This course shows students how to deploy, configure, and administer PingOne Protect. Through a combination of guided instruction and hands-on exercises, students work in a live environment to learn how to implement risk-based policies, integrate with PingOne DaVinci (DaVinci), and monitor threats using real-time dashboards. Students are provided with a functional PingOne Protect environment where they learn how to configure risk predictors and policies, orchestrate risk-based multi-factor authentication (MFA) experiences, and reduce MFA fatigue while maintaining strong security controls. The course also guides students through preventing Account Takeover (ATO) and New Account Fraud (NAF) by correlating risk signals, tuning policies, and applying best practices to optimize fraud detection and minimize false positives.

Target Audience

The target audiences for this course include:

• Ping Identity Administrators
• Security Administrators
• System Architects
• System Developers
• Visual Data Analysts
• Data Scientists
• Business Analysts

Objectives

Upon completion of this course, you should be able to:

• Deploy PingOne Protect by configuring predictors and risk policies, integrating with DaVinci, and monitoring risk through the Threat Protection Dashboard
• Analyze risk signals and adjust multi-factor authentication (MFA) requirements using DaVinci orchestration flows to balance security and user experience
• Identify complex fraud patterns and implement risk-based policies to proactively mitigate ATO and NAF across your environments
• Monitor risk events and evaluate policy performance in PingOne Protect so you can use reporting and analytics to identify trends, investigate anomalies, and refine risk policies while preserving a seamless user experience

Prerequisites

The following are the prerequisites for successfully completing this course:

• Completion of the following courses available at: https://training.pingidentity.com/on-demand/category/PING
  • Introduction to PingOne Protect
  • Introduction to PingOne DaVinci
  • Introduction to PingOne MFA

Duration

3 days

Course Contents

Chapter 1: Deploying PingOne Protect

Deploy PingOne Protect by configuring predictors and risk policies, integrating with DaVinci, and

monitoring risk through the Threat Protection Dashboard.

Lesson 1: Introducing PingOne Protect

Describe the core features of PingOne Protect and how it fits within the PingOne Identity Platform (Identity Platform):

• Identify PingOne Protect
• Analyze scenarios
• Set up the Ping Identity environment (optional)

Lesson 2: Reviewing Architecture and Components

Get an overall understanding of how PingOne Protect integrates with DaVinci, define its core operational components (predictors and risk policies), and examine the architecture that connects and orchestrates these elements:

• Define risk predictors
• Administrate risk predictors
• Configure risk policies
• Create risk policies

Lesson 3: Integrating and Monitoring Threat Protection

Use the PingOne Protect connector and the Threat Protection Dashboard to integrate risk evaluation into DaVinci flows and monitor threats across your environment:

• Integrate PingOne Protect with DaVinci
• Monitor Risk with the Threat Protection Dashboard

Chapter 2: Optimizing MFA for Risk and Experience

Analyze risk signals and adjust MFA requirements using DaVinci orchestration flows to balance security and user experience.

Lesson 1: Understanding Risk-Based MFA

Differentiate risk-based MFA from traditional static MFA and configure your environment to support adaptive MFA:

• Contrast traditional and risk-based MFA
• Configure the environment post-MFA setup (optional)

Lesson 2: Implementing MFA Scenarios

Configure MFA for PingOne Protect and execute DaVinci workflows to observe and troubleshoot different risk-based login scenarios:

• Initiate a new user account interaction
• Log in as a High-Risk user
• Log in as a Medium-Risk user
• Log in as a Low-Risk user

Lesson 3: Reducing MFA Fatigue

Learn about techniques and configurations that minimize unnecessary MFA prompts without compromising security:

• Understand MFA fatigue
• Mitigate MFA fatigue
• Test risk-based authentication flows

Chapter 3: Preventing Account Takeover and New Account Fraud

Identify complex fraud patterns and implement risk-based policies to proactively mitigate ATO and NAF across your environments.

Lesson 1: Understanding the Fraud Cycle

Analyze fraud stages, map indicators to risk signals, and configure the Protect Synthesizer (ProtectSynth) to implement ATO and NAF risk policies that disrupt fraudulent activity:

• Define the fraud cycle
• Disrupt the fraud cycle using PingOne Protect
• Illustrate fraud cycle scenarios
• Create ATO and NAF risk policies
• Install and configure ProtectSynth

Lesson 2: Configuring Risk Policies to Prevent ATO

Correlate PingOne Protect predictors with risk signals, simulate user events, and optimize risk policies to maximize detection accuracy while minimizing false positives and false negatives:

• Correlate ATO risk patterns with predictors
• Deploy composite predictors to minimise false negatives
• Mitigate ATO risk using composite predictors

Lesson 3: Configuring Risk Policies to Prevent NAF

Configure and validate a NAF risk policy in PingOne Protect, by correlating risk predictors and detecting coordinated fraud patterns:

• Correlate and detect NAF risk patterns
• Configure and validate the NAF risk policy

Lesson 4: Optimizing Risk Policies for ATO and NAF

Apply ATO and NAF prevention best practices and tune corresponding risk policies to optimize fraud detection while minimizing false positives and operational impact:

• Describe best practices to prevent ATO and NAF
• Implement best practices to prevent ATO and NAF
• Tune the ATO risk policy
• Tune the NAF risk policy

Chapter 4: Managing PingOne Protect

Monitor risk events and evaluate policy performance in PingOne Protect so you can use reporting and analytics to identify trends, investigate anomalies, and refine risk policies while preserving a seamless user experience.

Lesson 1: Monitoring Risk Events and Policy Performance

Analyze and monitor PingOne Protect components, interpret flow types and associated risk policies, and regulate false positives so you maintain accurate risk evaluation and strong policy performance:

• Observe PingOne Protect components
• Understand flow types and risk policies
• Monitor user events

Lesson 2: Tuning Risk Policies

Optimize PingOne Protect risk policies by preparing for effective tuning, adjusting key predictors, and using staging policies and dashboards to validate and improve policy performance before production:

• Prepare for tuning
• Harness risk predictors and staging policies
• Use staging policies to refine risk policies

Lesson 3: Reporting and Analytics Best Practices

Apply reporting and analytics best practices by explaining the strategic value of PingOne Protect risk data and analyzing the Threat Protection Dashboard views to support informed, data-driven security decisions:

• Emphasize reporting and analytics• Analyze risks in the Threat Protection Dashboard