Unlock your full potential in IAM

This is Identitrain

Master Identity and Access Management with world-class training designed by experts who live it every day.

Led by practitioners, not theorists, our training gives you the skills to design, implement, and secure identity solutions that protect what matters most.

Choose Your Path to IAM Mastery

Whether you’re starting your IAM journey or advancing toward certification, our structured learning paths guide you every step of the way. Select from Identity Management, Access Management, Governance, or Best Practices tracks designed to match your role and goals.

Explore Our Learning Paths

Built for Every IAM Professional

From architects and developers to project managers and business leaders, Identitrain delivers training that fits your role. Whether you’re designing IAM strategies, building integrations, or leading transformation projects, we’ve got a path for you.

See Our Classes

Training Designed by Practitioners, Proven in the Field

Our instructors bring years of real-world IAM experience into the classroom. We blend vendor-agnostic fundamentals with deep expertise in leading platforms like Ping, SailPoint, Okta, and beyond. Every course is modular, lab-focused, and designed to give you actionable skills you can immediately put to use!

Meet Our Instructors

Join a Growing Community of IAM Experts

Training doesn’t end with the last session. Graduates join our global practitioner network, gaining access to peer discussions, expert webinars, alumni resources, and exclusive discounts. Learn, connect, and grow alongside IAM professionals worldwide.

Get Connected!

Upcoming
Courses

PFAA-400-BVP Rev A

PingFederate Advanced Administration

This course steps the learner through various advanced PingFederate administration topics, such as configuring memory options for PingFederate, logging to a database server, configuring certificate revocation checking and certificate rotation, configuring self-service features of the HTML Form Adapter, identity provider (IdP) to service provider (SP) bridging, clustering with dynamic discovery, and more.

The following are the prerequisites for successfully completing this course:

Completion of the PingFederate Administration course, or
Equivalent experience with PingFederate

Day 1: Course Introduction

Server Administration
Configuring JVM memory options
Configuring virtual host names
Certificate based console administration
Lab 1: Configuring OIDC-based console single sign-on (SSO)

PingFederate logging

Customizing audit logs
The log4j2.xml file
Logging to an external database
Lab 2: Logging with PingFederate
Certificates
Certificate revocation checking
Certificate rotation

Day 2:

HTML Form Adapter Self-Service Features
- Password spray and account lockout prevention
- Self-service password change
- Self-service password reset
- Self-service username recovery
- Lab 3: HTML Form Adapter self-service options
HTML Form Adapter Self-Registration
- Customer IAM with local identity profiles
- Self-registration with local identity profiles
- Self-registration using third-party IdPs
- Lab 4: HTML Form Adapter customer registration
Advanced Attribute Mapping
- Using multiple datastores
- Using REST API as a datastore
- Extended properties
- PingDirectory virtual attributes
SSO Connections
- Customizing SSO URLs
- SP target URL mapping
- IdP-to-SP bridging
- Session management
- Lab 5: SSO connections

Day 3:

Federation Hub
- Bridging an IdP to an SP
- Bridging an IdP to multiple SPs
- Bridging multiple IdPs to an SP
- Bridging multiple IdPs to multiple SPs
OAuth2 and OIDC
- Dynamic client registration
- Using directories for persistent grant storage
- Creating and managing OIDC profiles
- Lab 6: Configuring OIDC profiles
Clustering
- Cluster protocol architecture
- Runtime state management architecture
- Adaptive clustering
- Directed clustering
- Dynamic discovery
- Cluster replication
- Lab 7: Clustering
Troubleshooting
- SSO issues
- OAuth2 issues
- Certificate issues

Mar 25

3 days

More information

AIC-330-BVP Rev A

Getting Started With PingOne Advanced Identity Cloud for Administrators

This course shows students how to administer PingOne Advanced Identity Cloud (Advanced Identity Cloud), formerly known as ForgeRock® Identity Cloud. This is achieved through the various online resources available to them, to a fully functional hands-on development environment, where they learn how to administer Advanced Identity Cloud in a training environment. Students are provided with a live Advanced Identity Cloud environment, where they learn the concepts and tasks necessary to successfully manage identities, applications, user journeys, and tenant configuration in their own Advanced Identity Cloud.

Upon completion of this course, you should be able to:

Describe how to access an Advanced Identity Cloud tenant as an administrator and understand UI integration options
Manage identities with the Advanced Identity Cloud admin UI and implement delegated administration to manage organizations and reset user passwords
Manage journeys, email templates used in journeys, and authentication sessions as an Advanced Identity Cloud administrator
Understand the use of Applications, synchronize identities between Advanced Identity Cloud and external applications, and explore how Identity Gateway can protect web applications when it is integrated with Advanced Identity Cloud
Manage the configuration, monitor tenant activities, and perform common administration tasks for Advanced Identity Cloud tenants

The following are the prerequisites for successfully completing this course:

Completion of the Product Essentials courses available at: https://backstage.forgerock.com/university/cloud-learning
Introduction to PingAM
PingIDM Essentials
PingGateway Essentials
Introduction to PingDS

Chapter 1: Accessing Advanced Identity Cloud

Describe how to access an Advanced Identity Cloud tenant as an administrator and understand UI integration options.

Lesson 1: Managing Administrators
Invite additional administrators using the Advanced Identity Cloud admin UI, which is an administrative interface to manage your tenant settings:

Introduce the Advanced Identity Cloud admin UI
Manage administrators
Invite an administrator

Lesson 2: Introducing UI Integration
Understand UI integration options:

Explain UI integration options
Configure themes for the Alpha and Bravo realms

Chapter 2: Administering Identities

Manage identities with the Advanced Identity Cloud admin UI and implement delegated administration to manage organizations and reset user passwords.

Lesson 1: Managing Identities
Manage user identities:

Introduce managed objects
Manage a user profile

Lesson 2: Adding Identities With Bulk Import
Bulk import user identities from a CSV file to add test users to your tenant:

Describe bulk import
Import test users

Lesson 3: Managing Organizations
Explain how an organization hierarchical structure can be used to model a brand hierarchy to control access to business applications:

Describe roles and privileges within an organization
Implement delegated administration for an organization model

Lesson 4: Delegating User Management
Explain how to delegate administration privileges to managed users:

Delegate administration privileges
Delegate password reset

Chapter 3: Managing User Journeys

Manage journeys, email templates used in journeys, and authentication sessions as an Advanced Identity Cloud administrator.

Lesson 1: Managing Journeys
Understand how journeys are used with Advanced Identity Cloud and how to import, export, and debug journeys:

Introduce journeys
Modify journeys
Describe how to export and import journeys
Export and import journeys
Describe how to debug a journey
Enable debug mode on a user journey

Lesson 2: Managing Server-Side Sessions
Understand how authentication sessions are used with Advanced Identity Cloud and how to invalidate server-side sessions:

Describe server-side sessions
Invalidate server-side sessions

Lesson 3: Configuring Email Templates
Understand the use of email templates in a journey flow:

Explore email templates and nodes
Configure email templates
Use email templates in user journeys

Chapter 4: Integrating With Advanced Identity Cloud

Understand the use of Applications, synchronize identities between Advanced Identity Cloud and external applications, and explore how PingGateway can protect web applications when it is integrated with Advanced Identity Cloud.

Lesson 1: Defining Applications
Describe the role of an application in Advanced Identity Cloud:

Introduce applications
Register a Bookmark app

Lesson 2: Synchronizing Identities
Connect to external resources using a Remote Connector Server (RCS), and synchronize identities between Advanced Identity Cloud and on-prem resources:

Explain how to connect to external resources
Configure an RCS cluster
Configure debug logging
Add an authoritative application
Explain synchronization
Create inbound mappings and run reconciliation
Synchronize passwords
Create a target Application with outbound mappings

Lesson 3: Protecting Web Resources
Demonstrate how PingGateway can protect a web application when it is integrated with Advanced Identity Cloud:

Introduce PingGateway
Integrate PingGateway with Advanced Identity Cloud
Integrate the PingGateway sample application with Advanced Identity Cloud

Chapter 5: Administering Your Tenant

Manage the configuration, monitor tenant activities, and perform common administration tasks for Advanced Identity Cloud tenants.

Lesson 1: Managing the Configuration
Explain how to create service accounts to use the REST API endpoints, create a baseline configuration repository for developers, manage ESVs, and understand the promotion process:

Introduce Service Accounts
Create and manage a service account
Introduce the Advanced Identity Cloud REST API
Display Advanced Identity Cloud identities using the REST API
Introduce configuration management
Create a baseline configuration repository
Describe how to manage ESVs
Create and call ESV variables
Promote your configuration

Lesson 2: Monitoring Tenant Activities
Explore and retrieve log data using the REST API and the Frodo CLI, monitor tenant activities, and visualize monitoring metrics using Prometheus and Grafana:

Explore Logs
Retrieve log data using the REST API
Retrieve log data using the Frodo CLI
Monitor your tenant
Monitor tenant health and visualize monitoring metrics
Explore the Advanced Identity Cloud analytics dashboard

Lesson 3: Managing Password Policies
Explain how an Advanced Identity Cloud administrator manages realm password policies:

Manage realm password policies
Configure password policies

Lesson 4: Additional Administration Tasks
Understand additional tasks that an Advanced Identity Cloud administrator should be aware of:

Introduce outbound static IP addresses
View outbound static IP addresses
Manage tenant certificates
Add a custom domain name

Mar 25

3 days

More information

PF-300-BVP Rev A

PingFederate Administration

This course implements various use cases with PingFederate and introduces industry concepts such as federation, SAML, and OAuth. The course also includes PingFederate-specific topics such as integration kits, adapters, SSO connections, and OAuth configuration. Hands-on exercises allow the participants to have first-hand experience in configuring PingFederate, establishing a web SSO connection and OAuth clients, and doing some basic troubleshooting.

The following are the prerequisites for successfully completing this course:

Completion of the Getting Started With PingFederate course available at:
- https://backstage.forgerock.com/university/ping/on-demand/category/PING

Day 1: Background of Federation Web SSO and Core Product

Introduction to identity federation
Introduction to integration kits
Configuring SP and IdP adapters and password credential validators
- Lab 1: HTML Form Adapter and Reference ID adapter configuration
Introduction to SAML
Configuring IdP and SP SSO connection
- Lab 2: Creating connections for IdP and SP web SSO
Server logs

Lab 3: Review the server logs to follow and SSO transaction

Day 2: Further Integration and PingFederate Functionality

Attribute mapping and data source
- Lab 4: Mapping attributes from external sources
- Lab 5: Using an external source for authentication
Introduction to authentication policies
- Lab 6: Creating authentication selectors, policy contracts, and authentication policies
- Lab 7: Tracing SSO transactions in the PingFederate logs

Day 3: OAuth2 and Advanced Administration

Introduction to OAuth2
OAuth2 scopes and access tokens
- Lab 8: Configuring OAuth2 grants (including token validation, authorization code)
- Lab 9: Create an OAuth client for client Credentials grant type
- Lab 10: Create an OAuth client for a resource server
- Lab 11: Create an OAuth client for authorization grant type
Introduction to OIDC
PingFederate administrative API
- Lab 12: Using the admin API
Server Administration
Deployment scenarios and clustering
- Lab 13 (optional): Configuring a cluster

Mar 30

3 days

More information

AM-410-BVP Rev B.1

PingAM Deep Dive

The aim of this course is to showcase the key features and capabilities of the versatile and powerful PingAM (AM), formerly known as ForgeRock® Access Management. It provides the student with the knowledge and confidence to manage their own environment. It is accepted that this course is not able to demonstrate all the features and capabilities of AM. Further information and guidance can be found in the documentation and knowledge base in the online repositories at: Backstage https://backstage.forgerock.com.

Note: This course revision is based on version 7 of AM.

Upon completion of this course, you should be able to:

Start with an unprotected website and end up with a fully functional access management solution where every user trying to access the website is redirected to AM for authentication
Improve access management security in AM with multi-factor authentication (MFA), context-based risk analysis, and continuous risk checking
Implement OAuth 2.0 (OAuth2) based protocols; namely, OAuth2 and OpenID Connect 1.0 (OIDC), to enable low-level devices and mobile applications to make requests that access resources belonging to a subscriber. AM can be configured to function as an OIDC client and delegate authentication to social media OIDC providers
Demonstrate federation across entities using SAML v2.0 (SAML2) with AM
Install a new AM instance configured with external directory server data stores as the foundation for an AM cluster

The following are the prerequisites for successfully completing this course:

Completion of the PingAM Essentials course available at: https://backstage.forgerock.com/university/forgerock/on-demand/path/TGVhcm5pbmdQYXRoOjI%3D/chapter/Q291cnNlOjE1NzIy
Knowledge of UNIX/Linux commands
An understanding of HTTP and web applications
A basic understanding of how directory servers function
A basic understanding of REST
A basic knowledge of Java based environments would be beneficial, but no programming experience is required

Chapter 1: Enhancing Intelligent Access

Start with an unprotected website and end up with a fully functional access management solution where every user trying to access the website is redirected to AM for authentication.

Lesson 1: Exploring Authentication Mechanisms
Explore the AM admin UI, view the role of cookies used during and after authentication, and describe authentication trees and nodes:

Introduce AM authentication
Understand realms
Describe authentication life cycle
Explain sessions
Examine session cookies
Access the lab environment
Examine an initial AM installation
Configure a realm and examine AM default authentication
Experiment with session cookies
Describe the authentication mechanisms of AM
Create and manage trees
Explore tree nodes
Create a login tree
Test the login tree

Lesson 2: Protecting a Website With PingGateway
Show how PingGateway, formerly known as ForgeRock® Identity Gateway, integrated with AM, can protect a website:

Present AM edge clients
Describe PingGateway functionality as an edge client
Review the FEC website protected by PingGateway
Integrate the FEC website with AM
Observe the PingGateway token cookie
(Optional) Review PingGateway configuration
Authenticate identities with AM
Create an authentication tree with an LDAP Decision node
Integrate identities in AM with an identity store
Integrate an identity store with AM

Lesson 3: Controlling Access
Create security policies to control which users can access specific areas of the website:

Describe entitlements with AM authorization
Define AM policy components
Define policy environment conditions and response attributes
Describe the process of policy evaluation
Implement access control on a website

Chapter 2: Improving Access Management Security

Improve access management security in AM with MFA, context-based risk analysis, and continuous risk checking.

Lesson 1: Increasing Authentication Security
Increase authentication security using MFA:

Describe MFA
Register a device
Include recovery codes
Examine OATH authentication
Implement time-based one-time password (TOTP) authentication
(Optional) Implement HMAC-based one-time password (HOTP) authentication
Examine Push notification authentication
(Optional) Implement Push notification authentication
Implement passwordless WebAuthn
(Optional) Implement passwordless WebAuthn
Examine HOTP authentication using email or SMS
(Optional) Implement HOTP authentication using email or SMS

Lesson 2: Modifying a User’s Authentication Experience Based on Context
Describe how AM can take into account the context of an authentication request in order to make access decisions:

Introduce context-based risk analysis
Describe device profile nodes
Determine the risk based on the context
Implement a browser context change script
Lock and unlock accounts
Implement account lockout

Lesson 3: Checking Risk Continuously
Review the AM tools used to check the risk level of requests continuously:

Introduce continuous contextual authorization
Describe step-up authentication
Implement step-up authentication flow
Describe transactional authorization
Implement transactional authorization
Prevent users from bypassing the default tree

Chapter 3: Extending Services Using OAuth2-Based Protocols

Implement OAuth2 based protocols; namely, OAuth2 and OIDC, to enable low-level devices and mobile applications to make requests that access resources belonging to a subscriber. AM can be configured to function as an OIDC client and delegate authentication to social media OIDC providers.

Lesson 1: Integrating Applications With OAuth2
Integrate clients using OAuth2 by demonstrating the use of the OAuth2 Device Code grant type flow with AM configured as the OAuth2 authorization server (AS):

Discuss OAuth2 concepts
Describe OAuth2 tokens and codes
Describe refresh tokens, macaroons, and token modification
Request OAuth2 access tokens with OAuth2 grant types
Explain OAuth2 scopes and consent
Configure OAuth2 in AM
Configure AM as an OAuth2 provider
Configure AM with an OAuth2 client
Test the OAuth2 Device Code grant type flow

Lesson 2: Integrating Applications With OIDC
Integrate an application using OIDC and the Authorization grant type flow with AM as an OIDC provider:

Introduce OIDC
Describe OIDC tokens
Explain OIDC scopes and claims
List OIDC grant types
Create and use an OIDC script
Create an OIDC claims script
Register an OIDC client and configure the OAuth2 Provider settings
Test the OIDC Authorization Code grant type flow

Lesson 3: Authenticating OAuth2 Clients and using mTLS in OAuth2 for PoP
Authenticate OAuth2 clients with AM using various approaches and obtain certificate-bound access tokens using mutual TLS (mTLS) to provide token proof-of-possession (PoP):

Examine OAuth2 client authentication
Examine OAuth2 client authentication using JWT profiles
Examine OAuth2 client authentication using mTLS
Authenticate an OAuth2 client using mTLS
Examine certificate-bound PoP when mTLS is configured
Obtain a certificate-bound access token

Lesson 4: Transforming OAuth2 Tokens
Request and obtain security tokens from an OAuth2 authorization server, including security tokens that employ impersonation and delegation semantics:

Describe OAuth2 token exchange
Explain token exchange types and purpose for exchange
Describe token scopes and claims
Implement a token exchange impersonation pattern
Implement a token exchange delegation pattern
Configure token exchange in AM
Configure AM for token exchange
Test token exchange flows

Lesson 5: (Optional) Implementing Social Authentication
Provide a way for users to register and authenticate to AM using a social account:

Delegate registration and authentication to social media providers
Implement social registration and authentication with Google

Chapter 4: Federating Across Entities Using SAML2

Demonstrate federation across entities using SAML2 with AM.

Lesson 1: Implementing SSO Using SAML2
Demonstrate single sign-on (SSO) functionality across organizational boundaries:

Discuss SAML2 entities and profiles
Explain the SAML2 flow from the identity provider (IdP) point of view
Examine SSO across SPs
Configure AM as an IdP and integrate with third-party service providers (SPs)
Examine SSO between an SP and IdP and across SPs

Lesson 2: Delegating Authentication Using SAML2
Delegate authentication to a third-party IdP using SAML2 and examine the metadata:

Explain the SSO flow from the SP point of view
Describe the metadata content and purpose
Configure AM as a SAML2 SP and integrate with a third-party IdP

Chapter 5: Installing and Deploying AM

Install a new AM instance configured with external directory server data stores as the foundation for an AM cluster, modify the AM configuration to harden security, upgrade an AM instance to a new version, and deploy the Ping Identity Platform, formerly known as the ForgeRock® Identity Platform, to the Google Cloud Platform (GCP).

Lesson 1: Installing and Upgrading AM
Install AM using interactive and command-line methods creating the foundations for a cluster topology, and upgrade an AM 7.0.1 instance to AM 7.3:

Plan deployment configurations
Prepare before installing AM
Deploy AM
Outline tasks and methods to install AM
Install AM with the web wizard
Install an AM instance with the web wizard
Install AM and manage configuration with Amster
Install Amster
Describe the AM bootstrap process
Upgrade an AM instance
Upgrade AM with the web wizard
(Optional) Upgrade AM with the configuration tool

Lesson 2: Hardening AM Security
Explore a few default configuration and security settings that need to be modified before migrating to a production-ready solution:

Harden AM security
Adjust default settings
Harden AM security
Describe secrets, certificates, and keys
Describe keystores and secret stores
Manage the AM keystore, aliases, and passwords
Configure and manage secret stores
Configure an HSM secret store to sign OIDC ID tokens
Describe the monitoring tools
Describe the audit logging
Describe debug logging
Capture troubleshooting information
Capture troubleshooting information

Lesson 3: Clustering AM
Create an AM cluster with a second AM instance added to the first AM instance that has already been installed:

Explore high availability solutions
Scale AM deployments
Describe AM cluster concepts
Create an AM cluster
Prepare the initial AM cluster
Install another AM server in the cluster
Test AM cluster failover scenarios
(Optional) Modify the cluster to use client-side sessions

Lesson 4: Deploying the Identity Platform to the Cloud
Deploy the Identity Platform into a cluster in a Google Kubernetes Environment (GKE):

Describe the Identity Platform
Prepare your deployment environment
Deploy and access the Identity Platform
Access and authenticate your GCP account
Prepare to deploy the Identity Platform
Deploy the Identity Platform with the Cloud Development Kit (CDK)
Remove the Identity Platform deployment

Apr 6

5 days

More information

PD-400-BVP Rev A.1

PingDirectory Administration

This course provides the knowledge you need to install and administer each component of the PingDirectory platform which includes: PingDirectory server, PingDirectoryProxy server, PingDataSync server, the PingData Software Development Kit (SDK), and Delegated User Administration. This course references real-world scenarios driven by recurring use cases. You learn how to install each PingDirectory platform component, perform basic maintenance, using the monitoring and troubleshooting tools. While, hands-on lab exercises provide the first-hand experience installing, configuring, tuning, and using the troubleshooting tools

This course is built on version 10.

Upon completion of this course, you should be able to:

Describe the PingDirectory capabilities and key features, summarize the installation procedures, and review the initial configuration tasks
Deploy, fine tune, and configure the PingDirectory server to meet the needs of your production environment
Describe how to install and manage the PingDirectoryProxy server
Describe the functions provided by the PingDataSync server, and how to install, configure, and synchronize the PingDataSync server
Describe common maintenance and necessary troubleshooting tasks needed to optimize PingDirectory performance.

The following are the prerequisites for successfully completing this course:

Knowledge of UNIX/Linux commands.
A basic understanding of how directory servers function.
A basic understanding of REST and HTTP.
A basic knowledge of Java based environments would be beneficial, but no programming experience is required.
Completion of the Introduction to PingDirectory available at: https://backstage.pingidentity.com/university/

Chapter 1: Installing PingDirectory

Describe the PingDirectory capabilities and key features, summarize the installation procedures, and review the initial configuration tasks.

Lesson 1: Providing an Overview of PingDirectory

Describe the capabilities and key features of PingDirectory:

Describe the key features of PingDirectory

Lesson 2: Installing the PingDirectory Server

Summarize the PingDirectory server installation procedures:

Perform pre-installation procedures
Install PingDirectory
Describe post-installation procedures

Lesson 3: Completing Initial Configuration

Complete the PingDirectory server initial configuration settings:

Use server profiles
(Optional) Install PingDirectory

Chapter 2: Deploying PingDirectory

Deploy, fine tune, and configure the PingDirectory server to meet the needs of your production environment.

Lesson 1: Managing the Schema

Describe the functions of the schema, and modify the schema by creating new attribute types, object classes, and a new custom user:

Describe the schema
Modify the schema
Modify the schema
Modify object classes
Create auxiliary object classes
Load custom schema elements

Lesson 2: Managing Objects

Define objects in LDAP and use the command-line tools to search, add, modify, and delete entries:

Search entries
Manage entries
Create objects

Lesson 3: Using Security and Encryption

Describe the basic vulnerabilities in LDAP server implementations, secure server data, use the encryption-settings tool to create an encryption settings database, and create sensitive attributes:

Prevent data vulnerability
Keep data secure
Configure encryption settings

Lesson 4: Using Virtual Attributes

Define virtual attributes and their use, recall the virtual attribute types, and create mirrored virtual attributes:

Define virtual attributes
Administer virtual attributes

Lesson 5: Managing Password Policies

Describe how to use password policies, and then create and assign password policies to individual accounts and/or user groups:

Describe password policies
Create a password policy

Lesson 6: Administering JSON Attributes

Describe how to manage and create JSON attributes:

Manage JSON attributes
Create JSON attributes
Manage the Password Policy State JSON
Administer JSON Attributes

Lesson 7: Managing the REST APIs

Describe the available REST APIs, list the HTTP methods available, and use the Directory REST API to create and update user entries:

Understand the Rest APIs
Use the SCIM 2.0 REST API
Administer the Directory REST API

Lesson 8: Managing Logging

List the three types of available log publishers, describe the elements of the log format, and create log publishers:

Manage log publishers
Configure logging
Create a log publisher

Lesson 9: Managing Replication

Define the replication process and architecture, set up a server topology, enable the replication process, and initialize new replicas:

Understand replication
Enable replication
Resolve conflicts
Understand the replication protocol
Use replication over WAN
Plan deployment
Configure replication
Scale replication
Enable the replication process

Lesson 10: Managing Server Topologies

Discuss the topology registry, create server groups to aid in configuration changes, and compare configurations on separate directory servers:

Define the topology registry
Administer the server topology

Chapter 3: Administering the PingDirectoryProxy Server

Describe how to install and manage the PingDirectoryProxy server.

Lesson 1: Providing an Overview of the PingDirectoryProxy Server

Describe the capabilities and key features of the PingDirectoryProxy server:

Describe the key features

Lesson 2: Installing the PingDirectoryProxy Server

Describe how to install the PingDirectoryProxy server:

Describe the installation process
Install the PingDirectoryProxy server
Lesson 3: Managing the PingDirectoryProxy Server
Describe the key advanced PingDirectoryProxy server transformation features:
Describe the proxy transformations
Understand entry balancing
Create transformations

Chapter 4: Administering the PingDataSync Server

Describe the functions provided by the PingDataSync server, and how to install, configure, and synchronize the PingDataSync server.

Lesson 1: Providing an Overview of PingDataSync

Describe the capabilities and key features of the PingDataSync server:

Describe the key features

Lesson 2: Installing the PingDataSync Server

Summarize the PingDataSync server installation procedures:

Install the PingDataSync server
Use the start, stop, and restart commands
Describe the failover server
Install the failover server
Install the PingDataSync server

Lesson 3: Configuring the PingDataSync Server

Define and install the PingDataSync server components:

Define Sync Pipe components
Create the synchronization flow
Use the retry mechanism
Configure the PingDataSync server
Configure and synchronize the PingDataSync server

Lesson 4: Synchronizing the PingDataSync Server

Describe the features needed, in a relational database and AD, to allow synchronization through the PingDataSync serve:

Synchronize with a relational database
Synchronize with AD

Chapter 5: Troubleshooting and Maintenance

Describe common maintenance and necessary troubleshooting tasks needed to optimize PingDirectory performance.

Lesson 1: Providing an Overview of the Server SDK

Provide an overview of the Server SDK:

Describe the key features of the Server SDK

Lesson 2: Maintaining the PingDirectory Server

Summarize common PingDirectory maintenance tasks:

Use the start, stop, and restart server commands
Understand common maintenance tasks
Perform maintenance tasks
Understand Delegated Admin
Configure Delegated Admin
Administer Delegated Admin
Understand data recovery
Perform data recovery

Lesson 3: Monitoring a PingDirectory Deployment

Explain how monitoring is a vital part of a PingDirectory deployment:

Monitor the PingDirectory server

Lesson 4: Troubleshooting the PingDirectory server

Provide information about available troubleshooting tools and log files to help ensure the resolution of any problems:

Understand how to troubleshoot issues
Repair a conflict resolution
Use troubleshooting tools

Apr 7

3 days

More information

PA-400 BVP Rev A

PingAccess Administration

This course provides the information you need to set up and configure PingAccess as a policy server to protect both web applications and APIs. After completing this course, you will know how to configure PingAccess in both a gateway and agent model, and configure different types of policies that PingAccess offers.

Upon completion of this course, you should be able to:

Discover how to configure PingAccess as a reverse proxy, and connect PingAccess to a token provider (PingFederate)
Configure PingAccess as a Reverse Proxy
Configure policies in PingAccess to further bolster administration capabilities

The following are the prerequisites for successfully completing this course:

Completion of the following courses:https://backstage.pingidentity.com/university/on-demand/category/PING
Introduction to PingAccess
Getting Started With PingAccess
Introduction to PingFederate
Getting Started With PingFederate

Chapter 1: Configuring and Connecting PingAccess

Discover how to configure PingAccess as a reverse proxy, and connect PingAccess to a token provider (PingFederate).

Lesson 1: Configuring PingAccess as a Reverse Proxy (Gateway Model)

Describe how to configure PingAccess as a reverse proxy (gateway model):

Introduce the gateway model
Enable PingAccess as a reverse proxy
Configure PingAccess resources and rewrite rules

Lesson 2: Connecting PingAccess to a Token Provider (PingFederate)

Describe the responsibilities of token providers and how to configure PingAccess to use PingFederate as a token provider:

Introduce token providers
Configure OAuth2 in PingFederate
Configure PingAccess using the gateway model

Chapter 2: Configuring PingAccess Applications, Agents, and Sites

Configure PingAccess as a Reverse Proxy.

Lesson 1: Protecting Web Apps

Describe how to protect web apps by configuring them with PingAccess and OpenID Connect (OIDC):

Define the OIDC protocol
Introduce web sessions
Create a web session using OIDC claims

Lesson 2: Working With Sites

Create identity mappings and advanced web session:

Create identity mappings and advanced web sessions

Lesson 3: Working With Rules and Policies

Describe how to work with rules and policies within PingAccess:

Describe the rules and policies process
Create web access rules
Create API access control rules

Chapter 3: Configuring Policies and Administration

Configure policies in PingAccess to further bolster administration capabilities.

Lesson 1: Maintaining PingAccess Discuss how to maintain PingAccess through resources, audit logs, and redirection:

Dive deeper into resources
Examine audit logs
Manage redirection

Lesson 2: Configuring PingAccess as a Policy Server (Agent Model)

Configure PIngAccess to be a policy server by implementing the agent model:

Introduce the agent model

Lesson 3: Optimizing and Configuring PingAccess

Optimize PingAccess through configuration, single sign-on (SSO), and the admin API:

Implement improvements
Enable PingAccess administrator SSO
Use the PingAccess administrative API
Increase the JVM Heap Size

Lesson 4: Creating PingAccess Clusters

Create PingAccess clusters to increase resilience and simplify procedures:

Deploy clustersConfigure simple clusters in PingAccess (Optional)

Apr 8

2 days

More information

Unlock your full potential in IAM

This is Identitrain

Choose Your Path to IAM Mastery

Built for Every IAM Professional

Training Designed by Practitioners, Proven in the Field

Join a Growing Community of IAM Experts

Upcoming Courses

PingFederate Advanced Administration

Getting Started With PingOne Advanced Identity Cloud for Administrators

PingFederate Administration

PingAM Deep Dive

PingDirectory Administration

PingAccess Administration

Unlock your full potential in IAM

This is Identitrain

Choose Your Path to IAM Mastery

Built for Every IAM Professional

Training Designed by Practitioners, Proven in the Field

Join a Growing Community of IAM Experts

Upcoming Courses

PingFederate Advanced Administration

Getting Started With PingOne Advanced Identity Cloud for Administrators

PingFederate Administration

PingAM Deep Dive

PingDirectory Administration

PingAccess Administration

Upcoming
Courses

Upcoming
Courses