PingIDM Deep Dive (IDM-420)

Ping Identity is starting to rebrand all products and courses under the Ping Identity brand. The content will remain the same and our curriculum developers will continue to prioritize courses that need development.


Description

Learn how to install and deploy PingIDM (IDM), formerly known as ForgeRock® Identity Management, in an on-prem or self-managed cloud environment to manage the lifecycle and relationship of digital identities. Topics include how to model identity objects in IDM, create connector configurations and synchronization mappings to manage the flow identity objects and properties with various external identity resources, manage workflows, and deploy IDM within a cluster. This course explores the identity management-related features in depth, how they work, and the configuration options available during implementation.

Note: Revision B of this course is based on version 7.2 of IDM.


Target Audiences

The target audiences for this course include:

  • System Administrators
  • System Integrators
  • System Consultants
  • System Architects
  • System Developers


Objectives

Upon completion of this course, you should be able to:

  • Model identity objects, their identity properties, and the relationships between objects, onto existing or new managed objects within IDM
  • Create and configure connections between external resources and IDM
  • Synchronize identity data across multiple external resources, in real-time or by scheduling reconciliation events, and consolidate multiple identity data stores into one centralized identity store
  • Use the sample workflows included with IDM to learn how to introduce business logic into the provisioning process
  • Install and deploy IDM in an on-prem or cloud provider Linux environment


Prerequisites

The following are the prerequisites for successfully completing this course:


Duration

5 days

Show details


Course Contents

Chapter 1: Modeling Objects and Identities

Model identity objects, their identity properties, and the relationships between objects, onto existing or new managed objects within IDM.

Lesson 1: Modeling an Identity Profile

Learn about the different object types in IDM, and how you can model a custom identity profile onto a managed object in IDM:

  • Describe an IDM deployment and the UIs
  • Access and explore the IDM deployment and UIs
  • Review the IDM documentation
  • Describe the different object types in IDM
  • Map an identity object to a managed object
  • Model a managed user object in IDM
  • Create a new device managed object

Lesson 2: Querying IDM Objects

Use the IDM REST interface to query IDM objects:

  • Describe how to query objects using the REST interface
  • Configure Postman to query IDM
  • Query IDM objects using Postman

Lesson 3: Managing Relationships

Create and manage the relationship between managed objects:

  • Describe the purpose of relationships
  • Create and query an object relationship
  • Describe the visualization of relationships
  • Create a dashboard to visualize relationships (optional)
  • Describe the relationship properties
  • Describe how relationships are configured
  • Create a new relationship between managed user objects (optional)
  • Describe the relationship between device managed objects and user managed objects
  • Set up a relationship between device managed objects and user managed objects
  • Describe how to use a relationship-derived virtual property
  • Create a relationship-derived virtual property

Lesson 4: Managing Organizations

Set up managed organizations to delegate user administration based on the owner of hierarchical trees:

  • Describe the roles and privileges within an organization
  • Implement the organization example (optional)

Lesson 5: Delegating Administration

Delegate the administrative privileges to a group of managed users for managing end user identities in IDM:

  • Describe how to set up delegated administration
  • Describe the privilege model
  • Add a new internal role and set up privileges to delegate administration


Chapter 2: Managing Connectors

Create and configure connections between external resources and IDM.

Lesson 1: Configuring Connectors With the IDM Admin UI

Create a connector configuration to connect to an external resource using the IDM admin UI:

  • Describe how to connect external resources to IDM
  • Describe the process for creating a connector configuration using the IDM admin UI
  • Add a connector configuration for an external LDAP resource
  • Describe how to add a CSV connector configuration
  • Add a connector configuration to import device identities
  • Describe how to use the Database Table Connector
  • Configure the Database Table Connector (optional)

Lesson 2: Configuring Connectors Over REST

Create a connector configuration in IDM over the REST interface:

  • Describe how to use the Scripted SQL Connector
  • Describe the process for creating a connector configuration over REST
  • Create a scripted SQL connector configuration (optional)
  • Describe the core connector configuration settings
  • Describe the object types and property mappings
  • Describe how to use the scripted REST connector
  • Connect to PingDS (DS), formerly known as ForgeRock® Directory Services, using the scripted REST connector (optional)


Chapter 3: Managing Synchronization and Reconciliation

Synchronize identity data across multiple external resources, in real-time or by scheduling reconciliation events, and consolidate multiple identity data stores into one centralized identity store.

Lesson 1: Performing Basic Synchronization

Describe how to use the IDM admin UI to create sync mappings to reconcile identities between IDM and an external resource:

  • Describe how to create mappings to synchronize identity objects and properties
  • Describe how to create a sync mapping from IDM to an external resource
  • Describe how to add source and target properties to the sync mapping
  • Describe how to add a correlation query and a situational event script
  • Describe how to set the situational behaviors and run reconciliation
  • Add a sync mapping from IDM to an LDAP server
  • Describe the sync mapping from an LDAP server to IDM
  • Add a sync mapping from an LDAP server to IDM
  • Describe how to create a sync mapping to provision devices to the IDM repository
  • Create a sync mapping to provision devices to the IDM repository (optional)

Lesson 2: Running Selective Synchronization and LiveSync

Filter objects that are synchronized and automate synchronization using LiveSync:

  • Describe the different methods that you can use to filter entries
  • Run selective synchronization using filters
  • Describe how to use LiveSync to synchronize changes
  • Trigger LiveSync on a connector
  • Schedule LiveSync with an external resource
  • Describe how to control synchronization to multiple targets

Lesson 3: Configuring Role-Based Provisioning

Automatically provision users to a set of LDAP groups based on role membership:

  • Describe how to provision attributes to a target system based on static role assignments
  • Describe the steps to enable role-based provisioning
  • Query the role assignment properties using the REST interface
  • Provision attributes to a target resource based on static role assignments
  • Describe how to provision attributes to a target system based on dynamic role assignments
  • Provision attributes to a target resource based on dynamic role assignments
  • Add temporal constraints to a role


Chapter 4: Getting Started With Workflow

Use the sample workflows included with IDM to learn how to introduce business logic into the provisioning process.

Lesson 1: Deploying and Starting a Workflow

Enable the workflow engine in IDM and deploy a sample workflow to learn how to manage workflow tasks and processes in the IDM admin UI, IDM End User UI, and REST interface:

  • Describe use cases for workflows
  • Prepare IDM to run the sample workflow
  • Run the sample workflow
  • Describe how workflows are implemented
  • Describe workflow related tasks
  • Describe workflow instances
  • Enable the workflow service and examine a sample workflow

Lesson 2: Deploying and Creating a Workflow

Examine, deploy, change, and start the contractor onboarding workflow process that provisions a new user:

  • Describe the structure of workflow files
  • Describe how to model workflows
  • Examine the Flowable UI
  • Examine the contractor onboarding workflow
  • Describe how to use forms in workflows
  • Examine a manual interaction form
  • Create and deploy a simple workflow
  • Create and deploy a new workflow from scratch
  • Describe how to start an approval workflow
  • Call a workflow from a sync mapping


Chapter 5: Installing and Deploying IDM

Install and deploy IDM in an on-prem or cloud provider Linux environment.

Lesson 1: Installing IDM

Install a stand-alone IDM instance for development and testing the IDM sample configurations:

  • Describe the basic IDM installation requirements
  • Install and start IDM
  • Start IDM with a sample configuration (optional)
  • Configure IDM to run as a background process (optional)

Lesson 2: Deploying IDM in a Cluster

Deploy multiple IDM instances in a cluster:

  • Describe deploying IDM in a cluster
  • Describe how to manage nodes in a cluster
  • Add an IDM instance to a cluster

Lesson 3: Managing IDM in a Cluster

Manage IDM in a cluster environment:

  • Describe how to distribute reconciliation operations across a cluster
  • Enable clustered reconciliation on a sync mapping
  • Schedule tasks across the cluster
  • Review sizing and scaling resources

Lesson 4: Monitoring and Troubleshooting

Describe how to set up monitoring and perform basic troubleshooting:

  • Describe the monitoring options available for IDM
  • Set up monitoring in IDM
  • Examine the different log files in IDM
  • Get additional help troubleshooting outside of IDM

Lesson 5: Implementing Explicit Mapping

Explore the differences between generic and explicit mapping, and implement each in an externalDS and JDBC repository:

  • Describe the differences between generic and explicit mapping
  • Describe the DS and JDBC repository configuration files
  • Describe how to implement explicit mapping with a JDBC repository
  • Implement generic mappings with a JDBC repository
  • Implement explicit mappings with a JDBC repository
  • Implement explicit mappings with a DS repository

Lesson 6: Upgrading IDM

Upgrade an IDM instance:

  • Describe how to upgrade a stand-alone IDM instance
  • Describe how to migrate an IDM configuration
  • Describe how to update the IDM repository
  • Describe how to migrate IDM data
  • Describe how to upgrade a cluster deployment