PingIDM Deep Dive
(IDM-420)
Ping Identity is starting to rebrand all products and courses under the Ping Identity brand. The content will remain the same and our curriculum developers will continue to prioritize courses that need development.
Description
Learn how to install and deploy PingIDM (IDM), formerly known as ForgeRock® Identity Management, in an on-prem or self-managed cloud environment to manage the lifecycle and relationship of digital identities. Topics include how to model identity objects in IDM, create connector configurations and synchronization mappings to manage the flow identity objects and properties with various external identity resources, manage workflows, and deploy IDM within a cluster. This course explores the identity management-related features in depth, how they work, and the configuration options available during implementation.
Note: Revision B of this course is based on version 7.2 of IDM.
Target Audiences
The target audiences for this course include:
- System Administrators
- System Integrators
- System Consultants
- System Architects
- System Developers
Objectives
Upon completion of this course, you should be able to:
- Model identity objects, their identity properties, and the relationships between objects, onto existing or new managed objects within IDM
- Create and configure connections between external resources and IDM
- Synchronize identity data across multiple external resources, in real-time or by scheduling reconciliation events, and consolidate multiple identity data stores into one centralized identity store
- Use the sample workflows included with IDM to learn how to introduce business logic into the provisioning process
- Install and deploy IDM in an on-prem or cloud provider Linux environment
Prerequisites
The following are the prerequisites for successfully completing this course:
- Completion of the PingIDM Essentials course available at: https://backstage.forgerock.com/university/forgerock/on-demand/path/TGVhcm5pbmdQYXRoOjM%3D/chapter/Q291cnNlOjE1NzI0
- Basic knowledge and skills using the Linux operating system will be required to complete the labs.
- Basic knowledge of JSON, JavaScript, REST, Java, Groovy, SQL and LDAP would be helpful for understanding the examples; however, programming experience is not required.
Duration
5 days
Course Contents
Chapter 1: Modeling Objects and Identities
Model identity objects, their identity properties, and the relationships between objects, onto existing or new managed objects within IDM.
Lesson 1: Modeling an Identity Profile
Learn about the different object types in IDM, and how you can model a custom identity profile onto a managed object in IDM:
- Describe an IDM deployment and the UIs
- Access and explore the IDM deployment and UIs
- Review the IDM documentation
- Describe the different object types in IDM
- Map an identity object to a managed object
- Model a managed user object in IDM
- Create a new device managed object
Lesson 2: Querying IDM Objects
Use the IDM REST interface to query IDM objects:
- Describe how to query objects using the REST interface
- Configure Postman to query IDM
- Query IDM objects using Postman
Lesson 3: Managing Relationships
Create and manage the relationship between managed objects:
- Describe the purpose of relationships
- Create and query an object relationship
- Describe the visualization of relationships
- Create a dashboard to visualize relationships (optional)
- Describe the relationship properties
- Describe how relationships are configured
- Create a new relationship between managed user objects (optional)
- Describe the relationship between device managed objects and user managed objects
- Set up a relationship between device managed objects and user managed objects
- Describe how to use a relationship-derived virtual property
- Create a relationship-derived virtual property
Lesson 4: Managing Organizations
Set up managed organizations to delegate user administration based on the owner of hierarchical trees:
- Describe the roles and privileges within an organization
- Implement the organization example (optional)
Lesson 5: Delegating Administration
Delegate the administrative privileges to a group of managed users for managing end user identities in IDM:
- Describe how to set up delegated administration
- Describe the privilege model
- Add a new internal role and set up privileges to delegate administration
Chapter 2: Managing Connectors
Create and configure connections between external resources and IDM.
Lesson 1: Configuring Connectors With the IDM Admin UI
Create a connector configuration to connect to an external resource using the IDM admin UI:
- Describe how to connect external resources to IDM
- Describe the process for creating a connector configuration using the IDM admin UI
- Add a connector configuration for an external LDAP resource
- Describe how to add a CSV connector configuration
- Add a connector configuration to import device identities
- Describe how to use the Database Table Connector
- Configure the Database Table Connector (optional)
Lesson 2: Configuring Connectors Over REST
Create a connector configuration in IDM over the REST interface:
- Describe how to use the Scripted SQL Connector
- Describe the process for creating a connector configuration over REST
- Create a scripted SQL connector configuration (optional)
- Describe the core connector configuration settings
- Describe the object types and property mappings
- Describe how to use the scripted REST connector
- Connect to PingDS (DS), formerly known as ForgeRock® Directory Services, using the scripted REST connector (optional)
Chapter 3: Managing Synchronization and Reconciliation
Synchronize identity data across multiple external resources, in real-time or by scheduling reconciliation events, and consolidate multiple identity data stores into one centralized identity store.
Lesson 1: Performing Basic Synchronization
Describe how to use the IDM admin UI to create sync mappings to reconcile identities between IDM and an external resource:
- Describe how to create mappings to synchronize identity objects and properties
- Describe how to create a sync mapping from IDM to an external resource
- Describe how to add source and target properties to the sync mapping
- Describe how to add a correlation query and a situational event script
- Describe how to set the situational behaviors and run reconciliation
- Add a sync mapping from IDM to an LDAP server
- Describe the sync mapping from an LDAP server to IDM
- Add a sync mapping from an LDAP server to IDM
- Describe how to create a sync mapping to provision devices to the IDM repository
- Create a sync mapping to provision devices to the IDM repository (optional)
Lesson 2: Running Selective Synchronization and LiveSync
Filter objects that are synchronized and automate synchronization using LiveSync:
- Describe the different methods that you can use to filter entries
- Run selective synchronization using filters
- Describe how to use LiveSync to synchronize changes
- Trigger LiveSync on a connector
- Schedule LiveSync with an external resource
- Describe how to control synchronization to multiple targets
Lesson 3: Configuring Role-Based Provisioning
Automatically provision users to a set of LDAP groups based on role membership:
- Describe how to provision attributes to a target system based on static role assignments
- Describe the steps to enable role-based provisioning
- Query the role assignment properties using the REST interface
- Provision attributes to a target resource based on static role assignments
- Describe how to provision attributes to a target system based on dynamic role assignments
- Provision attributes to a target resource based on dynamic role assignments
- Add temporal constraints to a role
Chapter 4: Getting Started With Workflow
Use the sample workflows included with IDM to learn how to introduce business logic into the provisioning process.
Lesson 1: Deploying and Starting a Workflow
Enable the workflow engine in IDM and deploy a sample workflow to learn how to manage workflow tasks and processes in the IDM admin UI, IDM End User UI, and REST interface:
- Describe use cases for workflows
- Prepare IDM to run the sample workflow
- Run the sample workflow
- Describe how workflows are implemented
- Describe workflow related tasks
- Describe workflow instances
- Enable the workflow service and examine a sample workflow
Lesson 2: Deploying and Creating a Workflow
Examine, deploy, change, and start the contractor onboarding workflow process that provisions a new user:
- Describe the structure of workflow files
- Describe how to model workflows
- Examine the Flowable UI
- Examine the contractor onboarding workflow
- Describe how to use forms in workflows
- Examine a manual interaction form
- Create and deploy a simple workflow
- Create and deploy a new workflow from scratch
- Describe how to start an approval workflow
- Call a workflow from a sync mapping
Chapter 5: Installing and Deploying IDM
Install and deploy IDM in an on-prem or cloud provider Linux environment.
Lesson 1: Installing IDM
Install a stand-alone IDM instance for development and testing the IDM sample configurations:
- Describe the basic IDM installation requirements
- Install and start IDM
- Start IDM with a sample configuration (optional)
- Configure IDM to run as a background process (optional)
Lesson 2: Deploying IDM in a Cluster
Deploy multiple IDM instances in a cluster:
- Describe deploying IDM in a cluster
- Describe how to manage nodes in a cluster
- Add an IDM instance to a cluster
Lesson 3: Managing IDM in a Cluster
Manage IDM in a cluster environment:
- Describe how to distribute reconciliation operations across a cluster
- Enable clustered reconciliation on a sync mapping
- Schedule tasks across the cluster
- Review sizing and scaling resources
Lesson 4: Monitoring and Troubleshooting
Describe how to set up monitoring and perform basic troubleshooting:
- Describe the monitoring options available for IDM
- Set up monitoring in IDM
- Examine the different log files in IDM
- Get additional help troubleshooting outside of IDM
Lesson 5: Implementing Explicit Mapping
Explore the differences between generic and explicit mapping, and implement each in an externalDS and JDBC repository:
- Describe the differences between generic and explicit mapping
- Describe the DS and JDBC repository configuration files
- Describe how to implement explicit mapping with a JDBC repository
- Implement generic mappings with a JDBC repository
- Implement explicit mappings with a JDBC repository
- Implement explicit mappings with a DS repository
Lesson 6: Upgrading IDM
Upgrade an IDM instance:
- Describe how to upgrade a stand-alone IDM instance
- Describe how to migrate an IDM configuration
- Describe how to update the IDM repository
- Describe how to migrate IDM data
- Describe how to upgrade a cluster deployment