This course teaches you how to administer and configure Ping Access Management (PingAM) to protect web applications and APIs. You start with core authentication and website protection using PingGateway, then strengthen security with multi-factor authentication (MFA), context-based risk analysis, and continuous risk evaluation. The course then moves into OAuth 2.0 and OpenID Connect (OIDC), including token-based authorization, JWT and mTLS client authentication, token transformation, and social authentication. It concludes with SAML v2.0 federation, covering IdP and SP roles, circles of trust, SP- and IdP-initiated SSO, account linking, and single logout.
Upon completion of this course, you should be able to:
The following are the prerequisites for successfully completing this course:
Chapter 1: Enhancing Intelligent Access
Start with an unprotected website and end up with a fully functional access management solution where every user trying to access the website is redirected to PingAM (AM) for authentication.
Lesson 1: Reviewing Authentication Mechanisms
Explore the AM admin UI, view the role of cookies used during and after authentication, and describe authentication trees and nodes:
Lesson 2: Protecting a Website With PingGateway
Protect a website by integrating PingGateway with AM:
Lesson 3: Controlling Access
Create security policies to control which users can access specific areas of the website:
Chapter 2: Improving Access Management Security
Improve access management security in Ping Access Management (PingAM or AM) with multi-factor authentication (MFA), context-based risk analysis, and continuous risk checking.
Lesson 1: Increasing Authentication Security
Increase authentication security using MFA:
Lesson 2: Modifying the Authentication Journey Based on Context
Describe how AM can take into account the context of an authentication request in order to make access decisions:
Lesson 3: Checking Risk Continuously
Review the AM tools used to check the risk level of requests continuously:
Chapter 3: Extending Services Using OAuth2-Based Protocols
Implement OAuth 2.0 (OAuth2) based protocols; namely, OAuth2 and OpenID Connect 1.0 (OIDC), to enable low-level devices and mobile applications to make requests that access resources belonging to a subscriber. Ping Identity Access Management (PingAM or AM) can be configured to function as an OIDC client and delegate authentication to social media OIDC providers.
Lesson 1: Integrating Applications With OAuth2
Integrate clients using OAuth2 by demonstrating the use of the OAuth2 Device Code grant type flow with AM configured as the OAuth2 authorization server (AS):
Lesson 2: Integrating Applications With OIDC
Integrate an application using OIDC and the Authorization grant type flow with AM as an OIDC provider:
Lesson 3: Authenticating OAuth2 Clients With JWT Profiles, mTLS, and PoP
Identify OAuth2 client authentication methods, authenticate a client with mTLS, and obtain a certificate-bound access token for proof-of-possession:
Lesson 4: Transforming OAuth2 Tokens
Request and obtain security tokens from an OAuth2 authorization server, including security tokens that employ impersonation and delegation semantics:
Lesson 5: (Optional) Implementing Social Authentication
Provide a way for users to register and authenticate to AM using a social account:
Chapter 4: Federating Across Entities Using SAML2
Introduce SAML2 with AM as an identity provider (IdP) and AM as a service provider (SP).
Lesson 1: Introducing AM as a SAML2 Identity Provider
Explain the role of AM as a SAML2 IdP and perform a basic hosted IdP configuration:
Lesson 2: Introducing AM as a SAML2 Service Provider
Explain the role of AM as a SAML2 SP and perform a simple integrated-mode configuration: