Unlock your full potential in IAM
This is Identitrain
Master Identity and Access Management with world-class training designed by experts who live it every day.
Led by practitioners, not theorists, our training gives you the skills to design, implement, and secure identity solutions that protect what matters most.
Choose Your Path to IAM Mastery
Whether you’re starting your IAM journey or advancing toward certification, our structured
learning paths guide you every step of the way. Select from Identity Management, Access Management,
Governance, or Best Practices tracks designed to match your role and goals.
Built for Every IAM Professional
From architects and developers to project managers and business leaders, Identitrain delivers
training that fits your role. Whether you’re designing IAM strategies, building integrations, or
leading transformation projects, we’ve got a path for you.
Training Designed by Practitioners, Proven in the Field
Our instructors bring years of real-world IAM experience into the classroom. We blend
vendor-agnostic fundamentals with deep expertise in leading platforms like Ping, SailPoint, Okta, and
beyond. Every course is modular, lab-focused, and designed to give you actionable skills you can
immediately put to use!
Join a Growing Community of IAM Experts
Training doesn’t end with the last session. Graduates join our global practitioner network,
gaining access to peer discussions, expert webinars, alumni resources, and exclusive discounts.
Learn, connect, and grow alongside IAM professionals worldwide.
Upcoming
Courses
SDK-541-BVP Rev B
Developing Applications Using SDKs
This course is for students who want to learn how to use the SDKs to speed up the integration of JavaScript, Android, and iOS applications, within an access management solution. The course presents key use cases and features of the SDKs.
Note: Revision B of this course is based on version 7 of the Ping Identity Platform (Identity Platform), formerly known as ForgeRock® Identity Platform, and SDK 3.
Upon completion of this course, you should be able to:
- Introduce the SDKs, describe how they fit into the Identity Platform, and how they interact with PingAM, formerly known as ForgeRock® Access Management
- Present the centralized login flow, implement centralized login authentication, and observe device single sign-on (SSO)
- Present the Embedded Login flow and execute authentication, registration, and self-service journey
- Increase the security of your application and enhance the user experience with social authentication, passwordless biometric authentication, device profile and location collection and analysis, and multi-factor authentication (MFA) with one-time passwords (OTPs) and push authentication
The following are the prerequisites for successfully completing this course:
- Basic knowledge and skills using the Linux and Windows operating systems to complete labs
- Basic knowledge of HTTP and communications between clients and servers is critical to understanding the interaction between the SDKs and AM
- Basic knowledge of JSON, JavaScript, REST, and Java
- Good knowledge of either JavaScript, Android, or iOS application development
- Attendance on the PingAM Deep Dive (AM-410) course or equivalent knowledge
Chapter 1: Introducing the SDKs
Introduce the SDKs, describe how they fit into the Identity Platform, and how they interact with AM.
Lesson 1: The SDKs and Common Use Cases
Introduce the SDKs and common use cases:
Introduce the SDKs and common use cases:
- Describe the SDKs
- Explore the role of the SDKs through common use cases
- Technical overview of the SDKs
- Using SDK components
- Interaction between the SDKs and AM
Lesson 2: Mobile Development Environment and Project Quickstart for Android and iOS
Learn how to set up a development environment:
Learn how to set up a development environment:
- Preparing the server
- iOS Environment and Project Setup
- Android Environment and Project Setup
- JavaScript Environment and Project Setup
- Preface to the exercises
- Set up an iOS development environment
- Set up an Android development environment
- Set up a JavaScript development environment
Chapter 2: Authentication with Centralized Login
Present the centralized login flow, implement centralized login authentication, and observe device SSO.
Lesson 1: Authenticate With Centralized Login
- Learn how to use the SDKs with centralized login:
- Understand the login flow choices
- Implement centralized login on mobile
- Implement centralized login in JavaScript
- Authenticate with centralized login on iOS
- Authenticate with centralized login on Android
- Authenticate with centralized login in JavaScript
Lesson 2: (Optional) Observe SSO Between Mobile Apps
Learn how to implement SSO between mobile apps with centralized login:
Learn how to implement SSO between mobile apps with centralized login:
- SSO between mobile apps with centralized login
Chapter 3: Working with Embedded Login
Present the Embedded Login flow and execute authentication, registration, and self-service journeys
Lesson 1: Authenticate with Embedded Login
Learn how to use the SDKs with Embedded Login to authenticate:
Learn how to use the SDKs with Embedded Login to authenticate:
- Understand the APIs for Embedded Login
- Authenticate with embedded login on iOS
- Authenticate with embedded login on Android
- Authenticate with embedded login in JavaScript
Lesson 2: Follow Authentication Journeys
Learn how to follow authentication journeys:
Learn how to follow authentication journeys:
- Respond to Callbacks
- Respond to Stages
- Respond to stages on iOS
- Respond to stages on Android
- Respond to stages in JavaScript
- (Optional) Transactional authorization
Lesson 3: Registration and Self-Service Journeys
Learn how to follow registration and self-service journeys:
Learn how to follow registration and self-service journeys:
- Respond to registration or self-service journeys
- Implement self-service registration on iOS
- Implement self-service registration on Android
- Implement self-service registration in JavaScript
- Call other journeys / Intercept REST calls
- Implement self-service password change on iOS
- Implement self-service password change on Android
- Implement self-service password change in JavaScript
Lesson 4: Send and Process Verification Emails
Learn how to suspend journey processing and resume after the user followed the resume link sent in email:
- Suspend the journey and await the user following the resume link
- Suspend and resume authentication on iOS
- Suspend and resume authentication on Android
- Suspend and resume authentication in JavaScript
Chapter 4: Increasing Security and Enhancing User Experience
Increase the security of your application and enhance the user experience with social authentication, passwordless biometric authentication, device profile and location collection and analysis, and MFA with OTPs and push authentication.
Lesson 1: Authenticate with Social Login
Learn how to implement social authentication:
Learn how to implement social authentication:
- Implement social login
- Login with Google on iOS
- Login with Google on Android
- Login with Google in JavaScript
Lesson 2: Authenticate with WebAuthn and Biometrics
Learn how to implement biometric authentication on mobile:
Learn how to implement biometric authentication on mobile:
- Review WebAuthn concepts
- Implement biometric authentication on mobile
- Implement WebAuthn on iOS
- Implement WebAuthn on Android
- Implement web biometric authentication
- Implement WebAuthn in JavaScript
Lesson 3: Collect and Validate Device Profiles and Geolocation
Learn how to collect device profile data and geolocation for validation:
Learn how to collect device profile data and geolocation for validation:
- Configure a user journey to verify and save device profile data
- Device profile processing in the SDKs
- Collect device profile data on iOS
- Implement device profile collection on iOS
- Collect device profile data on Android
- Implement device profile collection on Android
- Collect device profile data in JavaScript
- Implement device profile collection in JavaScript
- Analyze device context
- Implement location-based security
- Collect location information on iOS, Android or in JavaScript
- Implement device tampering detection
- Customize what data is collected
- Check for device tampering and customize device profile collection on iOS
- Check for device tampering and customize device profile collection on Android
- Customize device profile collection in JavaScript
Lesson 4: MFA with Push and OATH on Mobile
Learn how to provide MFA with Push Authentication and Soft Token:
Learn how to provide MFA with Push Authentication and Soft Token:
- Integrate the ForgeRock Authenticator Module in a mobile app
- Examine using the Authenticator Module on iOS
- Examine using the Authenticator Module on Android
P1-400-BVP Rev A.1
PingOne Administration
This course gives learners the tools to get started with PingOne administration. It covers initial setup tasks, including creating and managing PingOne environments, application integration, and customization. This course also provides information on most common administration tasks, including user and group management, managing access policies, best practices, and troubleshooting of common issues.
Upon completion of this course, you should be able to:
- Summarize PingOne capabilities and key features, describe PingOne support resources, and create a new PingOne environment
- Demonstrate administration of PingOne user populations, user roles, attributes, and groups
- Demonstrate integration and troubleshooting of PingOne applications
- Demonstrate how to use access control policies within PingOne
- Describe how to manage the process of establishing a person’s identity and then using this identity in later transactions within PingOne
- Demonstrate troubleshooting techniques and best practices within PingOne
The following are the prerequisites for successfully completing this course:
- Completion of the following courses available at: https://backstage.forgerock.com/university/ping/on-demand/category/PING
- PingOne Fundamentals
- Introduction to PingOne MFA
- Getting Started With PingOne MFA
- Getting Started With PingOne SSO
- (Optional) Introduction to PingOne DaVinci
Chapter 1: Introducing PingOne
Summarize PingOne capabilities and key features, describe PingOne support resources, and create a new PingOne environment.
Lesson 1: Providing an Overview of PingOne
Summarize PingOne capabilities and key features:
- Describe PingOne as a cloud-based IDaaS solution
- Describe PingOne environment solutions
- Create a new environment
Lesson 2: Introducing Ping Identity Support Resources
Describe PingOne support resources:
- Locate Ping Identity support resources
Chapter 2: Managing Users
Demonstrate administration of PingOne user populations, user roles, attributes, and groups.
Lesson 1: Managing Users and Populations
Describe how to manage users in PingOne, including how to create populations and add individual users:
- Review default users
- Edit default users
- Create populations
- Create a new population
- Create new users
- Create a new user
Lesson 2: Managing User Roles, Attributes, and Groups
Create a new population and new users:
- Manage administrator roles
- Assign roles to administrators
- Understand user attributes
- Manage user attributes
- Manage user groups
- Manage user group memberships
Chapter 3: Defining Application Integration
Demonstrate integration and troubleshooting of PingOne applications
Lesson 1: Describing the Supported Federation Protocols
Understand the various identity federation protocols used within PingOne:
- Understand federation protocols
- Add an application from the catalog
- Understand SAML2
- Add a custom SAML2 application
- Understand OAuth2
- Understand OIDC
- Add a custom OIDC application
- Administer the Application Portal
Lesson 2: Troubleshooting Common PingOne Issues
Describe common issues that occur in PingOne, troubleshooting steps, and best practices:
- Describe authentication failures
- Define SSO failures
- Describe attribute mapping errors
- Determine certificate issues
- Define group membership issues
- Describe application integration issues
- Define gateway access issues
- Describe best practices
Chapter 4: Configuring Access Control
Demonstrate how to use access control policies within PingOne.
Lesson 1: Managing Authentication Policies
Describe how to create and manage authentication policies in PingOne:
- Describe authentication policies
- Create an authentication policy
Lesson 2: Managing Password Policies
Describe how to manage password policies in PingOne:
- Define password policies
- Edit a password policy
Lesson 3: Using Additional Authentication Methods
Describe how to create and manage authentication methods used in PingOne policies:
- Describe MFA and FIDO policies
- Create an MFA policy
- Create a FIDO policy
Chapter 5: Managing the Identity Lifecycle
Describe how to manage the process of establishing a person’s identity and then using this identity in later transactions within PingOne.
Lesson 1: Managing User Onboarding
Discuss the initial stages of the identity lifecycle within PingOne, and describe how new user accounts are created and made ready for access:
- Onboard users
- Create users manually
Lesson 2: Understanding User Provisioning
Explain how PingOne automates the management of user access to applications, building upon the user identities created during onboarding:
- Provision users
Lesson 3: Understanding User Maintenance
Describe how to manage the user maintenance capabilities in PingOne:
- Administer user accounts
- Manage a user account
Lesson 4: Managing User Offboarding
Understand the critical process of user offboarding within PingOne:
- Offboard users
Lesson 5: Monitoring and Reporting
Explain the importance of monitoring and reporting within PingOne:
- Monitor activity and view reports
Chapter 6: Troubleshooting and Best Practices
Demonstrate troubleshooting techniques and best practices within PingOne.
Lesson 1: Managing the Troubleshooting Process
Summarize the troubleshooting process and common techniques within PingOne:
- Introduce the troubleshooting process
- Understand common troubleshooting techniques
Lesson 2: Reviewing Best Practices
Summarize PingOne administration best practices:
- Maintain a healthy PingOne environment
AIC-330-BVP Rev A
Getting Started With PingOne Advanced Identity Cloud for Administrators
This course shows students how to administer PingOne Advanced Identity Cloud (Advanced Identity Cloud), formerly known as ForgeRock® Identity Cloud. This is achieved through the various online resources available to them, to a fully functional hands-on development environment, where they learn how to administer Advanced Identity Cloud in a training environment. Students are provided with a live Advanced Identity Cloud environment, where they learn the concepts and tasks necessary to successfully manage identities, applications, user journeys, and tenant configuration in their own Advanced Identity Cloud.
Upon completion of this course, you should be able to:
- Describe how to access an Advanced Identity Cloud tenant as an administrator and understand UI integration options
- Manage identities with the Advanced Identity Cloud admin UI and implement delegated administration to manage organizations and reset user passwords
- Manage journeys, email templates used in journeys, and authentication sessions as an Advanced Identity Cloud administrator
- Understand the use of Applications, synchronize identities between Advanced Identity Cloud and external applications, and explore how Identity Gateway can protect web applications when it is integrated with Advanced Identity Cloud
- Manage the configuration, monitor tenant activities, and perform common administration tasks for Advanced Identity Cloud tenants
The following are the prerequisites for successfully completing this course:
- Completion of the Product Essentials courses available at: https://backstage.forgerock.com/university/cloud-learning
- Introduction to PingAM
- PingIDM Essentials
- PingGateway Essentials
- Introduction to PingDS
Chapter 1: Accessing Advanced Identity Cloud
Describe how to access an Advanced Identity Cloud tenant as an administrator and understand UI integration options.
Lesson 1: Managing Administrators
Invite additional administrators using the Advanced Identity Cloud admin UI, which is an administrative interface to manage your tenant settings:
Invite additional administrators using the Advanced Identity Cloud admin UI, which is an administrative interface to manage your tenant settings:
- Introduce the Advanced Identity Cloud admin UI
- Manage administrators
- Invite an administrator
Lesson 2: Introducing UI Integration
Understand UI integration options:
Understand UI integration options:
- Explain UI integration options
- Configure themes for the Alpha and Bravo realms
Chapter 2: Administering Identities
Manage identities with the Advanced Identity Cloud admin UI and implement delegated administration to manage organizations and reset user passwords.
Lesson 1: Managing Identities
Manage user identities:
Manage user identities:
- Introduce managed objects
- Manage a user profile
Lesson 2: Adding Identities With Bulk Import
Bulk import user identities from a CSV file to add test users to your tenant:
Bulk import user identities from a CSV file to add test users to your tenant:
- Describe bulk import
- Import test users
Lesson 3: Managing Organizations
Explain how an organization hierarchical structure can be used to model a brand hierarchy to control access to business applications:
Explain how an organization hierarchical structure can be used to model a brand hierarchy to control access to business applications:
- Describe roles and privileges within an organization
- Implement delegated administration for an organization model
Lesson 4: Delegating User Management
Explain how to delegate administration privileges to managed users:
Explain how to delegate administration privileges to managed users:
- Delegate administration privileges
- Delegate password reset
Chapter 3: Managing User Journeys
Manage journeys, email templates used in journeys, and authentication sessions as an Advanced Identity Cloud administrator.
Lesson 1: Managing Journeys
Understand how journeys are used with Advanced Identity Cloud and how to import, export, and debug journeys:
Understand how journeys are used with Advanced Identity Cloud and how to import, export, and debug journeys:
- Introduce journeys
- Modify journeys
- Describe how to export and import journeys
- Export and import journeys
- Describe how to debug a journey
- Enable debug mode on a user journey
Lesson 2: Managing Server-Side Sessions
Understand how authentication sessions are used with Advanced Identity Cloud and how to invalidate server-side sessions:
Understand how authentication sessions are used with Advanced Identity Cloud and how to invalidate server-side sessions:
- Describe server-side sessions
- Invalidate server-side sessions
Lesson 3: Configuring Email Templates
Understand the use of email templates in a journey flow:
Understand the use of email templates in a journey flow:
- Explore email templates and nodes
- Configure email templates
- Use email templates in user journeys
Chapter 4: Integrating With Advanced Identity Cloud
Understand the use of Applications, synchronize identities between Advanced Identity Cloud and external applications, and explore how PingGateway can protect web applications when it is integrated with Advanced Identity Cloud.
Lesson 1: Defining Applications
Describe the role of an application in Advanced Identity Cloud:
Describe the role of an application in Advanced Identity Cloud:
- Introduce applications
- Register a Bookmark app
Lesson 2: Synchronizing Identities
Connect to external resources using a Remote Connector Server (RCS), and synchronize identities between Advanced Identity Cloud and on-prem resources:
Connect to external resources using a Remote Connector Server (RCS), and synchronize identities between Advanced Identity Cloud and on-prem resources:
- Explain how to connect to external resources
- Configure an RCS cluster
- Configure debug logging
- Add an authoritative application
- Explain synchronization
- Create inbound mappings and run reconciliation
- Synchronize passwords
- Create a target Application with outbound mappings
Lesson 3: Protecting Web Resources
Demonstrate how PingGateway can protect a web application when it is integrated with Advanced Identity Cloud:
Demonstrate how PingGateway can protect a web application when it is integrated with Advanced Identity Cloud:
- Introduce PingGateway
- Integrate PingGateway with Advanced Identity Cloud
- Integrate the PingGateway sample application with Advanced Identity Cloud
Chapter 5: Administering Your Tenant
Manage the configuration, monitor tenant activities, and perform common administration tasks for Advanced Identity Cloud tenants.
Lesson 1: Managing the Configuration
Explain how to create service accounts to use the REST API endpoints, create a baseline configuration repository for developers, manage ESVs, and understand the promotion process:
Explain how to create service accounts to use the REST API endpoints, create a baseline configuration repository for developers, manage ESVs, and understand the promotion process:
- Introduce Service Accounts
- Create and manage a service account
- Introduce the Advanced Identity Cloud REST API
- Display Advanced Identity Cloud identities using the REST API
- Introduce configuration management
- Create a baseline configuration repository
- Describe how to manage ESVs
- Create and call ESV variables
- Promote your configuration
Lesson 2: Monitoring Tenant Activities
Explore and retrieve log data using the REST API and the Frodo CLI, monitor tenant activities, and visualize monitoring metrics using Prometheus and Grafana:
Explore and retrieve log data using the REST API and the Frodo CLI, monitor tenant activities, and visualize monitoring metrics using Prometheus and Grafana:
- Explore Logs
- Retrieve log data using the REST API
- Retrieve log data using the Frodo CLI
- Monitor your tenant
- Monitor tenant health and visualize monitoring metrics
- Explore the Advanced Identity Cloud analytics dashboard
Lesson 3: Managing Password Policies
Explain how an Advanced Identity Cloud administrator manages realm password policies:
Explain how an Advanced Identity Cloud administrator manages realm password policies:
- Manage realm password policies
- Configure password policies
Lesson 4: Additional Administration Tasks
Understand additional tasks that an Advanced Identity Cloud administrator should be aware of:
Understand additional tasks that an Advanced Identity Cloud administrator should be aware of:
- Introduce outbound static IP addresses
- View outbound static IP addresses
- Manage tenant certificates
- Add a custom domain name
PFAA-400-BVP Rev A
PingFederate Advanced Administration
This course steps the learner through various advanced PingFederate administration topics, such as configuring memory options for PingFederate, logging to a database server, configuring certificate revocation checking and certificate rotation, configuring self-service features of the HTML Form Adapter, identity provider (IdP) to service provider (SP) bridging, clustering with dynamic discovery, and more.
The following are the prerequisites for successfully completing this course:
- Completion of the PingFederate Administration course, or
- Equivalent experience with PingFederate
Day 1: Course Introduction
- Server Administration
- Configuring JVM memory options
- Configuring virtual host names
- Certificate based console administration
- Lab 1: Configuring OIDC-based console single sign-on (SSO)
PingFederate logging
- Customizing audit logs
- The log4j2.xml file
- Logging to an external database
- Lab 2: Logging with PingFederate
- Certificates
- Certificate revocation checking
- Certificate rotation
Day 2:
- HTML Form Adapter Self-Service Features
- Password spray and account lockout prevention
- Self-service password change
- Self-service password reset
- Self-service username recovery
- Lab 3: HTML Form Adapter self-service options
- HTML Form Adapter Self-Registration
- Customer IAM with local identity profiles
- Self-registration with local identity profiles
- Self-registration using third-party IdPs
- Lab 4: HTML Form Adapter customer registration
- Advanced Attribute Mapping
- Using multiple datastores
- Using REST API as a datastore
- Extended properties
- PingDirectory virtual attributes
- SSO Connections
- Customizing SSO URLs
- SP target URL mapping
- IdP-to-SP bridging
- Session management
- Lab 5: SSO connections
Day 3:
- Federation Hub
- Bridging an IdP to an SP
- Bridging an IdP to multiple SPs
- Bridging multiple IdPs to an SP
- Bridging multiple IdPs to multiple SPs
- OAuth2 and OIDC
- Dynamic client registration
- Using directories for persistent grant storage
- Creating and managing OIDC profiles
- Lab 6: Configuring OIDC profiles
- Clustering
- Cluster protocol architecture
- Runtime state management architecture
- Adaptive clustering
- Directed clustering
- Dynamic discovery
- Cluster replication
- Lab 7: Clustering
- Troubleshooting
- SSO issues
- OAuth2 issues
- Certificate issues
AIC-330-BVP Rev A
Getting Started With PingOne Advanced Identity Cloud for Administrators
This course shows students how to administer PingOne Advanced Identity Cloud (Advanced Identity Cloud), formerly known as ForgeRock® Identity Cloud. This is achieved through the various online resources available to them, to a fully functional hands-on development environment, where they learn how to administer Advanced Identity Cloud in a training environment. Students are provided with a live Advanced Identity Cloud environment, where they learn the concepts and tasks necessary to successfully manage identities, applications, user journeys, and tenant configuration in their own Advanced Identity Cloud.
Upon completion of this course, you should be able to:
- Describe how to access an Advanced Identity Cloud tenant as an administrator and understand UI integration options
- Manage identities with the Advanced Identity Cloud admin UI and implement delegated administration to manage organizations and reset user passwords
- Manage journeys, email templates used in journeys, and authentication sessions as an Advanced Identity Cloud administrator
- Understand the use of Applications, synchronize identities between Advanced Identity Cloud and external applications, and explore how Identity Gateway can protect web applications when it is integrated with Advanced Identity Cloud
- Manage the configuration, monitor tenant activities, and perform common administration tasks for Advanced Identity Cloud tenants
The following are the prerequisites for successfully completing this course:
- Completion of the Product Essentials courses available at: https://backstage.forgerock.com/university/cloud-learning
- Introduction to PingAM
- PingIDM Essentials
- PingGateway Essentials
- Introduction to PingDS
Chapter 1: Accessing Advanced Identity Cloud
Describe how to access an Advanced Identity Cloud tenant as an administrator and understand UI integration options.
Lesson 1: Managing Administrators
Invite additional administrators using the Advanced Identity Cloud admin UI, which is an administrative interface to manage your tenant settings:
Invite additional administrators using the Advanced Identity Cloud admin UI, which is an administrative interface to manage your tenant settings:
- Introduce the Advanced Identity Cloud admin UI
- Manage administrators
- Invite an administrator
Lesson 2: Introducing UI Integration
Understand UI integration options:
Understand UI integration options:
- Explain UI integration options
- Configure themes for the Alpha and Bravo realms
Chapter 2: Administering Identities
Manage identities with the Advanced Identity Cloud admin UI and implement delegated administration to manage organizations and reset user passwords.
Lesson 1: Managing Identities
Manage user identities:
Manage user identities:
- Introduce managed objects
- Manage a user profile
Lesson 2: Adding Identities With Bulk Import
Bulk import user identities from a CSV file to add test users to your tenant:
Bulk import user identities from a CSV file to add test users to your tenant:
- Describe bulk import
- Import test users
Lesson 3: Managing Organizations
Explain how an organization hierarchical structure can be used to model a brand hierarchy to control access to business applications:
Explain how an organization hierarchical structure can be used to model a brand hierarchy to control access to business applications:
- Describe roles and privileges within an organization
- Implement delegated administration for an organization model
Lesson 4: Delegating User Management
Explain how to delegate administration privileges to managed users:
Explain how to delegate administration privileges to managed users:
- Delegate administration privileges
- Delegate password reset
Chapter 3: Managing User Journeys
Manage journeys, email templates used in journeys, and authentication sessions as an Advanced Identity Cloud administrator.
Lesson 1: Managing Journeys
Understand how journeys are used with Advanced Identity Cloud and how to import, export, and debug journeys:
Understand how journeys are used with Advanced Identity Cloud and how to import, export, and debug journeys:
- Introduce journeys
- Modify journeys
- Describe how to export and import journeys
- Export and import journeys
- Describe how to debug a journey
- Enable debug mode on a user journey
Lesson 2: Managing Server-Side Sessions
Understand how authentication sessions are used with Advanced Identity Cloud and how to invalidate server-side sessions:
Understand how authentication sessions are used with Advanced Identity Cloud and how to invalidate server-side sessions:
- Describe server-side sessions
- Invalidate server-side sessions
Lesson 3: Configuring Email Templates
Understand the use of email templates in a journey flow:
Understand the use of email templates in a journey flow:
- Explore email templates and nodes
- Configure email templates
- Use email templates in user journeys
Chapter 4: Integrating With Advanced Identity Cloud
Understand the use of Applications, synchronize identities between Advanced Identity Cloud and external applications, and explore how PingGateway can protect web applications when it is integrated with Advanced Identity Cloud.
Lesson 1: Defining Applications
Describe the role of an application in Advanced Identity Cloud:
Describe the role of an application in Advanced Identity Cloud:
- Introduce applications
- Register a Bookmark app
Lesson 2: Synchronizing Identities
Connect to external resources using a Remote Connector Server (RCS), and synchronize identities between Advanced Identity Cloud and on-prem resources:
Connect to external resources using a Remote Connector Server (RCS), and synchronize identities between Advanced Identity Cloud and on-prem resources:
- Explain how to connect to external resources
- Configure an RCS cluster
- Configure debug logging
- Add an authoritative application
- Explain synchronization
- Create inbound mappings and run reconciliation
- Synchronize passwords
- Create a target Application with outbound mappings
Lesson 3: Protecting Web Resources
Demonstrate how PingGateway can protect a web application when it is integrated with Advanced Identity Cloud:
Demonstrate how PingGateway can protect a web application when it is integrated with Advanced Identity Cloud:
- Introduce PingGateway
- Integrate PingGateway with Advanced Identity Cloud
- Integrate the PingGateway sample application with Advanced Identity Cloud
Chapter 5: Administering Your Tenant
Manage the configuration, monitor tenant activities, and perform common administration tasks for Advanced Identity Cloud tenants.
Lesson 1: Managing the Configuration
Explain how to create service accounts to use the REST API endpoints, create a baseline configuration repository for developers, manage ESVs, and understand the promotion process:
Explain how to create service accounts to use the REST API endpoints, create a baseline configuration repository for developers, manage ESVs, and understand the promotion process:
- Introduce Service Accounts
- Create and manage a service account
- Introduce the Advanced Identity Cloud REST API
- Display Advanced Identity Cloud identities using the REST API
- Introduce configuration management
- Create a baseline configuration repository
- Describe how to manage ESVs
- Create and call ESV variables
- Promote your configuration
Lesson 2: Monitoring Tenant Activities
Explore and retrieve log data using the REST API and the Frodo CLI, monitor tenant activities, and visualize monitoring metrics using Prometheus and Grafana:
Explore and retrieve log data using the REST API and the Frodo CLI, monitor tenant activities, and visualize monitoring metrics using Prometheus and Grafana:
- Explore Logs
- Retrieve log data using the REST API
- Retrieve log data using the Frodo CLI
- Monitor your tenant
- Monitor tenant health and visualize monitoring metrics
- Explore the Advanced Identity Cloud analytics dashboard
Lesson 3: Managing Password Policies
Explain how an Advanced Identity Cloud administrator manages realm password policies:
Explain how an Advanced Identity Cloud administrator manages realm password policies:
- Manage realm password policies
- Configure password policies
Lesson 4: Additional Administration Tasks
Understand additional tasks that an Advanced Identity Cloud administrator should be aware of:
Understand additional tasks that an Advanced Identity Cloud administrator should be aware of:
- Introduce outbound static IP addresses
- View outbound static IP addresses
- Manage tenant certificates
- Add a custom domain name
PA-400 BVP Rev A
PingAccess Administration
This course provides the information you need to set up and configure PingAccess as a policy server to protect both web applications and APIs. After completing this course, you will know how to configure PingAccess in both a gateway and agent model, and configure different types of policies that PingAccess offers.
Upon completion of this course, you should be able to:
- Discover how to configure PingAccess as a reverse proxy, and connect PingAccess to a token provider (PingFederate)
- Configure PingAccess as a Reverse Proxy
- Configure policies in PingAccess to further bolster administration capabilities
The following are the prerequisites for successfully completing this course:
- Completion of the following courses:https://backstage.pingidentity.com/university/on-demand/category/PING
- Introduction to PingAccess
- Getting Started With PingAccess
- Introduction to PingFederate
- Getting Started With PingFederate
Chapter 1: Configuring and Connecting PingAccess
Discover how to configure PingAccess as a reverse proxy, and connect PingAccess to a token provider (PingFederate).
Lesson 1: Configuring PingAccess as a Reverse Proxy (Gateway Model)
Describe how to configure PingAccess as a reverse proxy (gateway model):
- Introduce the gateway model
- Enable PingAccess as a reverse proxy
- Configure PingAccess resources and rewrite rules
Lesson 2: Connecting PingAccess to a Token Provider (PingFederate)
Describe the responsibilities of token providers and how to configure PingAccess to use PingFederate as a token provider:
- Introduce token providers
- Configure OAuth2 in PingFederate
- Configure PingAccess using the gateway model
Chapter 2: Configuring PingAccess Applications, Agents, and Sites
Configure PingAccess as a Reverse Proxy.
Lesson 1: Protecting Web Apps
Describe how to protect web apps by configuring them with PingAccess and OpenID Connect (OIDC):
- Define the OIDC protocol
- Introduce web sessions
- Create a web session using OIDC claims
Lesson 2: Working With Sites
Create identity mappings and advanced web session:
- Create identity mappings and advanced web sessions
Lesson 3: Working With Rules and Policies
Describe how to work with rules and policies within PingAccess:
- Describe the rules and policies process
- Create web access rules
- Create API access control rules
Chapter 3: Configuring Policies and Administration
Configure policies in PingAccess to further bolster administration capabilities.
Lesson 1: Maintaining PingAccess Discuss how to maintain PingAccess through resources, audit logs, and redirection:
- Dive deeper into resources
- Examine audit logs
- Manage redirection
Lesson 2: Configuring PingAccess as a Policy Server (Agent Model)
Configure PIngAccess to be a policy server by implementing the agent model:
- Introduce the agent model
Lesson 3: Optimizing and Configuring PingAccess
Optimize PingAccess through configuration, single sign-on (SSO), and the admin API:
- Implement improvements
- Enable PingAccess administrator SSO
- Use the PingAccess administrative API
- Increase the JVM Heap Size
Lesson 4: Creating PingAccess Clusters
Create PingAccess clusters to increase resilience and simplify procedures:
- Deploy clustersConfigure simple clusters in PingAccess (Optional)