PingOne Advanced Identity Cloud Deep Dive: Identity Management (AIC-420)

The Getting Started With PingOne Advanced Identity Cloud for Administrators course introduced students to a broad range of the identity management and access management features of PingOne Advanced Identity Cloud (Advanced Identity Cloud), formerly known as ForgeRock® Identity Cloud. Each lesson briefly covered the core concepts and basic implementation of a feature, but did not go into any depth. This course explores the identity management-related features in more depth, how they work, and the configuration options available during implementation.


Target Audiences

The target audiences for this course include:

  • Advanced Identity Cloud Administrators
  • System Integrators
  • System Consultants
  • System Architects
  • System Developers


Objectives

Upon completion of this course, you should be able to:

  • Model a custom user profile onto an existing user managed object type, query objects using the REST interface, create an organization model, and describe the relationship properties between objects
  • Create and configure connections between external resources and Advanced Identity Cloud
  • Synchronize identity data across multiple external resources, in real-time or by scheduling reconciliation events, and consolidate multiple identity data stores into one centralized identity store


Prerequisites

The following are the prerequisites for successfully completing this course:

  • Completion of the Identity Management Essentials course available at: https://backstage.forgerock.com/university/forgerock/on-demand/path/TGVhcm5pbmdQYXRoOjM%3D/chapter/Q291cnNlOjE1NzI0
  • Completion of the Getting Started With PingOne Advanced Identity Cloud for Administrators course available at: https://backstage.forgerock.com/university/forgerock/courses


Duration

3 days

Show details


Course Contents

Chapter 1: Modeling Identities

Model a custom user profile onto an existing user managed object type, query objects using the REST interface, create an organization model, and describe the relationship properties between objects.

Lesson 1: Modeling an Identity Profile

Learn about the different object types in Advanced Identity Cloud, and how you can model a custom user profile onto an existing managed user object type in Advanced Identity Cloud:

  • Review the Advanced Identity Cloud documentation
  • Describe the different object types in Advanced Identity Cloud
  • Map an identity object to a managed object
  • Describe how to use placeholder attributes
  • Model a managed user object in Advanced Identity Cloud

Lesson 2: Querying Identity Cloud Objects

Use the Identity Cloud Identity Management REST interface to query Identity Cloud objects:

  • Describe how to query objects using the REST interface
  • Describe how to use the Identity Cloud Postman collection
  • Prepare Identity Cloud and configure the Identity Cloud Postman collection variables
  • Query Identity Cloud objects using the Identity Cloud Postman collection

Lesson 3: Managing Organizations

Set up managed organizations to delegate user administration based on the owner of hierarchical trees:

  • Describe the roles and privileges within an organization
  • Implement the organization example

Lesson 4: Introducing Relationships

Describe relationships between managed objects:

  • Describe the purpose of relationships
  • Describe how relationships are stored in the schema
  • Query an object relationship using the REST interface


Chapter 2: Managing Connectors

Create and configure connections between external resources and Advanced Identity Cloud.

Lesson 1: Connecting to External Resources Using Connectors

Describe the connectors supported in Advanced Identity Cloud, and how to create connector configurations to communicate with external resources:

  • Describe how to connect external resources to Advanced Identity Cloud
  • Configure communication between Identity Cloud and a Remote Connector Server (RCS)
  • Describe how to connect to external resources using ICF connectors

Lesson 2: Configuring Connectors With the Admin UI

  • Describe the process for creating a connector configuration using the admin UI
  • Add a connector configuration for an external LDAP resource

Lesson 3: Configuring Connectors Over REST

  • Describe the process for creating a connector configuration over REST
  • Describe the core connector configuration settings
  • Describe the object types and property mappings
  • Generate a full connector configuration JSON object over REST

Lesson 4: Connecting to Databases

Describe the ICF connectors for connecting to databases, and how to create connector configurations to access identity data stored in SQL databases:

  • Describe how to use the Database Table Connector
  • Configure the Database Table Connector
  • Describe how to use the Scripted SQL Connector
  • Create a scripted SQL connector configuration

Lesson 5: Connecting to External Resources Using a Scripted REST Connector Configuration

  • Describe the use cases for using a scripted REST connector
  • Connect to DS using the scripted REST connector


Chapter 3: Managing Synchronization and Reconciliation

Synchronize identity data across multiple external resources, in real-time or by scheduling reconciliation events, and consolidate multiple identity data stores into one centralized identity store.

Lesson 1: Performing Basic Synchronization

  • Describe how to use the Identity Management admin UI to create synchronization mappings (sync mappings) to reconcile identities between Advanced Identity Cloud and an external resource:
  • Describe how to create mappings to synchronize identity objects and properties
  • Describe how to create a sync mapping from Advanced Identity Cloud to an external resource
  • Describe how to add source and target properties to the sync mapping
  • Describe how to add a correlation query and a situational event script
  • Describe how to set the situational behaviors and run reconciliation
  • Add a sync mapping from Advanced Identity Cloud to an LDAP server
  • Describe the sync mapping from an LDAP server to Advanced Identity Cloud
  • Add a sync mapping from an LDAP server to Advanced Identity Cloud

Lesson 2: Running Selective Synchronization and LiveSync

Filter objects that are synchronized and automate synchronization using LiveSync:

  • Describe the different methods that you can use to filter entries
  • Run selective synchronization using filters
  • Describe how to use LiveSync to synchronize changes
  • Trigger LiveSync on a connector
  • Describe how to schedule LiveSync
  • Schedule LiveSync with an external resource

Lesson 3: Configuring Role-Based Provisioning

Automatically provision users to a set of LDAP groups based on role membership:

  • Describe how to provision attributes to a target system based on static role assignments
  • Describe the steps to enable role-based provisioning
  • Query the role assignment properties using the REST interface
  • Provision attributes to a target resource based on static role assignments
  • Describe how to provision attributes to a target system based on dynamic role assignments
  • Provision attributes to a target resource based on dynamic role assignments
  • Describe how to add temporal constraints to a role
  • Add temporal constraints to a role