Unlock your full potential in IAM
This is Identitrain
Master Identity and Access Management with world-class training designed by experts who live it every day.
Led by practitioners, not theorists, our training gives you the skills to design, implement, and secure identity solutions that protect what matters most.
Choose Your Path to IAM Mastery
Built for Every IAM Professional
Training Designed by Practitioners, Proven in the Field
Join a Growing Community of IAM Experts
Upcoming
Courses
Certified Professional - PingOne Advanced Identity Cloud Exam Preparation
This course helps prepare students to take the Certified Professional - PingOne Advanced Identity Cloud exam, formerly known as the ForgeRock® Identity Cloud Certified Professional exam. This is accomplished by presenting students with information concerning exam contents, logistics, tips for preparing to take the exam, lab exercises to cover exam contents, and a sample exam that is representative of the exam, itself.
Upon completion of this course, you should be able to:
- Register to take the exam
- Prepare for the exam using recommended study materials
- Take the exam either remotely or at a Pearson Testing Center
The following are the prerequisites for successfully completing this course:
- Successful completion of the AIC-300 Getting Started With PingOne Advanced Identity Cloud for Administrators course
- Thorough understanding of all PingOne Advanced Identity Cloud documentation and Knowledge Base articles on Backstage
- 3-6 months of experience configuring and administering PingOne Identity tenants
- Working knowledge of OAuth 2.0, OpenID Connect and SAML v2.0
Course Contents
- Explain exam metrics and passing scores
- Provide an approach for responding to test questions
- Identify options for registering and taking the exam
- Describe testing center requirements
- Describe requirements for taking the exam online
- Show how to access exam results
- Review the exam details and requirements
- Explain exam topics and study areas
- Present the objectives covered in the exam
- Review important concepts associated with exam objectives
- Review sample questions associated with objectives
- Provide applicable materials for review
- Research topics which will be covered in the exam
- Navigate the PingOne Advanced Identity Cloud admin UI
- Describe PingOne Advanced Identity Cloud configuration settings
- Explain how to perform PingOne Advanced Identity Cloud related tasks
- Configure PingOne Advanced Identity Cloud related services
- Test a student’s knowledge of PingOne Advanced Identity Cloud
- Provide students with a representative exam experience
PingIDM Administration
Learn how to install and deploy PingIDM (IDM) in an on-prem or self-managed cloud environment to manage the lifecycle and relationship of digital identities. Topics include how to model identity objects in IDM, create connector configurations and synchronization mappings to manage the flow identity objects and properties with various external identity resources, manage workflows, and deploy IDM within a cluster. This course explores the identity management-related features in depth, how they work, and the configuration options available during implementation.
Note: Revision A of this course is based on version 8.0.1 of PingIDM.
Upon completion of this course, you should be able to:
- Provide an overview of the lab environment, model objects and identities, and set up the end-user UI with IDM
- Create and configure connections between external resources and IDM
- Synchronize identity data across multiple external resources, in real-time or by scheduling reconciliation events, and consolidate multiple identity data stores into one centralized identity store
- Install and deploy IDM in an on-prem or cloud provider Linux environment
The following are the prerequisites for successfully completing this course:
- Completion of the PingIDM Essentials course available at: https://backstage.pingidentity.com/university/on-demand/category/PING
- Basic knowledge and skills using the Linux operating system will be required to complete the labs.
- Basic knowledge of JSON, JavaScript, REST, Java, Groovy, SQL and LDAP would be helpful for understanding the examples; however, programming experience is not required.
Chapter 1: Building and Configuring the Prerequisites
Provide an overview of the lab environment, model objects and identities, and set up the end-user UI with IDM.
Lesson 1: Setting Up the Lab
Provide an overview of how to set up the lab environment:
- Install IDM
- Explore the auxiliary software
Lesson 2: Modeling Objects and Identities
Describe how to model objects and identities via REST:
- Introduce the Postman collection
- Run the Postman collection
Lesson 3: Setting Up the End-User UI
Describe how to configure the end-user UI:
- Install and configure the end-user UI
- Retrieve, compile and deploy the end-user UI
- Access the end-user UI
Chapter 2: Managing Connectors
Create and configure connections between external resources and IDM.
Lesson 1: Configuring Connectors With the IDM Admin UI
Create a connector configuration to connect to an external resource using the IDM admin UI:
- Connect external resources to IDM
- Create a connector configuration using the IDM admin UI
- Add a connector configuration for an external LDAP resource
- Add a CSV connector configuration
- Add a connector configuration to import device identities
Lesson 2: Configuring Connectors Over REST
Create a connector configuration in IDM over the REST interface:
- Create a connector configuration over REST
- Describe the core connector configuration settings
- Describe the object types and property mappings
- Use the scripted SQL connector
- Create a scripted SQL connector configuration
Chapter 3: Managing Synchronization and Reconciliation
Synchronize identity data across multiple external resources, in real-time or by scheduling reconciliation events, and consolidate multiple identity data stores into one centralized identity store.
Lesson 1: Performing Basic Synchronization
Describe how to use the IDM admin UI to create sync mappings to reconcile identities between IDM and an external resource:
- Create mappings to synchronize identity objects and properties
- Create a sync mapping from IDM to an external resource
- Add source and target properties to the sync mapping
- Add a correlation query and a situational event script
- Set the situational behaviors and run reconciliation
- Add a sync mapping from IDM to an LDAP server
- Describe the sync mapping from an LDAP server to IDM
- Add a sync mapping from an LDAP server to IDM
- Create a sync mapping to provision devices to the IDM repository
Lesson 2: Running Selective Synchronization and LiveSync
Filter objects that are synchronized and automate synchronization using LiveSync:
- Filter entries
- Run selective synchronization using filters
- Use LiveSync to synchronize changes
- Trigger LiveSync on a connector
- Schedule LiveSync
- Schedule LiveSync with an external resource
- Control synchronization to multiple targets
Lesson 3: Configuring Role-Based Provisioning
Automatically provision users to a set of LDAP groups based on role membership:
- Provision attributes to a target system based on static role assignments
- Enable role-based provisioning
- Query the role assignment properties using the REST interface
- Provision attributes to a target resource based on static role assignments
- Provision attributes to a target system based on dynamic role assignments
- Provision attributes to a target resource based on dynamic role assignments
- Add temporal constraints to a role
- Set temporal constraints on a role
Lesson 4: Configuring a Custom Endpoint
Describe how to configure a custom endpoint:
- Use a custom endpoint
- Create a custom endpoint (optional)
Chapter 4: Installing and Deploying IDM
Install and deploy IDM in an on-prem or cloud provider Linux environment.
Lesson 1: Installing an IDM instance
Install a stand-alone IDM instance for development and test the IDM sample configurations:
- Describe the basic IDM installation requirements
- Install and start IDM
- Install IDM
- Select MariaDB as a backend repository
- Describe how to start IDM with a sample configuration
- Start IDM with a sample configuration
- Describe how to configure IDM to run as a background process or service
- Configure IDM to run as a background process
Lesson 2: Monitoring and Troubleshooting
Describe how to set up monitoring and perform basic troubleshooting:
- Describe the monitoring options available for IDM
- Set up monitoring in IDM
- Describe the different IDM log files
- Examine the different log files in IDM (optional)
Lesson 3: Managing Passwords
Describe how to set up and fine-tune password policies and synchronizations in an IDM deployment:
- Describe password policies in IDM
- Set up password policies in IDM
- Describe password synchronization from DS into IDM
- Set up password synchronization from DS into IDM
PingOne Administration
This course gives learners the tools to get started with PingOne administration. It covers initial setup tasks, including creating and managing PingOne environments, application integration, and customization. This course also provides information on most common administration tasks, including user and group management, managing access policies, best practices, and troubleshooting of common issues.
Upon completion of this course, you should be able to:
- Summarize PingOne capabilities and key features, describe PingOne support resources, and create a new PingOne environment
- Demonstrate administration of PingOne user populations, user roles, attributes, and groups
- Demonstrate integration and troubleshooting of PingOne applications
- Demonstrate how to use access control policies within PingOne
- Describe how to manage the process of establishing a person’s identity and then using this identity in later transactions within PingOne
- Demonstrate troubleshooting techniques and best practices within PingOne
The following are the prerequisites for successfully completing this course:
- Completion of the following courses available at: https://backstage.forgerock.com/university/ping/on-demand/category/PING
- PingOne Fundamentals
- Introduction to PingOne MFA
- Getting Started With PingOne MFA
- Getting Started With PingOne SSO
- (Optional) Introduction to PingOne DaVinci
- Describe PingOne as a cloud-based IDaaS solution
- Describe PingOne environment solutions
- Create a new environment
- Locate Ping Identity support resources
Lesson 1: Managing Users and Populations
Describe how to manage users in PingOne, including how to create populations and add individual users:
- Review default users
- Edit default users
- Create populations
- Create a new population
- Create new users
- Create a new user
- Manage administrator roles
- Assign roles to administrators
- Understand user attributes
- Manage user attributes
- Manage user groups
- Manage user group memberships
Lesson 1: Describing the Supported Federation Protocols
- Understand federation protocols
- Add an application from the catalog
- Understand SAML2
- Add a custom SAML2 application
- Understand OAuth2
- Understand OIDC
- Add a custom OIDC application
- Administer the Application Portal
- Describe authentication failures
- Define SSO failures
- Describe attribute mapping errors
- Determine certificate issues
- Define group membership issues
- Describe application integration issues
- Define gateway access issues
- Describe best practices
Lesson 1: Managing Authentication Policies
- Describe authentication policies
- Create an authentication policy
- Define password policies
- Edit a password policy
- Describe MFA and FIDO policies
- Create an MFA policy
- Create a FIDO policy
Lesson 1: Managing User Onboarding
- Onboard users
- Create users manually
- Provision users
- Administer user accounts
- Manage a user account
- Offboard users
- Monitor activity and view reports
Chapter 6: Troubleshooting and Best Practices
Demonstrate troubleshooting techniques and best practices within PingOne.
- Introduce the troubleshooting process
- Understand common troubleshooting techniques
- Maintain a healthy PingOne environment
PingFederate Administration
This course implements various use cases with PingFederate and introduces industry concepts such as federation, SAML, and OAuth. The course also includes PingFederate-specific topics such as integration kits, adapters, SSO connections, and OAuth configuration. Hands-on exercises allow the participants to have first-hand experience in configuring PingFederate, establishing a web SSO connection and OAuth clients, and doing some basic troubleshooting.
The following are the prerequisites for successfully completing this course:
- Completion of the Getting Started With PingFederate course available at:
Day 1: Background of Federation Web SSO and Core Product
- Introduction to identity federation
- Introduction to integration kits
- Configuring SP and IdP adapters and password credential validators
- Lab 1: HTML Form Adapter and Reference ID adapter configuration
- Introduction to SAML
- Configuring IdP and SP SSO connection
- Lab 2: Creating connections for IdP and SP web SSO
- Lab 2: Creating connections for IdP and SP web SSO
- Server logs
- Lab 3: Review the server logs to follow and SSO transaction
Day 2: Further Integration and PingFederate Functionality
- Attribute mapping and data source
- Lab 4: Mapping attributes from external sources
- Lab 5: Using an external source for authentication
- Introduction to authentication policies
- Lab 6: Creating authentication selectors, policy contracts, and authentication policies
- Lab 7: Tracing SSO transactions in the PingFederate logs
Day 3: OAuth2 and Advanced Administration
- Introduction to OAuth2
- OAuth2 scopes and access tokens
- Lab 8: Configuring OAuth2 grants (including token validation, authorization code)
- Lab 9: Create an OAuth client for client Credentials grant type
- Lab 10: Create an OAuth client for a resource server
- Lab 11: Create an OAuth client for authorization grant type
- PingFederate administrative API
- Lab 12: Using the admin API
- Server Administration
- Deployment scenarios and clustering
- Lab 13 (optional): Configuring a cluster
PingDirectory Administration
This course provides the knowledge you need to install and administer each component of the PingDirectory platform which includes: PingDirectory server, PingDirectoryProxy server, PingDataSync server, the PingData Software Development Kit (SDK), and Delegated User Administration. This course references real-world scenarios driven by recurring use cases. You learn how to install each PingDirectory platform component, perform basic maintenance, using the monitoring and troubleshooting tools. While, hands-on lab exercises provide the first-hand experience installing, configuring, tuning, and using the troubleshooting tools
This course is built on version 10.
Upon completion of this course, you should be able to:
- Describe the PingDirectory capabilities and key features, summarize the installation procedures, and review the initial configuration tasks
- Deploy, fine tune, and configure the PingDirectory server to meet the needs of your production environment
- Describe how to install and manage the PingDirectoryProxy server
- Describe the functions provided by the PingDataSync server, and how to install, configure, and synchronize the PingDataSync server
- Describe common maintenance and necessary troubleshooting tasks needed to optimize PingDirectory performance.
The following are the prerequisites for successfully completing this course:
- Knowledge of UNIX/Linux commands.
- A basic understanding of how directory servers function.
- A basic understanding of REST and HTTP.
- A basic knowledge of Java based environments would be beneficial, but no programming experience is required.
- Completion of the Introduction to PingDirectory available at: https://backstage.pingidentity.com/university/
Chapter 1: Installing PingDirectory
Describe the PingDirectory capabilities and key features, summarize the installation procedures, and review the initial configuration tasks.
- Describe the key features of PingDirectory
- Perform pre-installation procedures
- Install PingDirectory
- Describe post-installation procedures
- Use server profiles
- (Optional) Install PingDirectory
Chapter 2: Deploying PingDirectory
Lesson 1: Managing the Schema
- Describe the schema
- Modify the schema
- Modify the schema
- Modify object classes
- Create auxiliary object classes
- Load custom schema elements
- Search entries
- Manage entries
- Create objects
- Prevent data vulnerability
- Keep data secure
- Configure encryption settings
- Define virtual attributes
- Administer virtual attributes
- Describe password policies
- Create a password policy
- Manage JSON attributes
- Create JSON attributes
- Manage the Password Policy State JSON
- Administer JSON Attributes
- Understand the Rest APIs
- Use the SCIM 2.0 REST API
- Administer the Directory REST API
- Manage log publishers
- Configure logging
- Create a log publisher
- Understand replication
- Enable replication
- Resolve conflicts
- Understand the replication protocol
- Use replication over WAN
- Plan deployment
- Configure replication
- Scale replication
- Enable the replication process
- Define the topology registry
- Administer the server topology
- Describe the key features
- Describe the installation process
- Install the PingDirectoryProxy server
- Lesson 3: Managing the PingDirectoryProxy Server
- Describe the key advanced PingDirectoryProxy server transformation features:
- Describe the proxy transformations
- Understand entry balancing
- Create transformations
- Describe the key features
- Install the PingDataSync server
- Use the start, stop, and restart commands
- Describe the failover server
- Install the failover server
- Install the PingDataSync server
- Define Sync Pipe components
- Create the synchronization flow
- Use the retry mechanism
- Configure the PingDataSync server
- Configure and synchronize the PingDataSync server
- Synchronize with a relational database
- Synchronize with AD
- Describe the key features of the Server SDK
- Use the start, stop, and restart server commands
- Understand common maintenance tasks
- Perform maintenance tasks
- Understand Delegated Admin
- Configure Delegated Admin
- Administer Delegated Admin
- Understand data recovery
- Perform data recovery
- Monitor the PingDirectory server
- Understand how to troubleshoot issues
- Repair a conflict resolution
- Use troubleshooting tools
PingOne Protect Administration
This course shows students how to deploy, configure, and administer PingOne Protect. Through a combination of guided instruction and hands-on exercises, students work in a live environment to learn how to implement risk-based policies, integrate with PingOne DaVinci (DaVinci), and monitor threats using real-time dashboards. Students are provided with a functional PingOne Protect environment where they learn how to configure risk predictors and policies, orchestrate risk-based multi-factor authentication (MFA) experiences, and reduce MFA fatigue while maintaining strong security controls. The course also guides students through preventing Account Takeover (ATO) and New Account Fraud (NAF) by correlating risk signals, tuning policies, and applying best practices to optimize fraud detection and minimize false positives.
Upon completion of this course, you should be able to:
- Deploy PingOne Protect by configuring predictors and risk policies, integrating with DaVinci, and monitoring risk through the Threat Protection Dashboard
- Analyze risk signals and adjust multi-factor authentication (MFA) requirements using DaVinci orchestration flows to balance security and user experience
- Identify complex fraud patterns and implement risk-based policies to proactively mitigate ATO and NAF across your environments
- Monitor risk events and evaluate policy performance in PingOne Protect so you can use reporting and analytics to identify trends, investigate anomalies, and refine risk policies while preserving a seamless user experience
The following are the prerequisites for successfully completing this course:
- Completion of the following courses available at:https://training.pingidentity.com/on-demand/category/PING
- Introduction to PingOne Protect
- Introduction to PingOne DaVinci
- Introduction to PingOne MFA
Chapter 1: Deploying PingOne Protect
Deploy PingOne Protect by configuring predictors and risk policies, integrating with DaVinci, and monitoring risk through the Threat Protection Dashboard.
Lesson 1: Introducing PingOne Protect
Describe the core features of PingOne Protect and how it fits within the PingOne Identity Platform (Identity Platform):
- Identify PingOne Protect
- Analyze scenarios
- Set up the Ping Identity environment (optional)
Lesson 2: Reviewing Architecture and Components
Understand how PingOne Protect integrates with DaVinci, define its core operational components (predictors and risk policies), and examine the architecture that connects and orchestrates these elements:
- Define risk predictors
- Administrate risk predictors
- Configure risk policies
- Create risk policies
Lesson 3: Integrating and Monitoring Threat Protection
Use the PingOne Protect connector and the Threat Protection Dashboard to integrate risk evaluation into DaVinci flows and monitor threats across your environment:
- Integrate PingOne Protect with DaVinci
- Monitor Risk with the Threat Protection Dashboard
Chapter 2: Optimizing MFA for Risk and Experience
Analyze risk signals and adjust MFA requirements using DaVinci orchestration flows to balance security and user experience.
Lesson 1: Understanding Risk-Based MFA
Differentiate risk-based MFA from traditional static MFA and configure your environment to support adaptive MFA:
- Contrast traditional and risk-based MFA
- Configure the environment post-MFA setup (optional)
Lesson 2: Implementing MFA Scenarios
Configure MFA for PingOne Protect and run DaVinci workflows to observe and troubleshoot different risk-based login scenarios:
- Initiate a new user account interaction
- Log in as a High-Risk user
- Log in as a Medium-Risk user
- Log in as a Low-Risk user
Lesson 3: Reducing MFA Fatigue
Apply techniques and configurations that minimize unnecessary MFA prompts without compromising security:
- Understand MFA fatigue
- Mitigate MFA fatigue
- Test risk-based authentication flows
Chapter 3: Preventing Account Takeover and New Account Fraud
Identify complex fraud patterns and implement risk-based policies to proactively mitigate ATO and NAF across your environments.
Lesson 1: Understanding the Fraud Cycle
Analyze fraud stages, map indicators to risk signals, and configure the Protect Synthesizer (ProtectSynth) to implement ATO and NAF risk policies that disrupt fraudulent activity:
- Define the fraud cycle
- Disrupt the fraud cycle using PingOne Protect
- Illustrate fraud cycle scenarios
- Create ATO and NAF risk policies
- Install and configure ProtectSynth
Lesson 2: Configuring Risk Policies to Prevent ATO
Correlate PingOne Protect predictors with risk signals, simulate user events, and optimize risk policies to maximize detection accuracy while minimizing false positives and false negatives:
- Correlate ATO risk patterns with predictors
- Deploy composite predictors to minimize false negatives
- Mitigate ATO risk using composite predictors
Lesson 3: Configuring Risk Policies to Prevent NAF
Configure and validate a NAF risk policy in PingOne Protect, by correlating risk predictors and detecting coordinated fraud patterns:
- Correlate and detect NAF risk patterns
- Configure and validate the NAF risk policy
Lesson 4: Optimizing Risk Policies for ATO and NAF
Apply ATO and NAF prevention best practices and tune corresponding risk policies to optimize fraud detection while minimizing false positives and operational impact:
- Describe best practices to prevent ATO and NAF
- Implement best practices to prevent ATO and NAF
- Tune the ATO risk policy
- Tune the NAF risk policy
Chapter 4: Managing PingOne Protect
Monitor risk events and evaluate policy performance in PingOne Protect so you can use reporting and analytics to identify trends, investigate anomalies, and refine risk policies while preserving a seamless user experience.
Lesson 1: Monitoring Risk Events and Policy Performance
Analyze and monitor PingOne Protect components, interpret flow types and associated risk policies, and regulate false positives so you maintain accurate risk evaluation and strong policy performance:
- Observe PingOne Protect components
- Understand flow types and risk policies
- Monitor user events
Lesson 2: Tuning Risk Policies
Optimize PingOne Protect risk policies by preparing for effective tuning, adjusting key predictors, and using staging policies and dashboards to validate and improve policy performance before production:
- Prepare for tuning
- Harness risk predictors and staging policies
- Use staging policies to refine risk policies
Lesson 3: Reporting and Analytics Best Practices
Apply reporting and analytics best practices by explaining the strategic value of PingOne Protect risk data and analyzing the Threat Protection Dashboard views to support informed, data-driven security decisions:
- Emphasize reporting and analytics
- Analyze risks in the Threat Protection Dashboard