PingOne Advanced Identity Cloud Administration

Chapter 1: Administering Authentication Journeys

Recap authentication with Advanced Identity Cloud. Increase security by introducing MFA as well as context-based user journeys. Protect a website using PingGateway.

Lesson 1: (Recap) Exploring Authentication in Advanced Identity Cloud

Provide a recap of authentication in Advanced Identity Cloud:

• Introduce the basic concepts of authentication
• Prepare the lab environment
• Describe the authentication mechanisms of Advanced Identity Cloud
• Examine Advanced Identity Cloud default authentication
• Create and manage journeys
• Explore journey nodes
• Create a login journey
• Test the login journey

Lesson 2: Increasing Authentication Security

Increase authentication security using MFA:

• Describe MFA
• Register a device
• Include recovery codes
• Examine OATH authentication
• Implement TOTP authentication
• Examine Push notification authentication
• Implement passwordless WebAuthn
• (Optional) Implement passwordless WebAuthn

Lesson 3: Modifying a User’s Journey Based on Context

Describe how Advanced Identity Cloud can take into account the context of an authentication request in order to take access decisions:

• Introduce context-based risk analysis
• Describe device profile nodes
• Determine the risk based on the context
• Implement a browser context change script
• Lock and unlock accounts
• (Optional) Implement account lockout

Lesson 4: Protecting a Website With PingGateway

Show how PingGateway, integrated with Advanced Identity Cloud, can protect a website:

• Present Advanced Identity Cloud edge clients
• Describe PingGateway functionality as an edge client
• Review the BXE website protected by PingGateway
• Integrate the BXE website with Advanced Identity Cloud
• Observe the PingGateway token cookie
• (Optional) Review PingGateway configuration

Chapter 2: Administering Authorization Policies

Implement and manage comprehensive authorization policies in Advanced Identity Cloud to control resource access and enable continuous contextual authorization.

Lesson 1: Controlling Access

Create security policies to control which users can access specific areas of the website:

• Describe entitlements with Advanced Identity Cloud authorization
• Define Advanced Identity Cloud policy components
• Define policy environment conditions and response attributes
• Process of Advanced Identity Cloud policy evaluation
• Implement access control on a website

Lesson 2: Checking Risk Continuously

Review the Advanced Identity Cloud tools used to check the risk level of requests continuously:

• Introduce continuous contextual authorization
• Describe step-up authentication
• Implement step-up authentication flow
• Describe transactional authorization
• Implement transactional authorization
• (Optional) Prevent users from bypassing the default journey

Chapter 3: Administering Managed Objects

Understand and configure Advanced Identity Cloud managed objects, their properties, and relationships to effectively model your identity data structures and implement delegated administration.

Lesson 1: Modeling an Identity Profile

Learn about the different object types in Advanced Identity Cloud, and how you can model a custom user profile onto an existing managed user object type in Advanced Identity Cloud:

• Review the Advanced Identity Cloud documentation
• Describe the different object types in Advanced Identity Cloud
• Map an identity object to a managed object
• Describe how to use placeholder attributes
• Model a managed user object in Advanced Identity Cloud

Lesson 2: Introducing Relationships

Describe relationships between managed objects:

• Describe the purpose of relationships
• Describe how relationships are stored in the schema
• Query an object relationship using the REST interface

Lesson 3: Managing Organizations

Set up managed organizations to delegate user administration based on the owner of hierarchical trees:

• Describe the roles and privileges within an organization
• Implement the organization example

Chapter 4: Administering Connectors, Synchronization, and Provisioning

Configure and manage connections between Advanced Identity Cloud and external resources to enable identity synchronization, reconciliation, and role-based provisioning

Lesson 1: Connecting to External Resources Using Connectors

Describe the connectors supported in Advanced Identity Cloud, and how to create connector configurations to communicate with external resources:

• Describe how to connect external resources to Advanced Identity Cloud
• Configure communication between Advanced Identity Cloud and a remote connector server (RCS)
• Describe how to connect to external resources using ICF connectors

Lesson 2: Configuring Connectors Over the Identity Management Admin UI

• Describe the process for creating a connector configuration using the Identity Management admin UI
• Describe the object types and property mappings
• Add a connector configuration for an external LDAP resource

Lesson 3: Performing Basic Synchronization

Describe how to use the Identity Management admin UI to create synchronization mappings (sync mappings) to reconcile identities between Advanced Identity Cloud and an external resource:

• Describe how to create mappings to synchronize identity objects and properties
• Describe how to create a sync mapping from Advanced Identity Cloud to an external resource
• Describe how to add source and target properties to the sync mapping
• Describe how to add a correlation query and a situational event script
• Describe how to set the situational behaviors and run reconciliation
• Add a sync mapping from Advanced Identity Cloud to an LDAP server
• Describe the sync mapping from an LDAP server to Advanced Identity Cloud
• Add a sync mapping from an LDAP server to Advanced Identity Cloud

Lesson 4: Running Selective Synchronization and LiveSync

Filter objects that are synchronized and automate synchronization using LiveSync:

• Describe the different methods that you can use to filter entries
• Run selective synchronization using filters
• Describe how to use LiveSync to synchronize changes
• Trigger LiveSync on a connector
• Describe how to schedule LiveSync
• Schedule LiveSync with an external resource

Lesson 5: Configuring Role-Based Provisioning

Automatically provision users to a set of LDAP groups based on role membership:

• Describe how to provision attributes to a target system based on static role assignments
• Describe the steps to enable role-based provisioning
• Query the role assignment properties using the REST interface
• Provision attributes to a target resource based on static role assignments
• Describe how to provision attributes to a target system based on dynamic role assignments
• Provision attributes to a target resource based on dynamic role assignments
• Describe how to add temporal constraints to a role
• Add temporal constraints to a role

Chapter 5: Access Advanced Identity Cloud Over REST

Master the Advanced Identity Cloud REST interfaces to authenticate, query, and manage identity objects programmatically.

Lesson 1: Authenticating Over REST

Use Postman to access the Advanced Identity Cloud REST API and authenticate either using a simple (header-based) approach or a more complex approach, where the server may request additional information from the client using callback:

• Understand the REST authentication protocol
• Authenticate with REST
• Authenticate using header-based simple authentication
• Authenticate using callback-based complex authentication

Lesson 2: Querying Advanced Identity Cloud Objects Over REST

Create security policies to control which users can access specific areas of the website:

• Describe how to query objects using the REST interface
• Describe how to use the Advanced Identity Cloud Postman collection
• Query Advanced Identity Cloud Identity objects using Postman