedded Login to authenticate:
Learn how to use the SDKs with Embedded Login to authenticate:
- Understand the APIs for Embedded Login
- Authenticate with embedded login on iOS
- Authenticate with embedded login on Android
- Authenticate with embedded login in JavaScript
Lesson 2: Follow Authentication Journeys
Learn how to follow authentication journeys:
Learn how to follow authentication journeys:
- Respond to Callbacks
- Respond to Stages
- Respond to stages on iOS
- Respond to stages on Android
- Respond to stages in JavaScript
- (Optional) Transactional authorization
Lesson 3: Registration and Self-Service Journeys
Learn how to follow registration and self-service journeys:
Learn how to follow registration and self-service journeys:
- Respond to registration or self-service journeys
- Implement self-service registration on iOS
- Implement self-service registration on Android
- Implement self-service registration in JavaScript
- Call other journeys / Intercept REST calls
- Implement self-service password change on iOS
- Implement self-service password change on Android
- Implement self-service password change in JavaScript
Lesson 4: Send and Process Verification Emails
Learn how to suspend journey processing and resume after the user followed the resume link sent in email:
- Suspend the journey and await the user following the resume link
- Suspend and resume authentication on iOS
- Suspend and resume authentication on Android
- Suspend and resume authentication in JavaScript
Chapter 4: Increasing Security and Enhancing User Experience
Increase the security of your application and enhance the user experience with social authentication, passwordless biometric authentication, device profile and location collection and analysis, and MFA with OTPs and push authentication.
Lesson 1: Authenticate with Social Login
Learn how to implement social authentication:
Learn how to implement social authentication:
- Implement social login
- Login with Google on iOS
- Login with Google on Android
- Login with Google in JavaScript
Lesson 2: Authenticate with WebAuthn and Biometrics
Learn how to implement biometric authentication on mobile:
Learn how to implement biometric authentication on mobile:
- Review WebAuthn concepts
- Implement biometric authentication on mobile
- Implement WebAuthn on iOS
- Implement WebAuthn on Android
- Implement web biometric authentication
- Implement WebAuthn in JavaScript
Lesson 3: Collect and Validate Device Profiles and Geolocation
Learn how to collect device profile data and geolocation for validation:
Learn how to collect device profile data and geolocation for validation:
- Configure a user journey to verify and save device profile data
- Device profile processing in the SDKs
- Collect device profile data on iOS
- Implement device profile collection on iOS
- Collect device profile data on Android
- Implement device profile collection on Android
- Collect device profile data in JavaScript
- Implement device profile collection in JavaScript
- Analyze device context
- Implement location-based security
- Collect location information on iOS, Android or in JavaScript
- Implement device tampering detection
- Customize what data is collected
- Check for device tampering and customize device profile collection on iOS
- Check for device tampering and customize device profile collection on Android
- Customize device profile collection in JavaScript
Lesson 4: MFA with Push and OATH on Mobile
Learn how to provide MFA with Push Authentication and Soft Token:
Learn how to provide MFA with Push Authentication and Soft Token:
- Integrate the ForgeRock Authenticator Module in a mobile app
- Examine using the Authenticator Module on iOS
- Examine using the Authenticator Module on Android
ForgeRock Identity PlatformPingAM
P1-400-BVP Rev A.1
PingOne Administration
This course gives learners the tools to get started with PingOne administration. It covers initial setup tasks, including creating and managing PingOne environments, application integration, and customization. This course also provides information on most common administration tasks, including user and group management, managing access policies, best practices, and troubleshooting of common issues.
Upon completion of this course, you should be able to:
- Summarize PingOne capabilities and key features, describe PingOne support resources, and create a new PingOne environment
- Demonstrate administration of PingOne user populations, user roles, attributes, and groups
- Demonstrate integration and troubleshooting of PingOne applications
- Demonstrate how to use access control policies within PingOne
- Describe how to manage the process of establishing a person’s identity and then using this identity in later transactions within PingOne
- Demonstrate troubleshooting techniques and best practices within PingOne
The following are the prerequisites for successfully completing this course:
- Completion of the following courses available at: https://backstage.forgerock.com/university/ping/on-demand/category/PING
- PingOne Fundamentals
- Introduction to PingOne MFA
- Getting Started With PingOne MFA
- Getting Started With PingOne SSO
- (Optional) Introduction to PingOne DaVinci
Chapter 1: Introducing PingOne
Summarize PingOne capabilities and key features, describe PingOne support resources, and create a new PingOne environment.
Lesson 1: Providing an Overview of PingOne
Summarize PingOne capabilities and key features:
- Describe PingOne as a cloud-based IDaaS solution
- Describe PingOne environment solutions
- Create a new environment
Lesson 2: Introducing Ping Identity Support Resources
Describe PingOne support resources:
- Locate Ping Identity support resources
Chapter 2: Managing Users
Demonstrate administration of PingOne user populations, user roles, attributes, and groups.
Lesson 1: Managing Users and Populations
Describe how to manage users in PingOne, including how to create populations and add individual users:
- Review default users
- Edit default users
- Create populations
- Create a new population
- Create new users
- Create a new user
Lesson 2: Managing User Roles, Attributes, and Groups
Create a new population and new users:
- Manage administrator roles
- Assign roles to administrators
- Understand user attributes
- Manage user attributes
- Manage user groups
- Manage user group memberships
Chapter 3: Defining Application Integration
Demonstrate integration and troubleshooting of PingOne applications
Lesson 1: Describing the Supported Federation Protocols
Understand the various identity federation protocols used within PingOne:
- Understand federation protocols
- Add an application from the catalog
- Understand SAML2
- Add a custom SAML2 application
- Understand OAuth2
- Understand OIDC
- Add a custom OIDC application
- Administer the Application Portal
Lesson 2: Troubleshooting Common PingOne Issues
Describe common issues that occur in PingOne, troubleshooting steps, and best practices:
- Describe authentication failures
- Define SSO failures
- Describe attribute mapping errors
- Determine certificate issues
- Define group membership issues
- Describe application integration issues
- Define gateway access issues
- Describe best practices
Chapter 4: Configuring Access Control
Demonstrate how to use access control policies within PingOne.
Lesson 1: Managing Authentication Policies
Describe how to create and manage authentication policies in PingOne:
- Describe authentication policies
- Create an authentication policy
Lesson 2: Managing Password Policies
Describe how to manage password policies in PingOne:
- Define password policies
- Edit a password policy
Lesson 3: Using Additional Authentication Methods
Describe how to create and manage authentication methods used in PingOne policies:
- Describe MFA and FIDO policies
- Create an MFA policy
- Create a FIDO policy
Chapter 5: Managing the Identity Lifecycle
Describe how to manage the process of establishing a person’s identity and then using this identity in later transactions within PingOne.
Lesson 1: Managing User Onboarding
Discuss the initial stages of the identity lifecycle within PingOne, and describe how new user accounts are created and made ready for access:
- Onboard users
- Create users manually
Lesson 2: Understanding User Provisioning
Explain how PingOne automates the management of user access to applications, building upon the user identities created during onboarding:
- Provision users
Lesson 3: Understanding User Maintenance
Describe how to manage the user maintenance capabilities in PingOne:
- Administer user accounts
- Manage a user account
Lesson 4: Managing User Offboarding
Understand the critical process of user offboarding within PingOne:
- Offboard users
Lesson 5: Monitoring and Reporting
Explain the importance of monitoring and reporting within PingOne:
- Monitor activity and view reports
Chapter 6: Troubleshooting and Best Practices
Demonstrate troubleshooting techniques and best practices within PingOne.
Lesson 1: Managing the Troubleshooting Process
Summarize the troubleshooting process and common techniques within PingOne:
- Introduce the troubleshooting process
- Understand common troubleshooting techniques
Lesson 2: Reviewing Best Practices
Summarize PingOne administration best practices:
- Maintain a healthy PingOne environment
PingOnePingOne MFAPingOne DaVinci
AIC-CERT-PREP Rev A.1
Certified Professional - PingOne Advanced Identity Cloud Exam Preparation
This course helps prepare students to take the Certified Professional - PingOne Advanced Identity Cloud exam, formerly known as the ForgeRock® Identity Cloud Certified Professional exam. This is accomplished by presenting students with information concerning exam contents, logistics, tips for preparing to take the exam, lab exercises to cover exam contents, and a sample exam that is representative of the exam, itself.
Upon completion of this course, you should be able to:
- Register to take the exam
- Prepare for the exam using recommended study materials
- Take the exam either remotely or at a Pearson Testing Center
The following are the prerequisites for successfully completing this course:
- Successful completion of the AIC-300 Getting Started With PingOne Advanced Identity Cloud for Administrators course
- Thorough understanding of all PingOne Advanced Identity Cloud documentation and Knowledge Base articles on Backstage
- 3-6 months of experience configuring and administering PingOne Identity tenants
- Working knowledge of OAuth 2.0, OpenID Connect and SAML v2.0
Course Contents
Exam Overview
- Explain exam metrics and passing scores
- Provide an approach for responding to test questions
- Identify options for registering and taking the exam
- Describe testing center requirements
- Describe requirements for taking the exam online
- Show how to access exam results
Exam Details
- Review the exam details and requirements
- Explain exam topics and study areas
- Present the objectives covered in the exam
- Review important concepts associated with exam objectives
- Review sample questions associated with objectives
- Provide applicable materials for review
Lab Exercises
- Research topics which will be covered in the exam
- Navigate the PingOne Advanced Identity Cloud admin UI
- Describe PingOne Advanced Identity Cloud configuration settings
- Explain how to perform PingOne Advanced Identity Cloud related tasks
- Configure PingOne Advanced Identity Cloud related services
Sample Exam
- Test a student’s knowledge of PingOne Advanced Identity Cloud
- Provide students with a representative exam experience
PingOne Advanced Identity Cloud