Unlock your full potential in IAM
This is Identitrain
Master Identity and Access Management with world-class training designed by experts who live it every day.
Led by practitioners, not theorists, our training gives you the skills to design, implement, and secure identity solutions that protect what matters most.
Choose Your Path to IAM Mastery
Whether you’re starting your IAM journey or advancing toward certification, our structured
learning paths guide you every step of the way. Select from Identity Management, Access Management,
Governance, or Best Practices tracks designed to match your role and goals.
Built for Every IAM Professional
From architects and developers to project managers and business leaders, Identitrain delivers
training that fits your role. Whether you’re designing IAM strategies, building integrations, or
leading transformation projects, we’ve got a path for you.
Training Designed by Practitioners, Proven in the Field
Our instructors bring years of real-world IAM experience into the classroom. We blend
vendor-agnostic fundamentals with deep expertise in leading platforms like Ping, SailPoint, Okta, and
beyond. Every course is modular, lab-focused, and designed to give you actionable skills you can
immediately put to use!
Join a Growing Community of IAM Experts
Training doesn’t end with the last session. Graduates join our global practitioner network,
gaining access to peer discussions, expert webinars, alumni resources, and exclusive discounts.
Learn, connect, and grow alongside IAM professionals worldwide.
Upcoming
Courses
IG-430-BVP Rev A
PingGateway Deep Dive
The aim of this course is to showcase the key features and capabilities of the versatile and powerful edge security solution with the PingGateway environment, formerly known as ForgeRock® Identity Gateway. It provides the student with the knowledge and confidence to manage their own environment. It is accepted that this course is not able to demonstrate all the features and capabilities of PingGateway. Further information and guidance can be found in the documentation and knowledge base documents in the online repositories at: Backstage https://backstage.forgerock.com.
Note: Revision A of this course is based on version 7.2 of PingGateway.
Upon completion of this course, you should be able to:
- Integrate and protect web applications, APIs, legacy applications, and microservices with the Ping Identity Platform (Identity Platform), formerly known as ForgeRock® Identity Platform, by using PingGateway
- Add authentication to the ForgeRock Entertainment Company (FEC) solution using PingOne Advanced Identity Cloud (Advanced Identity Cloud), formerly known as ForgeRock® Identity Cloud, or PingAM (AM), formerly known as ForgeRock® Access Management, as the access manager, OpenID Connect (OIDC) provider, and Security Assertion Markup Language (SAML2) identity provider (IdP)
- Demonstrate how to use PingGateway to manage access to a website using Advanced Identity Cloud (or AM) policies and policies with advice
- Protect a REST API with PingGateway and extend PingGateway functionality with scripting
- Highlight various areas that must be taken into account when preparing PingGateway for a production environment. Topics discussed include auditing, monitoring, tuning, security, and deployment
The following are the prerequisites for successfully completing this course:
- Completion of the PingGateway Essentials course available at: https://backstage.forgerock.com/university/forgerock/on-demand/path/TGVhcm5pbmdQYXRoOjQ%3D/chapter/Q291cnNlOjE1NzI2
Chapter 1: Integrating Applications With PingGateway
Integrate and protect web applications, APIs, legacy applications, and microservices with Identity Platform by using PingGateway.
Lesson 1: Introducing PingGateway
Introduce PingGateway and discuss scenarios for protecting web applications, APIs, and legacy applications:
Introduce PingGateway and discuss scenarios for protecting web applications, APIs, and legacy applications:
- Introduce PingGateway
- Describe PingGateway features
- Compare PingGateway with policy agents
- Explore PingGateway integration with web applications
- Describe PingGateway integration with OIDC and SAML
- Explore PingGateway policy enforcement and second-factor authentication (2FA)
- Describe PingGateway protection of APIs
- Access your CloudShare VM
- Examine the lab environment
- Access the FEC and DVD4U websites
Lesson 2: Fronting a Website With PingGateway
Configure PingGateway to listen for secure connections, operate in development mode, and be a reverse proxy in front of the FEC website:
Configure PingGateway to listen for secure connections, operate in development mode, and be a reverse proxy in front of the FEC website:
- Examine the PingGateway configuration structure
- Describe required PingGateway configuration
- Configure PingGateway for secure connections
- Configure PingGateway routes
- Creating and managing routes in PingGateway Studio
- Protect a website by using PingGateway Studio
- Upgrade a route to use WebSockets
- Configure PingGateway for development mode and TLS connections
- Protect the FEC website with PingGateway by using PingGateway Studio
- Manage routes in PingGateway Studio and examine PingGateway log files
Lesson 3: Routing Requests and Responses
Configure PingGateway to route requests depending on external conditions, and use various filters and handlers to process requests and responses within a route:
Configure PingGateway to route requests depending on external conditions, and use various filters and handlers to process requests and responses within a route:
- Describe the PingGateway object model
- Examine objects available in routes
- Retrieve context data and configure sessions
- Route requests depending on conditions
- Describe route handlers
- Manage requests and responses with a route handler
- Process requests and responses with filters
- Create a route to allow access to a public area of FEC
- Add a page not found route
- Create a route to access the legacy DVD4U application
- Add password replay for the DVD4U application
Lesson 4: Configuring PingGateway Logging and Capturing Route Communication
Introduce decorators, capture information in the PingGateway logs information using the CaptureDecorator, and retrieve credentials from a file with a FileAttributesFilter:
Introduce decorators, capture information in the PingGateway logs information using the CaptureDecorator, and retrieve credentials from a file with a FileAttributesFilter:
- Manage PingGateway logs
- Introduce Decorators
- Configure route activity logs
- Capture inbound and outbound communication
- Retrieve credentials from a file
- Observe requests and responses in PingGateway logs
- Test different capture configuration settings
- Centralize PingGateway logging configuration
- Modify the DVD4U route to get credentials from a file
- Use Logback configuration for troubleshooting
Chapter 2: Configuring Agentless Single Sign-On
Add authentication to the FEC solution, using Advanced Identity Cloud or AM as the access manager, OIDC provider, and SAML2 identity provider.
Lesson 1: Implementing Authentication with the SSO Filter
Implement authentication for websites with the single sign-on (SSO) filter by using PingGateway to interact with Advanced Identity Cloud or AM as the authentication server, to ensure access to non-public content requires authentication:
Implement authentication for websites with the single sign-on (SSO) filter by using PingGateway to interact with Advanced Identity Cloud or AM as the authentication server, to ensure access to non-public content requires authentication:
- Create a route by using the PingGateway Studio Freeform Designer
- Configure Advanced Identity Cloud or AM as a service
- Describe how to use the SSO Filter
- Retrieve user data from the authentication provider
- Configure PingGateway as an HTTPS client
- Create a route with the PingGateway Studio Freeform Designer
- Redirect requests to AM for authentication
- Configure PingGateway for client-side HTTPS
- Access properties in SSO token context
- Retrieve user profile data for display in a web page
- Store information in a PingGateway HTTP session
- Configure capture decorators in Freeform Designer
Lesson 2: Configuring CDSSO for the Legacy Application
Configure cross-domain single sign-on (CDSSO) to support applications located in different domains, by using the CrossDomainSingleSignOnFilter:
Configure cross-domain single sign-on (CDSSO) to support applications located in different domains, by using the CrossDomainSingleSignOnFilter:
- Describe the CDSSO Filter
- Configure the CDSSO Filter Solution
- Configure CDSSO redirect endpoints
- Integrate the legacy application with CDSSO
- Create a new route to protect DVD4U with CDSSO and AM
- Update the DVD4U route to automatically log in the authenticated user
- Prepare the Advanced Identity Cloud tenant
- Protect the DVD4U and FEC websites using CDSSO with Advanced Identity Cloud
Lesson 3: Performing SSO With PingGateway as an OIDC Relying Party
Configure PingGateway to operate as an OIDC client (relying party) to offer potential subscriber users access to the trial sections and immediate access to promotional content of the website by using their Gmail account:
Configure PingGateway to operate as an OIDC client (relying party) to offer potential subscriber users access to the trial sections and immediate access to promotional content of the website by using their Gmail account:
- Describe basic OIDC concepts
- Configure PingGateway as an OIDC client
- Examine the flow of OIDC redirects for authentication and consent
- Explore the flow of OIDC callbacks and data injection
- Configure an OIDC relying party route
- Examine the OIDC relying party solution
Lesson 4: Providing SSO with PingGateway as a SAML2 SP
Configure PingGateway to act as a SAML2 service provider (SP), enabling an application to be SAML2-compliant:
Configure PingGateway to act as a SAML2 service provider (SP), enabling an application to be SAML2-compliant:
- Authenticate with a SAML2 identity provider (IdP)
- Describe the use of the SAML federation handler
- Describe the use of the dispatch handler
- Describe the SAML2 implementation flow
- Set up SAML2 configuration files for PingGateway
- Configure a SAML2 route for the trial section
- Examine the SAML2 solution (optional)
Chapter 3: Controlling Access with PingGateway as Policy Enforcement Point
Demonstrate how to use PingGateway to manage access to a website using Advanced Identity Cloud (or AM) policies and policies with advice.
Lesson 1: Implementing Authorization With a Policy Enforcement Filter
Configure PingGateway to manage access to a website by evaluating policies configured in Advanced Identity Cloud (or AM) and using a PolicyEnforcementFilter:
Configure PingGateway to manage access to a website by evaluating policies configured in Advanced Identity Cloud (or AM) and using a PolicyEnforcementFilter:
- Describe the use of the Policy Enforcement Filter
- Illustrate the use of the Policy Enforcement Filter
- Configure a policy enforcement point (PEP) route for the premium section of FEC
- Examine the PEP solution (optional)
Lesson 2: Providing Step-Up Authentication and Transactional Authorization
Illustrate how PingGateway handles step-up authentication and transactional authorization policy advices with Advanced Identity Cloud (or AM):
Illustrate how PingGateway handles step-up authentication and transactional authorization policy advices with Advanced Identity Cloud (or AM):
- Describe step-up authentication
- Illustrate how PingGateway handles step-up authentication
- Describe transactional authorization
- Illustrate how PingGateway handles transactional authorization
- Configure a PEP route for the on demand and profile sections of FEC
- Examine the profile solution (optional)
- Examine the on-demand solution (optional)
Chapter 4: Protecting a REST API
Protect a REST API with PingGateway and extend PingGateway functionality with scripting.
Lesson 1: Configuring PingGateway as an OAuth2 Resource Server
Configure PingGateway to act as an OAuth2 resource server that protects a REST API:
- Describe the use of the OAuth2 resource server filter
- List access token resolvers
- Validate certificate-bound access tokens
- Observe the flow with the token introspection resolver
- Prepare the OAuth2 solution to protect the FEC REST API
- Configure PingGateway to protect the FEC REST APIs
- Examine the REST API solution (optional)
Lesson 2: Extending Functionality With Scripts
Log information on context, implement dynamic scopes to manage access to resources, and refine allowed access using script-based objects in PingGateway:
Log information on context, implement dynamic scopes to manage access to resources, and refine allowed access using script-based objects in PingGateway:
- Describe the scripting functionality for extending PingGateway
- Explore scriptable objects
- Examine dynamic scopes solution
- Describe OAuth2 token swapping in PingGateway
- Configure a scriptable filter to log the content of the OAuth2 context
- Configure a dynamic scopes script
- Configure a scriptable filter to retrieve the correct favorite list
Chapter 5: Preparing for Production with PingGateway
Highlight various areas that must be taken into account when preparing PingGateway for a production environment. Topics discussed include auditing, monitoring, tuning, security, and deployment.
Lesson 1: Auditing, Monitoring, and Tuning a PingGateway Solution
Prepare PingGateway for a production environment by considering auditing, monitoring, tuning, security, and deployment topics:
Prepare PingGateway for a production environment by considering auditing, monitoring, tuning, security, and deployment topics:
- Describe the audit framework
- Excluding sensitive data from audit logs
- Accessing the Common REST API monitoring endpoint
- Decreasing the number of requests through caching
Lesson 2: Developing an Awareness of Security Questions With PingGateway
Develop awareness of best practices, describe JwtSessions, examine common secrets, and manage request rates and throttling:
Develop awareness of best practices, describe JwtSessions, examine common secrets, and manage request rates and throttling:
- Discuss PingGateway best practices regarding security
- Examine the common secrets
- Explore secret store types
- Describe throttling
- Create common secret stores
- Configure throttling
Lesson 3: Deploying PingGateway
Explore how to deploy PingGateway into a production context by using property value substitution and clustering:
Explore how to deploy PingGateway into a production context by using property value substitution and clustering:
- Describe property value substitution
- Set up multiple PingGateway instances
- Integrate configuration tokens in the solution
- Deploy a second PingGateway instance
PF-300-BVP Rev A
PingFederate Administration
This course implements various use cases with PingFederate and introduces industry concepts such as federation, SAML, and OAuth. The course also includes PingFederate-specific topics such as integration kits, adapters, SSO connections, and OAuth configuration. Hands-on exercises allow the participants to have first-hand experience in configuring PingFederate, establishing a web SSO connection and OAuth clients, and doing some basic troubleshooting.
The following are the prerequisites for successfully completing this course:
- Completion of the Getting Started With PingFederate course available at:
Day 1: Background of Federation Web SSO and Core Product
- Introduction to identity federation
- Introduction to integration kits
- Configuring SP and IdP adapters and password credential validators
- Lab 1: HTML Form Adapter and Reference ID adapter configuration
- Introduction to SAML
- Configuring IdP and SP SSO connection
- Lab 2: Creating connections for IdP and SP web SSO
- Lab 2: Creating connections for IdP and SP web SSO
- Server logs
- Lab 3: Review the server logs to follow and SSO transaction
Day 2: Further Integration and PingFederate Functionality
- Attribute mapping and data source
- Lab 4: Mapping attributes from external sources
- Lab 5: Using an external source for authentication
- Introduction to authentication policies
- Lab 6: Creating authentication selectors, policy contracts, and authentication policies
- Lab 7: Tracing SSO transactions in the PingFederate logs
Day 3: OAuth2 and Advanced Administration
- Introduction to OAuth2
- OAuth2 scopes and access tokens
- Lab 8: Configuring OAuth2 grants (including token validation, authorization code)
- Lab 9: Create an OAuth client for client Credentials grant type
- Lab 10: Create an OAuth client for a resource server
- Lab 11: Create an OAuth client for authorization grant type
- PingFederate administrative API
- Lab 12: Using the admin API
- Server Administration
- Deployment scenarios and clustering
- Lab 13 (optional): Configuring a cluster
PIDM-400 BVP Rev A
PingIDM Administration
Learn how to install and deploy PingIDM (IDM) in an on-prem or self-managed cloud environment to manage the lifecycle and relationship of digital identities. Topics include how to model identity objects in IDM, create connector configurations and synchronization mappings to manage the flow identity objects and properties with various external identity resources, manage workflows, and deploy IDM within a cluster. This course explores the identity management-related features in depth, how they work, and the configuration options available during implementation.
Note: Revision A of this course is based on version 8.0.1 of PingIDM.
Upon completion of this course, you should be able to:
- Provide an overview of the lab environment, model objects and identities, and set up the end-user UI with IDM
- Create and configure connections between external resources and IDM
- Synchronize identity data across multiple external resources, in real-time or by scheduling reconciliation events, and consolidate multiple identity data stores into one centralized identity store
- Install and deploy IDM in an on-prem or cloud provider Linux environment
The following are the prerequisites for successfully completing this course:
- Completion of the PingIDM Essentials course available at: https://backstage.pingidentity.com/university/on-demand/category/PING
- Basic knowledge and skills using the Linux operating system will be required to complete the labs.
- Basic knowledge of JSON, JavaScript, REST, Java, Groovy, SQL and LDAP would be helpful for understanding the examples; however, programming experience is not required.
Chapter 1: Building and Configuring the Prerequisites
Provide an overview of the lab environment, model objects and identities, and set up the end-user UI with IDM.
Lesson 1: Setting Up the Lab
Provide an overview of how to set up the lab environment:
- Install IDM
- Explore the auxiliary software
Lesson 2: Modeling Objects and Identities
Describe how to model objects and identities via REST:
- Introduce the Postman collection
- Run the Postman collection
Lesson 3: Setting Up the End-User UI
Describe how to configure the end-user UI:
- Install and configure the end-user UI
- Retrieve, compile and deploy the end-user UI
- Access the end-user UI
Chapter 2: Managing Connectors
Create and configure connections between external resources and IDM.
Lesson 1: Configuring Connectors With the IDM Admin UI
Create a connector configuration to connect to an external resource using the IDM admin UI:
- Connect external resources to IDM
- Create a connector configuration using the IDM admin UI
- Add a connector configuration for an external LDAP resource
- Add a CSV connector configuration
- Add a connector configuration to import device identities
Lesson 2: Configuring Connectors Over REST
Create a connector configuration in IDM over the REST interface:
- Create a connector configuration over REST
- Describe the core connector configuration settings
- Describe the object types and property mappings
- Use the scripted SQL connector
- Create a scripted SQL connector configuration
Chapter 3: Managing Synchronization and Reconciliation
Synchronize identity data across multiple external resources, in real-time or by scheduling reconciliation events, and consolidate multiple identity data stores into one centralized identity store.
Lesson 1: Performing Basic Synchronization
Describe how to use the IDM admin UI to create sync mappings to reconcile identities between IDM and an external resource:
- Create mappings to synchronize identity objects and properties
- Create a sync mapping from IDM to an external resource
- Add source and target properties to the sync mapping
- Add a correlation query and a situational event script
- Set the situational behaviors and run reconciliation
- Add a sync mapping from IDM to an LDAP server
- Describe the sync mapping from an LDAP server to IDM
- Add a sync mapping from an LDAP server to IDM
- Create a sync mapping to provision devices to the IDM repository
Lesson 2: Running Selective Synchronization and LiveSync
Filter objects that are synchronized and automate synchronization using LiveSync:
- Filter entries
- Run selective synchronization using filters
- Use LiveSync to synchronize changes
- Trigger LiveSync on a connector
- Schedule LiveSync
- Schedule LiveSync with an external resource
- Control synchronization to multiple targets
Lesson 3: Configuring Role-Based Provisioning
Automatically provision users to a set of LDAP groups based on role membership:
- Provision attributes to a target system based on static role assignments
- Enable role-based provisioning
- Query the role assignment properties using the REST interface
- Provision attributes to a target resource based on static role assignments
- Provision attributes to a target system based on dynamic role assignments
- Provision attributes to a target resource based on dynamic role assignments
- Add temporal constraints to a role
- Set temporal constraints on a role
Lesson 4: Configuring a Custom Endpoint
Describe how to configure a custom endpoint:
- Use a custom endpoint
- Create a custom endpoint (optional)
Chapter 4: Installing and Deploying IDM
Install and deploy IDM in an on-prem or cloud provider Linux environment.
Lesson 1: Installing an IDM instance
Install a stand-alone IDM instance for development and test the IDM sample configurations:
- Describe the basic IDM installation requirements
- Install and start IDM
- Install IDM
- Select MariaDB as a backend repository
- Describe how to start IDM with a sample configuration
- Start IDM with a sample configuration
- Describe how to configure IDM to run as a background process or service
- Configure IDM to run as a background process
Lesson 2: Monitoring and Troubleshooting
Describe how to set up monitoring and perform basic troubleshooting:
- Describe the monitoring options available for IDM
- Set up monitoring in IDM
- Describe the different IDM log files
- Examine the different log files in IDM (optional)
Lesson 3: Managing Passwords
Describe how to set up and fine-tune password policies and synchronizations in an IDM deployment:
- Describe password policies in IDM
- Set up password policies in IDM
- Describe password synchronization from DS into IDM
- Set up password synchronization from DS into IDM
AIC-CERT-PREP Rev A
Certified Professional - PingOne Advanced Identity Cloud Exam Preparation
This course helps prepare students to take the Certified Professional - PingOne Advanced Identity Cloud exam, formerly known as the ForgeRock® Identity Cloud Certified Professional exam. This is accomplished by presenting students with information concerning exam contents, logistics, tips for preparing to take the exam, lab exercises to cover exam contents, and a sample exam that is representative of the exam, itself.
Upon completion of this course, you should be able to:
- Register to take the exam
- Prepare for the exam using recommended study materials
- Take the exam either remotely or at a Pearson Testing Center
The following are the prerequisites for successfully completing this course:
- Successful completion of the AIC-300 Getting Started With PingOne Advanced Identity Cloud for Administrators course
- Thorough understanding of all PingOne Advanced Identity Cloud documentation and Knowledge Base articles on Backstage
- 3-6 months of experience configuring and administering PingOne Identity tenants
- Working knowledge of OAuth 2.0, OpenID Connect and SAML v2.0
Course Contents
Exam Overview
- Explain exam metrics and passing scores
- Provide an approach for responding to test questions
- Identify options for registering and taking the exam
- Describe testing center requirements
- Describe requirements for taking the exam online
- Show how to access exam results
Exam Details
- Review the exam details and requirements
- Explain exam topics and study areas
- Present the objectives covered in the exam
- Review important concepts associated with exam objectives
- Review sample questions associated with objectives
- Provide applicable materials for review
Lab Exercises
- Research topics which will be covered in the exam
- Navigate the PingOne Advanced Identity Cloud admin UI
- Describe PingOne Advanced Identity Cloud configuration settings
- Explain how to perform PingOne Advanced Identity Cloud related tasks
- Configure PingOne Advanced Identity Cloud related services
Sample Exam
- Test a student’s knowledge of PingOne Advanced Identity Cloud
- Provide students with a representative exam experience
SDK-541-BVP Rev B
Developing Applications Using SDKs
This course is for students who want to learn how to use the SDKs to speed up the integration of JavaScript, Android, and iOS applications, within an access management solution. The course presents key use cases and features of the SDKs.
Note: Revision B of this course is based on version 7 of the Ping Identity Platform (Identity Platform), formerly known as ForgeRock® Identity Platform, and SDK 3.
Upon completion of this course, you should be able to:
- Introduce the SDKs, describe how they fit into the Identity Platform, and how they interact with PingAM, formerly known as ForgeRock® Access Management
- Present the centralized login flow, implement centralized login authentication, and observe device single sign-on (SSO)
- Present the Embedded Login flow and execute authentication, registration, and self-service journey
- Increase the security of your application and enhance the user experience with social authentication, passwordless biometric authentication, device profile and location collection and analysis, and multi-factor authentication (MFA) with one-time passwords (OTPs) and push authentication
The following are the prerequisites for successfully completing this course:
- Basic knowledge and skills using the Linux and Windows operating systems to complete labs
- Basic knowledge of HTTP and communications between clients and servers is critical to understanding the interaction between the SDKs and AM
- Basic knowledge of JSON, JavaScript, REST, and Java
- Good knowledge of either JavaScript, Android, or iOS application development
- Attendance on the PingAM Deep Dive (AM-410) course or equivalent knowledge
Chapter 1: Introducing the SDKs
Introduce the SDKs, describe how they fit into the Identity Platform, and how they interact with AM.
Lesson 1: The SDKs and Common Use Cases
Introduce the SDKs and common use cases:
Introduce the SDKs and common use cases:
- Describe the SDKs
- Explore the role of the SDKs through common use cases
- Technical overview of the SDKs
- Using SDK components
- Interaction between the SDKs and AM
Lesson 2: Mobile Development Environment and Project Quickstart for Android and iOS
Learn how to set up a development environment:
Learn how to set up a development environment:
- Preparing the server
- iOS Environment and Project Setup
- Android Environment and Project Setup
- JavaScript Environment and Project Setup
- Preface to the exercises
- Set up an iOS development environment
- Set up an Android development environment
- Set up a JavaScript development environment
Chapter 2: Authentication with Centralized Login
Present the centralized login flow, implement centralized login authentication, and observe device SSO.
Lesson 1: Authenticate With Centralized Login
- Learn how to use the SDKs with centralized login:
- Understand the login flow choices
- Implement centralized login on mobile
- Implement centralized login in JavaScript
- Authenticate with centralized login on iOS
- Authenticate with centralized login on Android
- Authenticate with centralized login in JavaScript
Lesson 2: (Optional) Observe SSO Between Mobile Apps
Learn how to implement SSO between mobile apps with centralized login:
Learn how to implement SSO between mobile apps with centralized login:
- SSO between mobile apps with centralized login
Chapter 3: Working with Embedded Login
Present the Embedded Login flow and execute authentication, registration, and self-service journeys
Lesson 1: Authenticate with Embedded Login
Learn how to use the SDKs with Embedded Login to authenticate:
Learn how to use the SDKs with Embedded Login to authenticate:
- Understand the APIs for Embedded Login
- Authenticate with embedded login on iOS
- Authenticate with embedded login on Android
- Authenticate with embedded login in JavaScript
Lesson 2: Follow Authentication Journeys
Learn how to follow authentication journeys:
Learn how to follow authentication journeys:
- Respond to Callbacks
- Respond to Stages
- Respond to stages on iOS
- Respond to stages on Android
- Respond to stages in JavaScript
- (Optional) Transactional authorization
Lesson 3: Registration and Self-Service Journeys
Learn how to follow registration and self-service journeys:
Learn how to follow registration and self-service journeys:
- Respond to registration or self-service journeys
- Implement self-service registration on iOS
- Implement self-service registration on Android
- Implement self-service registration in JavaScript
- Call other journeys / Intercept REST calls
- Implement self-service password change on iOS
- Implement self-service password change on Android
- Implement self-service password change in JavaScript
Lesson 4: Send and Process Verification Emails
Learn how to suspend journey processing and resume after the user followed the resume link sent in email:
- Suspend the journey and await the user following the resume link
- Suspend and resume authentication on iOS
- Suspend and resume authentication on Android
- Suspend and resume authentication in JavaScript
Chapter 4: Increasing Security and Enhancing User Experience
Increase the security of your application and enhance the user experience with social authentication, passwordless biometric authentication, device profile and location collection and analysis, and MFA with OTPs and push authentication.
Lesson 1: Authenticate with Social Login
Learn how to implement social authentication:
Learn how to implement social authentication:
- Implement social login
- Login with Google on iOS
- Login with Google on Android
- Login with Google in JavaScript
Lesson 2: Authenticate with WebAuthn and Biometrics
Learn how to implement biometric authentication on mobile:
Learn how to implement biometric authentication on mobile:
- Review WebAuthn concepts
- Implement biometric authentication on mobile
- Implement WebAuthn on iOS
- Implement WebAuthn on Android
- Implement web biometric authentication
- Implement WebAuthn in JavaScript
Lesson 3: Collect and Validate Device Profiles and Geolocation
Learn how to collect device profile data and geolocation for validation:
Learn how to collect device profile data and geolocation for validation:
- Configure a user journey to verify and save device profile data
- Device profile processing in the SDKs
- Collect device profile data on iOS
- Implement device profile collection on iOS
- Collect device profile data on Android
- Implement device profile collection on Android
- Collect device profile data in JavaScript
- Implement device profile collection in JavaScript
- Analyze device context
- Implement location-based security
- Collect location information on iOS, Android or in JavaScript
- Implement device tampering detection
- Customize what data is collected
- Check for device tampering and customize device profile collection on iOS
- Check for device tampering and customize device profile collection on Android
- Customize device profile collection in JavaScript
Lesson 4: MFA with Push and OATH on Mobile
Learn how to provide MFA with Push Authentication and Soft Token:
Learn how to provide MFA with Push Authentication and Soft Token:
- Integrate the ForgeRock Authenticator Module in a mobile app
- Examine using the Authenticator Module on iOS
- Examine using the Authenticator Module on Android
P1-400-BVP Rev A.1
PingOne Administration
This course gives learners the tools to get started with PingOne administration. It covers initial setup tasks, including creating and managing PingOne environments, application integration, and customization. This course also provides information on most common administration tasks, including user and group management, managing access policies, best practices, and troubleshooting of common issues.
Upon completion of this course, you should be able to:
- Summarize PingOne capabilities and key features, describe PingOne support resources, and create a new PingOne environment
- Demonstrate administration of PingOne user populations, user roles, attributes, and groups
- Demonstrate integration and troubleshooting of PingOne applications
- Demonstrate how to use access control policies within PingOne
- Describe how to manage the process of establishing a person’s identity and then using this identity in later transactions within PingOne
- Demonstrate troubleshooting techniques and best practices within PingOne
The following are the prerequisites for successfully completing this course:
- Completion of the following courses available at: https://backstage.forgerock.com/university/ping/on-demand/category/PING
- PingOne Fundamentals
- Introduction to PingOne MFA
- Getting Started With PingOne MFA
- Getting Started With PingOne SSO
- (Optional) Introduction to PingOne DaVinci
Chapter 1: Introducing PingOne
Summarize PingOne capabilities and key features, describe PingOne support resources, and create a new PingOne environment.
Lesson 1: Providing an Overview of PingOne
Summarize PingOne capabilities and key features:
- Describe PingOne as a cloud-based IDaaS solution
- Describe PingOne environment solutions
- Create a new environment
Lesson 2: Introducing Ping Identity Support Resources
Describe PingOne support resources:
- Locate Ping Identity support resources
Chapter 2: Managing Users
Demonstrate administration of PingOne user populations, user roles, attributes, and groups.
Lesson 1: Managing Users and Populations
Describe how to manage users in PingOne, including how to create populations and add individual users:
- Review default users
- Edit default users
- Create populations
- Create a new population
- Create new users
- Create a new user
Lesson 2: Managing User Roles, Attributes, and Groups
Create a new population and new users:
- Manage administrator roles
- Assign roles to administrators
- Understand user attributes
- Manage user attributes
- Manage user groups
- Manage user group memberships
Chapter 3: Defining Application Integration
Demonstrate integration and troubleshooting of PingOne applications
Lesson 1: Describing the Supported Federation Protocols
Understand the various identity federation protocols used within PingOne:
- Understand federation protocols
- Add an application from the catalog
- Understand SAML2
- Add a custom SAML2 application
- Understand OAuth2
- Understand OIDC
- Add a custom OIDC application
- Administer the Application Portal
Lesson 2: Troubleshooting Common PingOne Issues
Describe common issues that occur in PingOne, troubleshooting steps, and best practices:
- Describe authentication failures
- Define SSO failures
- Describe attribute mapping errors
- Determine certificate issues
- Define group membership issues
- Describe application integration issues
- Define gateway access issues
- Describe best practices
Chapter 4: Configuring Access Control
Demonstrate how to use access control policies within PingOne.
Lesson 1: Managing Authentication Policies
Describe how to create and manage authentication policies in PingOne:
- Describe authentication policies
- Create an authentication policy
Lesson 2: Managing Password Policies
Describe how to manage password policies in PingOne:
- Define password policies
- Edit a password policy
Lesson 3: Using Additional Authentication Methods
Describe how to create and manage authentication methods used in PingOne policies:
- Describe MFA and FIDO policies
- Create an MFA policy
- Create a FIDO policy
Chapter 5: Managing the Identity Lifecycle
Describe how to manage the process of establishing a person’s identity and then using this identity in later transactions within PingOne.
Lesson 1: Managing User Onboarding
Discuss the initial stages of the identity lifecycle within PingOne, and describe how new user accounts are created and made ready for access:
- Onboard users
- Create users manually
Lesson 2: Understanding User Provisioning
Explain how PingOne automates the management of user access to applications, building upon the user identities created during onboarding:
- Provision users
Lesson 3: Understanding User Maintenance
Describe how to manage the user maintenance capabilities in PingOne:
- Administer user accounts
- Manage a user account
Lesson 4: Managing User Offboarding
Understand the critical process of user offboarding within PingOne:
- Offboard users
Lesson 5: Monitoring and Reporting
Explain the importance of monitoring and reporting within PingOne:
- Monitor activity and view reports
Chapter 6: Troubleshooting and Best Practices
Demonstrate troubleshooting techniques and best practices within PingOne.
Lesson 1: Managing the Troubleshooting Process
Summarize the troubleshooting process and common techniques within PingOne:
- Introduce the troubleshooting process
- Understand common troubleshooting techniques
Lesson 2: Reviewing Best Practices
Summarize PingOne administration best practices:
- Maintain a healthy PingOne environment