PingOne Advanced Identity Cloud

Set up administrators

While this PingOne Advanced Identity Cloud use case was validated for accuracy, it can always be improved. To provide feedback, click thumb_up or thumb_down in the top right of this page (you must be logged into Backstage).

Description

Estimated time to complete: 15 minutes

In this use case, you operate as a super administrator and run tasks to view the tenant settings and invite other administrators on Advanced Identity Cloud.

Goals

After completing this use case, you will know how to do the following:

  • View the tenant settings.

  • Invite other users to be administrators.

Prerequisites

Before you start work on this use case, make sure you have these prerequisites:

  • A basic understanding of:

  • You have received an email from Backstage Support to set up your administrator account for your tenant environments.

  • You have registered your Advanced Identity Cloud account and set up two-step verification in all environments (development, staging, and production).

  • Access to your development environment as an administrator.

  • To test creating a test administrator, an additional email you have access to.

Tasks

Task 1: View tenant settings

  1. In the Advanced Identity Cloud admin UI, open the TENANT menu (upper right), and click Tenant settings. The Tenant Settings page displays.

    Tenant settings detail page

  2. Click Details to display your tenant’s information:

    Field Description

    Tenant name

    Specifies the identifier assigned to the tenant during onboarding and registration. This identifier is not configurable.

    Region

    Specifies the region where your data resides.

    Environment tag

    Describes the type of tenant environment. The possible tags are:

    • Dev: Environment used to build and add new features.

      The number of identity objects in a development environment is limited to 10,000.

      The 10,000 limit applies to the total sum of all identity object types combined, including applications, assignments, custom identity objects, groups, OAuth 2.0 clients, organizations, relationships, roles, SAML entities, policies, and users.

    • UAT: User acceptance testing (UAT) is a dedicated environment used for testing applications or capabilities with real users before deploying them into production. The UAT and staging environments are used often in parallel to run different usability, stress, and load tests. The UAT environment is an Advanced Identity Cloud add-on capability.

    • Staging: Environment used to test development changes, including stress and scalability tests with realistic deployment settings.

    • Prod: Environment used to deploy applications into operational end-user activity.

    • Other: Environment other than Dev, Staging, or Prod. For example, a demo tenant.

  3. Click Global Settings to view the specific settings:

    Advanced Identity Cloud global settings
    Field Description

    Cookie

    Copy the field value to the clipboard by clicking the icon. The Advanced Identity Cloud tenant cookie is a unique, pseudo-random session cookie for the tenant, generated when your tenant is created. You use the tenant cookie in HTTP headers for Advanced Identity Cloud API requests.

    Cross-Origin Resource Sharing (CORS)

    View the details, add, edit, deactivate, and delete a CORS configuration. CORS provides the ability to integrate web applications in one domain and interact with protected resources in another domain. Learn more in Configure CORS.

    Environment Secrets & Variables

    View the secrets and variables details. Environment Secrets & Variables (ESVs) are configuration variables letting you set values different from your development, staging, and production environments in the Advanced Identity Cloud. Learn more in Introduction to ESVs.

    IP Addresses

    Ping Identity allocates outbound static IP addresses to each of your development, staging, and production tenant environments (and to any sandbox[1] and UAT[2] tenant environments). This lets you identify network traffic originating from Advanced Identity Cloud and from individual environments within Advanced Identity Cloud.

    Log API Keys

    Use the log API key and secret to authenticate and access the Advanced Identity Cloud REST API endpoints. Learn more in Authenticate to Advanced Identity Cloud REST API with API key and secret.

    Service Accounts

    View, create, edit, activate or deactivate, delete, and regenerate your service account keys. Service accounts let you request access tokens for REST API endpoints. Learn more in Service accounts.

    End User UI

    View and manage your hosted UI pages. Hosted UI pages support customizable themes for your Advanced Identity Cloud end-user UI. Learn more in Advanced Identity Cloud hosted pages.
Check in

At this point, you have:

Viewed your tenant details and global settings.

Task 2: Invite administrators

  1. In the Advanced Identity Cloud admin UI, open the TENANT menu (upper right), and click Invite admins to send invitations to other users to become administrators. You are authorizing them to manage settings in your tenant.

    Invite admins link on the tenant menu
    From the tenant menu, you can add other administrators by clicking Tenant settings > Admins > Invite Admins.

  2. In the Invite Admins dialog box, enter the test user’s email.

  3. Click Tenant Admin to grant privileges to the test user. There are two types of administrator groups on Advanced Identity Cloud:

    • Super Admin: An administrator who has full access to all administrative features and can manage every aspect of this tenant, including adding other administrators.

    • Tenant Admin: An administrator who has full access to all administrative features, except the ability to add other administrators.

  4. Click Send Invitations.
    Advanced Identity Cloud sends an email to the test user’s address containing instructions to register an administrator account.

    Invite others to become an administrator.
Check in

At this point, you have:

Viewed your tenant settings.

Invited a test user to become an administrator.

Validation

You have viewed your tenant settings and invited other users to become administrators. Now, validate adding another administrator by registering and signing on as the additional administrator.

Register test administrator

  1. Access the email of the test administrator.

  2. Click on the email from Advanced Identity Cloud.

  3. Click Complete Registration.

  4. Fill out the fields to register the test administrator.

  5. Click Next.

  6. Select your region of residence, agree to the privacy policy, and click Next.

  7. Click Set up and register for 2-step verification. The Advanced Identity Cloud admin UI displays.

  8. Sign off as the test administrator and sign back on with your original administrator (super admin) account.

Manage other administrators

  1. As the super admin, test deactivating, reactivating, and deleting the test administrator:

  2. Click Tenant Settings.

  3. Click the Admins tab to view the list of administrators.

    When an invited administrator successfully registers, the status column changes from Invited to Active.

  4. Find the test admin. Click the ellipsis icon (), and then click Deactivate.

  5. For the same test admin, click the ellipsis icon (), and then click Activate.

  6. For the same test admin, click the ellipsis icon (), and then click Delete. Then, click Delete on the confirmation dialog. The test admin no longer displays on the list of administrators.

Explore further

Reference material

Reference Description

Administrator settings

Procedures to set your administrator settings.

Tenant environments

Learn about the Advanced Identity Cloud’s tenant environments.

The ForgeRock Authenticator application

Download the ForgeRock Authenticator application to use for MFA.
Copyright © 2010-2024 ForgeRock, all rights reserved.