PingOne Advanced Identity Cloud

Data (identity) management

In PingOne Advanced Identity Cloud, data management covers a wide-range of activities including:

Item Description

Identity object schema

The model for your data including users, roles, and applications. Create new objects or modify existing ones so that each object represents the properties your organizations requires.


Create organizations in PingOne Advanced Identity Cloud when you want to group identities to suit your business needs.

For example, you can build an organization structure modeled after your brand hierarchy. This lets you control access to business applications with tailored login experiences. You can also use organizations to delegate user administration.


Roles define privileges for user and device identities. Roles let you automatically assign and update privileges in numerous identity profiles. For further information about roles and assignments, refer to Roles and assignments.

The role object is a managed object type that uses the relationships mechanism to link the role to the managed object to which it applies.


While you can use applications for authentication, applications are also used for provisioning and synchronization.

The use cases in this section focus on data management in a holistic way:

Use case Description

Create test users and roles

Create test users and roles, assign users to roles, and log in to the Identity Cloud End User UI as one of the users.

Assign roles to users dynamically

Dynamically assign a user to a role based off a criteria being met.

Provision data between Advanced Identity Cloud and PingDirectory

Provision accounts to and from Advanced Identity Cloud and PingDirectory.

Create organizations to delegate administration

Configure Advanced Identity Cloud to group users into organizations. Use organizations to delegate user administration to different groups of users.

Enable managers to manage their direct reports

Configure Advanced Identity Cloud to enable managers to update their direct reports' information and assign provisioning roles to them through Identity Cloud End User UI.

Provision users from Microsoft Entra ID (Azure AD)

Provision accounts from Microsoft Entra ID (formerly Azure AD) into Advanced Identity Cloud.

Provision data from Active Directory (AD) using RCS

Provision accounts from an on-premise Active Directory (AD) server into Advanced Identity Cloud.

Copyright © 2010-2024 ForgeRock, all rights reserved.