PingIDM Deep Dive

Learn how to install and deploy PingIDM (IDM), formerly known as ForgeRock® Identity Management, in an on-prem or self-managed cloud environment to manage the lifecycle and relationship of digital identities. Topics include how to model identity objects in IDM, create connector configurations and synchronization mappings to manage the flow identity objects and properties with various external identity resources, manage workflows, and deploy IDM within a cluster. This course explores the identity management-related features in depth, how they work, and the configuration options available during implementation.

Note: Revision B of this course is based on version 7.2 of IDM.

Upon completion of this course, you should be able to:

• Model identity objects, their identity properties, and the relationships between objects, onto existing or new managed objects within IDM
• Create and configure connections between external resources and IDM
• Synchronize identity data across multiple external resources, in real-time or by scheduling reconciliation events, and consolidate multiple identity data stores into one centralized identity store
• Use the sample workflows included with IDM to learn how to introduce business logic into the provisioning process
• Install and deploy IDM in an on-prem or cloud provider Linux environment

The following are the prerequisites for successfully completing this course:

• Completion of the PingIDM Essentials course available at: https://backstage.forgerock.com/university/forgerock/on-demand/path/TGVhcm5pbmdQYXRoOjM%3D/chapter/Q291cnNlOjE1NzI0
• Basic knowledge and skills using the Linux operating system will be required to complete the labs.
• Basic knowledge of JSON, JavaScript, REST, Java, Groovy, SQL and LDAP would be helpful for understanding the examples; however, programming experience is not required.

Chapter 1: Modeling Objects and Identities

• Describe an IDM deployment and the UIs
• Access and explore the IDM deployment and UIs
• Review the IDM documentation
• Describe the different object types in IDM
• Map an identity object to a managed object
• Model a managed user object in IDM
• Create a new device managed object

• Describe how to query objects using the REST interface
• Configure Postman to query IDM
• Query IDM objects using Postman

• Describe the purpose of relationships
• Create and query an object relationship
• Describe the visualization of relationships
• Create a dashboard to visualize relationships (optional)
• Describe the relationship properties
• Describe how relationships are configured
• Create a new relationship between managed user objects (optional)
• Describe the relationship between device managed objects and user managed objects
• Set up a relationship between device managed objects and user managed objects
• Describe how to use a relationship-derived virtual property
• Create a relationship-derived virtual property

• Describe the roles and privileges within an organization
• Implement the organization example (optional)

• Describe how to set up delegated administration
• Describe the privilege model
• Add a new internal role and set up privileges to delegate administration

• Describe how to connect external resources to IDM
• Describe the process for creating a connector configuration using the IDM admin UI
• Add a connector configuration for an external LDAP resource
• Describe how to add a CSV connector configuration
• Add a connector configuration to import device identities
• Describe how to use the Database Table Connector
• Configure the Database Table Connector (optional)

• Describe how to use the Scripted SQL Connector
• Describe the process for creating a connector configuration over REST
• Create a scripted SQL connector configuration (optional)
• Describe the core connector configuration settings
• Describe the object types and property mappings
• Describe how to use the scripted REST connector
• Connect to PingDS (DS), formerly known as ForgeRock® Directory Services, using the scripted REST connector (optional)

• Describe how to use the IDM admin UI to create sync mappings to reconcile identities between IDM and an external resource:
• Describe how to create mappings to synchronize identity objects and properties
• Describe how to create a sync mapping from IDM to an external resource
• Describe how to add source and target properties to the sync mapping
• Describe how to add a correlation query and a situational event script
• Describe how to set the situational behaviors and run reconciliation
• Add a sync mapping from IDM to an LDAP server
• Describe the sync mapping from an LDAP server to IDM
• Add a sync mapping from an LDAP server to IDM
• Describe how to create a sync mapping to provision devices to the IDM repository
• Create a sync mapping to provision devices to the IDM repository (optional)

• Describe the different methods that you can use to filter entries
• Run selective synchronization using filters
• Describe how to use LiveSync to synchronize changes
• Trigger LiveSync on a connector
• Schedule LiveSync with an external resource
• Describe how to control synchronization to multiple targets

• Describe how to provision attributes to a target system based on static role assignments
• Describe the steps to enable role-based provisioning
• Query the role assignment properties using the REST interface
• Provision attributes to a target resource based on static role assignments
• Describe how to provision attributes to a target system based on dynamic role assignments
• Provision attributes to a target resource based on dynamic role assignments
• Add temporal constraints to a role

• Describe use cases for workflows
• Prepare IDM to run the sample workflow
• Run the sample workflow
• Describe how workflows are implemented
• Describe workflow related tasks
• Describe workflow instances
• Enable the workflow service and examine a sample workflow

• Describe the structure of workflow files
• Describe how to model workflows
• Examine the Flowable UI
• Examine the contractor onboarding workflow
• Describe how to use forms in workflows
• Examine a manual interaction form
• Create and deploy a simple workflow
• Create and deploy a new workflow from scratch
• Describe how to start an approval workflow
• Call a workflow from a sync mapping

• Describe the basic IDM installation requirements
• Install and start IDM
• Start IDM with a sample configuration (optional)
• Configure IDM to run as a background process (optional)

• Describe deploying IDM in a cluster
• Describe how to manage nodes in a cluster
• Add an IDM instance to a cluster

• Describe how to distribute reconciliation operations across a cluster
• Enable clustered reconciliation on a sync mapping
• Schedule tasks across the cluster
• Review sizing and scaling resources

• Describe the monitoring options available for IDM
• Set up monitoring in IDM
• Examine the different log files in IDM
• Get additional help troubleshooting outside of IDM

• Describe the differences between generic and explicit mapping
• Describe the DS and JDBC repository configuration files
• Describe how to implement explicit mapping with a JDBC repository
• Implement generic mappings with a JDBC repository
• Implement explicit mappings with a JDBC repository
• Implement explicit mappings with a DS repository

• Describe how to upgrade a stand-alone IDM instance
• Describe how to migrate an IDM configuration
• Describe how to update the IDM repository
• Describe how to migrate IDM data
• Describe how to upgrade a cluster deployment