Unlock your full potential in IAM
This is Identitrain
Master Identity and Access Management with world-class training designed by experts who live it every day.
Led by practitioners, not theorists, our training gives you the skills to design, implement, and secure identity solutions that protect what matters most.
Choose Your Path to IAM Mastery
Built for Every IAM Professional
Training Designed by Practitioners, Proven in the Field
Join a Growing Community of IAM Experts
Upcoming
Courses
PingAM Deep Dive
The aim of this course is to showcase the key features and capabilities of the versatile and powerful PingAM (AM), formerly known as ForgeRock® Access Management. It provides the student with the knowledge and confidence to manage their own environment. It is accepted that this course is not able to demonstrate all the features and capabilities of AM. Further information and guidance can be found in the documentation and knowledge base in the online repositories at: Backstage https://backstage.forgerock.com.
Note: This course revision is based on version 7 of AM.
Upon completion of this course, you should be able to:
- Start with an unprotected website and end up with a fully functional access management solution where every user trying to access the website is redirected to AM for authentication
- Improve access management security in AM with multi-factor authentication (MFA), context-based risk analysis, and continuous risk checking
- Implement OAuth 2.0 (OAuth2) based protocols; namely, OAuth2 and OpenID Connect 1.0 (OIDC), to enable low-level devices and mobile applications to make requests that access resources belonging to a subscriber. AM can be configured to function as an OIDC client and delegate authentication to social media OIDC providers
- Demonstrate federation across entities using SAML v2.0 (SAML2) with AM
- Install a new AM instance configured with external directory server data stores as the foundation for an AM cluster
The following are the prerequisites for successfully completing this course:
- Completion of the PingAM Essentials course available at: https://backstage.forgerock.com/university/forgerock/on-demand/path/TGVhcm5pbmdQYXRoOjI%3D/chapter/Q291cnNlOjE1NzIy
- Knowledge of UNIX/Linux commands
- An understanding of HTTP and web applications
- A basic understanding of how directory servers function
- A basic understanding of REST
- A basic knowledge of Java based environments would be beneficial, but no programming experience is required
Explore the AM admin UI, view the role of cookies used during and after authentication, and describe authentication trees and nodes:
- Introduce AM authentication
- Understand realms
- Describe authentication life cycle
- Explain sessions
- Examine session cookies
- Access the lab environment
- Examine an initial AM installation
- Configure a realm and examine AM default authentication
- Experiment with session cookies
- Describe the authentication mechanisms of AM
- Create and manage trees
- Explore tree nodes
- Create a login tree
- Test the login tree
Show how PingGateway, formerly known as ForgeRock® Identity Gateway, integrated with AM, can protect a website:
- Present AM edge clients
- Describe PingGateway functionality as an edge client
- Review the FEC website protected by PingGateway
- Integrate the FEC website with AM
- Observe the PingGateway token cookie
- (Optional) Review PingGateway configuration
- Authenticate identities with AM
- Create an authentication tree with an LDAP Decision node
- Integrate identities in AM with an identity store
- Integrate an identity store with AM
Create security policies to control which users can access specific areas of the website:
- Describe entitlements with AM authorization
- Define AM policy components
- Define policy environment conditions and response attributes
- Describe the process of policy evaluation
- Implement access control on a website
Increase authentication security using MFA:
- Describe MFA
- Register a device
- Include recovery codes
- Examine OATH authentication
- Implement time-based one-time password (TOTP) authentication
- (Optional) Implement HMAC-based one-time password (HOTP) authentication
- Examine Push notification authentication
- (Optional) Implement Push notification authentication
- Implement passwordless WebAuthn
- (Optional) Implement passwordless WebAuthn
- Examine HOTP authentication using email or SMS
- (Optional) Implement HOTP authentication using email or SMS
Describe how AM can take into account the context of an authentication request in order to make access decisions:
- Introduce context-based risk analysis
- Describe device profile nodes
- Determine the risk based on the context
- Implement a browser context change script
- Lock and unlock accounts
- Implement account lockout
Review the AM tools used to check the risk level of requests continuously:
- Introduce continuous contextual authorization
- Describe step-up authentication
- Implement step-up authentication flow
- Describe transactional authorization
- Implement transactional authorization
- Prevent users from bypassing the default tree
Integrate clients using OAuth2 by demonstrating the use of the OAuth2 Device Code grant type flow with AM configured as the OAuth2 authorization server (AS):
- Discuss OAuth2 concepts
- Describe OAuth2 tokens and codes
- Describe refresh tokens, macaroons, and token modification
- Request OAuth2 access tokens with OAuth2 grant types
- Explain OAuth2 scopes and consent
- Configure OAuth2 in AM
- Configure AM as an OAuth2 provider
- Configure AM with an OAuth2 client
- Test the OAuth2 Device Code grant type flow
Integrate an application using OIDC and the Authorization grant type flow with AM as an OIDC provider:
- Introduce OIDC
- Describe OIDC tokens
- Explain OIDC scopes and claims
- List OIDC grant types
- Create and use an OIDC script
- Create an OIDC claims script
- Register an OIDC client and configure the OAuth2 Provider settings
- Test the OIDC Authorization Code grant type flow
Authenticate OAuth2 clients with AM using various approaches and obtain certificate-bound access tokens using mutual TLS (mTLS) to provide token proof-of-possession (PoP):
- Examine OAuth2 client authentication
- Examine OAuth2 client authentication using JWT profiles
- Examine OAuth2 client authentication using mTLS
- Authenticate an OAuth2 client using mTLS
- Examine certificate-bound PoP when mTLS is configured
- Obtain a certificate-bound access token
Request and obtain security tokens from an OAuth2 authorization server, including security tokens that employ impersonation and delegation semantics:
- Describe OAuth2 token exchange
- Explain token exchange types and purpose for exchange
- Describe token scopes and claims
- Implement a token exchange impersonation pattern
- Implement a token exchange delegation pattern
- Configure token exchange in AM
- Configure AM for token exchange
- Test token exchange flows
Provide a way for users to register and authenticate to AM using a social account:
- Delegate registration and authentication to social media providers
- Implement social registration and authentication with Google
Demonstrate single sign-on (SSO) functionality across organizational boundaries:
- Discuss SAML2 entities and profiles
- Explain the SAML2 flow from the identity provider (IdP) point of view
- Examine SSO across SPs
- Configure AM as an IdP and integrate with third-party service providers (SPs)
- Examine SSO between an SP and IdP and across SPs
Delegate authentication to a third-party IdP using SAML2 and examine the metadata:
- Explain the SSO flow from the SP point of view
- Describe the metadata content and purpose
- Configure AM as a SAML2 SP and integrate with a third-party IdP
Install AM using interactive and command-line methods creating the foundations for a cluster topology, and upgrade an AM 7.0.1 instance to AM 7.3:
- Plan deployment configurations
- Prepare before installing AM
- Deploy AM
- Outline tasks and methods to install AM
- Install AM with the web wizard
- Install an AM instance with the web wizard
- Install AM and manage configuration with Amster
- Install Amster
- Describe the AM bootstrap process
- Upgrade an AM instance
- Upgrade AM with the web wizard
- (Optional) Upgrade AM with the configuration tool
Explore a few default configuration and security settings that need to be modified before migrating to a production-ready solution:
- Harden AM security
- Adjust default settings
- Harden AM security
- Describe secrets, certificates, and keys
- Describe keystores and secret stores
- Manage the AM keystore, aliases, and passwords
- Configure and manage secret stores
- Configure an HSM secret store to sign OIDC ID tokens
- Describe the monitoring tools
- Describe the audit logging
- Describe debug logging
- Capture troubleshooting information
- Capture troubleshooting information
Create an AM cluster with a second AM instance added to the first AM instance that has already been installed:
- Explore high availability solutions
- Scale AM deployments
- Describe AM cluster concepts
- Create an AM cluster
- Prepare the initial AM cluster
- Install another AM server in the cluster
- Test AM cluster failover scenarios
- (Optional) Modify the cluster to use client-side sessions
Deploy the Identity Platform into a cluster in a Google Kubernetes Environment (GKE):
- Describe the Identity Platform
- Prepare your deployment environment
- Deploy and access the Identity Platform
- Access and authenticate your GCP account
- Prepare to deploy the Identity Platform
- Deploy the Identity Platform with the Cloud Development Kit (CDK)
- Remove the Identity Platform deployment
Certified Professional - PingOne Advanced Identity Cloud Exam Preparation
This course helps prepare students to take the Certified Professional - PingOne Advanced Identity Cloud exam, formerly known as the ForgeRock® Identity Cloud Certified Professional exam. This is accomplished by presenting students with information concerning exam contents, logistics, tips for preparing to take the exam, lab exercises to cover exam contents, and a sample exam that is representative of the exam, itself.
Upon completion of this course, you should be able to:
- Register to take the exam
- Prepare for the exam using recommended study materials
- Take the exam either remotely or at a Pearson Testing Center
The following are the prerequisites for successfully completing this course:
- Successful completion of the AIC-300 Getting Started With PingOne Advanced Identity Cloud for Administrators course
- Thorough understanding of all PingOne Advanced Identity Cloud documentation and Knowledge Base articles on Backstage
- 3-6 months of experience configuring and administering PingOne Identity tenants
- Working knowledge of OAuth 2.0, OpenID Connect and SAML v2.0
Course Contents
- Explain exam metrics and passing scores
- Provide an approach for responding to test questions
- Identify options for registering and taking the exam
- Describe testing center requirements
- Describe requirements for taking the exam online
- Show how to access exam results
- Review the exam details and requirements
- Explain exam topics and study areas
- Present the objectives covered in the exam
- Review important concepts associated with exam objectives
- Review sample questions associated with objectives
- Provide applicable materials for review
- Research topics which will be covered in the exam
- Navigate the PingOne Advanced Identity Cloud admin UI
- Describe PingOne Advanced Identity Cloud configuration settings
- Explain how to perform PingOne Advanced Identity Cloud related tasks
- Configure PingOne Advanced Identity Cloud related services
- Test a student’s knowledge of PingOne Advanced Identity Cloud
- Provide students with a representative exam experience
PingOne Advanced Identity Cloud Identity Governance
This course provides a hands-on technical introduction to PingOne Advanced Identity Cloud Identity Governance (Identity Governance). Further information and guidance can be found in the documentation and knowledge base in the online repositories at: Backstage https://backstage.forgerock.com.
Note: This course is based on PingOne Advanced Identity Cloud (Advanced Identity Cloud) with the Identity Governance functionality added.
Upon completion of this course, you should be able to:
- Discover how to access, manage, and work with Identity Governance capabilities
- Create target applications and configure their mapping with Advanced Identity Cloud, reconcile entitlements from the applications, and provision accounts to the applications
- Create and manage workflows, access requests for resources (entitlements, applications, roles), forms for access requests, and governance glossary items
- Create and start scheduled and event-based certification campaigns to verify user access, and manage compliance by implementing Segregation of Duties (SoD) policies and rules
The following are the prerequisites for successfully completing this course:
- Completion of the Getting Started With PingOne Advanced Identity Cloud for Administrators course.
- Recommended completion of the PingOne Advanced Identity Cloud Administration course.
- Knowledge of basic Windows/PowerShell commands
- An understanding of HTTP and web applications
- A basic understanding of how directory servers function
- A basic understanding of REST
- A familiarity with the Advanced Identity Cloud admin and end-user UIs
Chapter 1: Introducing Identity Governance
Discover how to access, manage, and work Identity Governance capabilities.
Lesson 1: Introducing Identity Governance
Describe Identity Governance and the related capabilities available in Advanced Identity Cloud:
- Describe the purpose of Identity GovernanceIntroduce Identity Governance
- Access Advanced Identity CloudDescribe the course environment and architecture
- Access your CloudShare environment
- Access your Advanced Identity Cloud tenant
- Access and explore your PingOne tenant environment
Lesson 2: Onboarding Applications and Identities
Create applications for onboarding users:
- Explain Identity Governance terminology
- Describe application typesRegister and manage applications
- Connect an application with an identity source
- Configure application provisioning
- Onboard and provision users, roles, and entitlements
- Create a connector server in Advanced Identity Cloud
- Connect the RCS with Advanced Identity Cloud
- Customize the Advanced Identity Cloud user schema
- Register an authoritative application and onboard identities
Chapter 2: Managing Identity Lifecycle and Entitlements
Create target applications and configure their mapping with Advanced Identity Cloud, reconcile entitlements from the applications, and provision accounts to the applications.
Lesson 1: Reconciling Entitlements
Load and manage entitlements from target applications in Advanced Identity Cloud:
- Describe entitlements
- Manage entitlements
- Assign and revoke entitlements to/from users and roles
- Request access for an entitlement
- Reconcile entitlements from Active Directory (AD)
- Reconcile entitlements from PingOne
Lesson 2: Synchronizing Identity Data
Describe synchronization as a foundation of identity lifecycle management in Identity Governance, and provision and manage application accounts:
- Describe the need for synchronization
- Explore synchronization in Identity Governance
- Describe how changes are managed during synchronization
- Provision and manage application accounts
- Provision an account to AD
- Provision an account and entitlement to PingOne
Chapter 3: Creating and Managing Workflows and Access Requests
Create and manage workflows, access requests for resources (entitlements, applications, roles), forms for access requests, and governance glossary items.
Lesson 1: Managing Access Requests for Resources
Create, review, and manage access requests for resources, such as applications, entitlements, and roles:
- Explain access request conceptsAccess request administration
- Request access to resources
- Review and handle access requests
- Request to provision an AD account with entitlements
- Request to provision PingOne accounts with entitlements
- Define a conditional provisioning role
- Define and request a provisioning role
Lesson 2: Managing Glossary Items and Scopes
Create and manage governance glossary items and scopes to manage what can be requested:
- Describe the governance glossary
- Define and populate glossary attribute values
- Use glossary attribute values as filters
- Request access to entities for others
- Create scopes to control what can be requested
- Define glossary items for use in workflows and scopes
- Create access requests for others and add scopes
Lesson 3: Creating Workflows, Request Types, and Forms
Manage workflows, request types, and forms for customizing access requests, and schedule a task scanner job:
- Create and manage workflows
- Build a workflow with nodes
- Create and manage request types
- Create and manage forms for customized user-interaction
- Designing forms in the form editorCreate and manage a task scanner
- Create new workflows and update default workflows
- Create and manage forms to customize user interaction
Chapter 4: Managing Certifications and Compliance
Create and start scheduled and event-based certification campaigns to verify user access, and manage compliance by implementing SoD policies and rules.
Lesson 1: Configuring and Running Certifications
Prepare and perform certification of access to applications:
- Certify access in Identity Governance
- Create certification templates
- Configure the certification templateManage certification templates
- Create certification campaigns
- Perform access reviews
- Certify access based on events
- Configure and initiate entitlement certifications
- Certify entitlements for the certification campaign
- Configure an event that triggers certification
- Configure an event that initiates a workflow
- Manage approvals for triggered events
Lesson 2: Managing Compliance With SoD
Manage compliance and implement SoD policies:
- Describe SoDDefine policy rules
- Configure compliance policies
- Run compliance scans
- Manage violations and exceptions
- Create an SoD rule and policy
- Run a compliance scan
- Make a request that violates compliance
PingOne Administration
This course gives learners the tools to get started with PingOne administration. It covers initial setup tasks, including creating and managing PingOne environments, application integration, and customization. This course also provides information on most common administration tasks, including user and group management, managing access policies, best practices, and troubleshooting of common issues.
Upon completion of this course, you should be able to:
- Summarize PingOne capabilities and key features, describe PingOne support resources, and create a new PingOne environment
- Demonstrate administration of PingOne user populations, user roles, attributes, and groups
- Demonstrate integration and troubleshooting of PingOne applications
- Demonstrate how to use access control policies within PingOne
- Describe how to manage the process of establishing a person’s identity and then using this identity in later transactions within PingOne
- Demonstrate troubleshooting techniques and best practices within PingOne
The following are the prerequisites for successfully completing this course:
- Completion of the following courses available at: https://backstage.forgerock.com/university/ping/on-demand/category/PING
- PingOne Fundamentals
- Introduction to PingOne MFA
- Getting Started With PingOne MFA
- Getting Started With PingOne SSO
- (Optional) Introduction to PingOne DaVinci
- Describe PingOne as a cloud-based IDaaS solution
- Describe PingOne environment solutions
- Create a new environment
- Locate Ping Identity support resources
Lesson 1: Managing Users and Populations
Describe how to manage users in PingOne, including how to create populations and add individual users:
- Review default users
- Edit default users
- Create populations
- Create a new population
- Create new users
- Create a new user
- Manage administrator roles
- Assign roles to administrators
- Understand user attributes
- Manage user attributes
- Manage user groups
- Manage user group memberships
Lesson 1: Describing the Supported Federation Protocols
- Understand federation protocols
- Add an application from the catalog
- Understand SAML2
- Add a custom SAML2 application
- Understand OAuth2
- Understand OIDC
- Add a custom OIDC application
- Administer the Application Portal
- Describe authentication failures
- Define SSO failures
- Describe attribute mapping errors
- Determine certificate issues
- Define group membership issues
- Describe application integration issues
- Define gateway access issues
- Describe best practices
Lesson 1: Managing Authentication Policies
- Describe authentication policies
- Create an authentication policy
- Define password policies
- Edit a password policy
- Describe MFA and FIDO policies
- Create an MFA policy
- Create a FIDO policy
Lesson 1: Managing User Onboarding
- Onboard users
- Create users manually
- Provision users
- Administer user accounts
- Manage a user account
- Offboard users
- Monitor activity and view reports
Chapter 6: Troubleshooting and Best Practices
Demonstrate troubleshooting techniques and best practices within PingOne.
- Introduce the troubleshooting process
- Understand common troubleshooting techniques
- Maintain a healthy PingOne environment
PingGateway Deep Dive
The aim of this course is to showcase the key features and capabilities of the versatile and powerful edge security solution with the PingGateway environment, formerly known as ForgeRock® Identity Gateway. It provides the student with the knowledge and confidence to manage their own environment. It is accepted that this course is not able to demonstrate all the features and capabilities of PingGateway. Further information and guidance can be found in the documentation and knowledge base documents in the online repositories at: Backstage https://backstage.forgerock.com.
Note: Revision A of this course is based on version 7.2 of PingGateway.
Upon completion of this course, you should be able to:
- Integrate and protect web applications, APIs, legacy applications, and microservices with the Ping Identity Platform (Identity Platform), formerly known as ForgeRock® Identity Platform, by using PingGateway
- Add authentication to the ForgeRock Entertainment Company (FEC) solution using PingOne Advanced Identity Cloud (Advanced Identity Cloud), formerly known as ForgeRock® Identity Cloud, or PingAM (AM), formerly known as ForgeRock® Access Management, as the access manager, OpenID Connect (OIDC) provider, and Security Assertion Markup Language (SAML2) identity provider (IdP)
- Demonstrate how to use PingGateway to manage access to a website using Advanced Identity Cloud (or AM) policies and policies with advice
- Protect a REST API with PingGateway and extend PingGateway functionality with scripting
- Highlight various areas that must be taken into account when preparing PingGateway for a production environment. Topics discussed include auditing, monitoring, tuning, security, and deployment
The following are the prerequisites for successfully completing this course:
- Completion of the PingGateway Essentials course available at: https://backstage.forgerock.com/university/forgerock/on-demand/path/TGVhcm5pbmdQYXRoOjQ%3D/chapter/Q291cnNlOjE1NzI2
Chapter 1: Integrating Applications With PingGateway
Introduce PingGateway and discuss scenarios for protecting web applications, APIs, and legacy applications:
- Introduce PingGateway
- Describe PingGateway features
- Compare PingGateway with policy agents
- Explore PingGateway integration with web applications
- Describe PingGateway integration with OIDC and SAML
- Explore PingGateway policy enforcement and second-factor authentication (2FA)
- Describe PingGateway protection of APIs
- Access your CloudShare VM
- Examine the lab environment
- Access the FEC and DVD4U websites
Configure PingGateway to listen for secure connections, operate in development mode, and be a reverse proxy in front of the FEC website:
- Examine the PingGateway configuration structure
- Describe required PingGateway configuration
- Configure PingGateway for secure connections
- Configure PingGateway routes
- Creating and managing routes in PingGateway Studio
- Protect a website by using PingGateway Studio
- Upgrade a route to use WebSockets
- Configure PingGateway for development mode and TLS connections
- Protect the FEC website with PingGateway by using PingGateway Studio
- Manage routes in PingGateway Studio and examine PingGateway log files
Configure PingGateway to route requests depending on external conditions, and use various filters and handlers to process requests and responses within a route:
- Describe the PingGateway object model
- Examine objects available in routes
- Retrieve context data and configure sessions
- Route requests depending on conditions
- Describe route handlers
- Manage requests and responses with a route handler
- Process requests and responses with filters
- Create a route to allow access to a public area of FEC
- Add a page not found route
- Create a route to access the legacy DVD4U application
- Add password replay for the DVD4U application
Introduce decorators, capture information in the PingGateway logs information using the CaptureDecorator, and retrieve credentials from a file with a FileAttributesFilter:
- Manage PingGateway logs
- Introduce Decorators
- Configure route activity logs
- Capture inbound and outbound communication
- Retrieve credentials from a file
- Observe requests and responses in PingGateway logs
- Test different capture configuration settings
- Centralize PingGateway logging configuration
- Modify the DVD4U route to get credentials from a file
- Use Logback configuration for troubleshooting
Implement authentication for websites with the single sign-on (SSO) filter by using PingGateway to interact with Advanced Identity Cloud or AM as the authentication server, to ensure access to non-public content requires authentication:
- Create a route by using the PingGateway Studio Freeform Designer
- Configure Advanced Identity Cloud or AM as a service
- Describe how to use the SSO Filter
- Retrieve user data from the authentication provider
- Configure PingGateway as an HTTPS client
- Create a route with the PingGateway Studio Freeform Designer
- Redirect requests to AM for authentication
- Configure PingGateway for client-side HTTPS
- Access properties in SSO token context
- Retrieve user profile data for display in a web page
- Store information in a PingGateway HTTP session
- Configure capture decorators in Freeform Designer
Configure cross-domain single sign-on (CDSSO) to support applications located in different domains, by using the CrossDomainSingleSignOnFilter:
- Describe the CDSSO Filter
- Configure the CDSSO Filter Solution
- Configure CDSSO redirect endpoints
- Integrate the legacy application with CDSSO
- Create a new route to protect DVD4U with CDSSO and AM
- Update the DVD4U route to automatically log in the authenticated user
- Prepare the Advanced Identity Cloud tenant
- Protect the DVD4U and FEC websites using CDSSO with Advanced Identity Cloud
Configure PingGateway to operate as an OIDC client (relying party) to offer potential subscriber users access to the trial sections and immediate access to promotional content of the website by using their Gmail account:
- Describe basic OIDC concepts
- Configure PingGateway as an OIDC client
- Examine the flow of OIDC redirects for authentication and consent
- Explore the flow of OIDC callbacks and data injection
- Configure an OIDC relying party route
- Examine the OIDC relying party solution
Configure PingGateway to act as a SAML2 service provider (SP), enabling an application to be SAML2-compliant:
- Authenticate with a SAML2 identity provider (IdP)
- Describe the use of the SAML federation handler
- Describe the use of the dispatch handler
- Describe the SAML2 implementation flow
- Set up SAML2 configuration files for PingGateway
- Configure a SAML2 route for the trial section
- Examine the SAML2 solution (optional)
Configure PingGateway to manage access to a website by evaluating policies configured in Advanced Identity Cloud (or AM) and using a PolicyEnforcementFilter:
- Describe the use of the Policy Enforcement Filter
- Illustrate the use of the Policy Enforcement Filter
- Configure a policy enforcement point (PEP) route for the premium section of FEC
- Examine the PEP solution (optional)
Illustrate how PingGateway handles step-up authentication and transactional authorization policy advices with Advanced Identity Cloud (or AM):
- Describe step-up authentication
- Illustrate how PingGateway handles step-up authentication
- Describe transactional authorization
- Illustrate how PingGateway handles transactional authorization
- Configure a PEP route for the on demand and profile sections of FEC
- Examine the profile solution (optional)
- Examine the on-demand solution (optional)
Lesson 1: Configuring PingGateway as an OAuth2 Resource Server
Configure PingGateway to act as an OAuth2 resource server that protects a REST API:
- Describe the use of the OAuth2 resource server filter
- List access token resolvers
- Validate certificate-bound access tokens
- Observe the flow with the token introspection resolver
- Prepare the OAuth2 solution to protect the FEC REST API
- Configure PingGateway to protect the FEC REST APIs
- Examine the REST API solution (optional)
Log information on context, implement dynamic scopes to manage access to resources, and refine allowed access using script-based objects in PingGateway:
- Describe the scripting functionality for extending PingGateway
- Explore scriptable objects
- Examine dynamic scopes solution
- Describe OAuth2 token swapping in PingGateway
- Configure a scriptable filter to log the content of the OAuth2 context
- Configure a dynamic scopes script
- Configure a scriptable filter to retrieve the correct favorite list
Prepare PingGateway for a production environment by considering auditing, monitoring, tuning, security, and deployment topics:
- Describe the audit framework
- Excluding sensitive data from audit logs
- Accessing the Common REST API monitoring endpoint
- Decreasing the number of requests through caching
Develop awareness of best practices, describe JwtSessions, examine common secrets, and manage request rates and throttling:
- Discuss PingGateway best practices regarding security
- Examine the common secrets
- Explore secret store types
- Describe throttling
- Create common secret stores
- Configure throttling
Explore how to deploy PingGateway into a production context by using property value substitution and clustering:
- Describe property value substitution
- Set up multiple PingGateway instances
- Integrate configuration tokens in the solution
- Deploy a second PingGateway instance
Getting Started With PingOne DaVinci
This course provides the foundation to design, build, and integrate identity orchestration flows using PingOne DaVinci (DaVinci). You will create user interactions, extend flows with APIs, and integrate these solutions into applications. You will also leverage core PingOne services like SSO, identity management, and analytics. Through hands-on labs and instruction, you will gain the skills to deploy real-world orchestration solutions with confidence.
Upon completion of this course, you should be able to:
- Build basic user interactions with DaVinci flows
- Integrate a DaVinci flow into an application
- Integrate PingOne single sign-on (SSO) and identities in DaVinci flows
- Build an authentication flow in DaVinci
- Provide custom analytics in a DaVinci flow
The following are the prerequisites for successfully completing this course:
- Basic understanding of JavaScript, HTML, CSS, and the PingOne Platform
- Completion of the Introduction to PingOne DaVinci course available at:
Chapter 1: Building Basic User Interactions With DaVinci Flows
Build basic user interactions with DaVinci flows.
Lesson 1: Defining the Basic Flow and Interaction Steps
Define the basic flow and provide an introduction to the foundational concepts of DaVinci:
- Introduce the PingOne Platform and DaVinci
- Access and launch the DaVinci admin console
- Understand Flows
- Build basic user interaction in a flow
Lesson 2: Using Functions and API Calls
Define the basic flow and provide an introduction to the foundational concepts of DaVinci:
- Extend DaVinci flows
- Verify the age of the user
- Make an API callCollect the user’s email and password
- Implement a robot check
- Document the flow
Lesson 3: Improving the User Experience
Use more advanced concepts in DaVinci to implement your flows:
- Improve the UI
- Convert user interactions to use HTML templates
Lesson 4: Using Variables and Form Validation
Expand further the functionality of your existing flow by using flow variables and improving interaction with the user:
- Incorporate variables
- Understand localizing flows
- Use flow variables and form validation
- Incorporate form validation
- Improve form validation inputs
- Troubleshoot issues
Lesson 5: Using Subflows to Manage Complexity
Externalize functionality that is often reused or complex to its own flow; for example, if the flow needed to connect to an API that isn’t available as a native connector, CRUD operations could be built in a new flow that could be leveraged by many:
- Create and use subflows
- Implement the subflow
- Replace the API call with the subflow
Chapter 2: Integrating a DaVinci Flow Into an Application
Integrate a DaVinci flow into an application.
Lesson 1: Integrating an Application to Launch a Flow
Integrate the flow into a web application which allows the application to provide the CSS (look and feel). Other flows can also be integrated to enable a richer user experience:
- Add a flow to a web application
- Create and customize the application
Lesson 2: Using a CSS in Flows vs Applications
Review how CSS is leveraged in a flow vs an application, and determine the advantages of leaving the presentation layer controlled by your application rather than using a CSS in your flow:
- Leverage a CSS
- Determine how a custom CSS in a flow is embedded with a web application
Lesson 3: Adding a Flow to an Existing Applicatio
Take the flow and integrate it into a web application:
- Embed flows using the widget method
- Import the DaVinci JavaScript library
- Create a JavaScript method to call the flow
Lesson 4: Integrating Non-UI Flows
Explore how DaVinci can accelerate development when integrating with backend services and APIs, enriching the overall user experience:
- Integrate a non-UI flow
- Build out your flow
- Integrate the flow
Lesson 5: Passing Data Into a Flow From an Application
Run through the process of passing data into a flow, whether it has user interaction or not:
- Enable dynamic flows
- Create and integrate a DaVinci subflow
Lesson 6: Performing A/B Testing
Define a flow that deals with age first, instead of name, during registration:
- Understand A/B testing
- Define a new flow
- Incorporate flow policies
- Build out a flow policy
Chapter 3: Integrating PingOne SSO and Identities in DaVinci Flows
Integrate PingOne SSO and identities in DaVinci flows.
Lesson 1: Setting Up Parallel Processing
Set up a flow that has two paths that execute in parallel and then come to their own conclusion:
- Implement parallel processing
- Leverage the PingOne Notification service
Lesson 2: Automating Flows With DaVinci Admin APIs
Learn how to manage DaVinci programmatically using the DaVinci Admin APIs:
- Understand DaVinci Admin APIs
- Explain administrator roles
Lesson 3: Creating Registered Accounts
Take the information collected during the registration process and create a user account in PingOne, which is the first step to expanding the capabilities of the application to support authentication:
- Create registered accounts
- Review your PingOne setup
- Build out a new registration flow
- Verify if an account already exists
Lesson 4: Verifying an Email Address
Establish a process to verify the email address of the user:
- Configure email verification
- Create an email verification subflow
- Complete the subflow
Chapter 4: Building an Authentication Flow in DaVinci
Build an authentication flow in DaVinci.
Lesson 1: Handling Authentication
Handle authentication for the application:
- Design and implement the authentication flow
- Design the flow logic
- Implement teleports for flow efficiency
- Authenticate and validate user identity
Lesson 2: Handling Forgotten Passwords
Handle forgotten password in the authentication flow:
- Manage password recovery flows
- Develop the end-to-end forgot password flow
Lesson 3: Adding an Authentication Method
Add another method of authentication, an email magic link, for the users of the application:
- Implement magic link authentication
- Add a magic link authentication method
Chapter 5: Providing Custom Analytics in a DaVinci Flow
Provide custom analytics in a DaVinci flow.
Lesson 1: Leveraging analytics to monitor flow usage
Implement custom analytics to track key business milestones and user behavior across DaVinci flows:
- Understand and apply flow analytics
- Configure authentication analysis