KODESTREE

Menu
Enroll Now
Request a Call Back
Courses / IAM / PingOne 80-Hour Course Design (Curriculum)
IAM

PingOne 80-Hour Course Design (Curriculum)

K
Teacher

kodestree

Category

IAM

Last Updated

March 14, 2026

0 /0

About Course

This 80-hour PingOne training is structured as a 10-day (8-hr/day) program covering PingOne’s core
modules and use cases. It spans foundational IAM concepts through advanced integration and a capstone
project. The curriculum combines lectures, hands-on labs, quizzes and a final project. Below is an outline of
modules, topics, labs and assessments, with prerequisites and certification guidance.

Prerequisites and Learning Path

  • Target Audience: IAM engineers and architects, sysadmins, devs new to PingOne.
  • Prerequisites: Basic networking, LDAP, and modern auth concepts. Familiarity with OAuth/OIDC and SAML is helpful. Completion of Ping Identity essentials (PingAM, PingDS, etc.) or equivalent knowledge is recommended . Some admin-level experience (3–6 months) with cloud IAM is ideal.
  • Certification Path: Prepares for the Ping Identity Certified Professional – PingOne certification (PICP-P1). This exam validates common PingOne admin tasks (user/app management, policies, federation, etc.). Earning PICP-P1 demonstrates readiness to operate PingOne in production.
Show More

Course Curriculum

Module 1: IAM and PingOne Platform Fundamentals (Day 1)

Module 2: User Store & Provisioning (Day 2)
Topics: User identity stores: LDAP fundamentals, PingDirectory installation (on-prem) and PingOne Directory (cloud) . Population management (users, groups, attributes). Provisioning: Bulk import (CSV) vs. live sync concepts; connecting identity stores to PingOne (e.g. Connector setup with Postman/Bruno) . - Hands-on Labs: - LDAP Lab: Install an LDAP server (e.g. ApacheDS), create schema/DIT, sync users to PingOne. - Provisioning Lab: Use CSV import and API (Postman) to provision users and groups into PingOne; test live sync. - Assessment: Worksheet on population design; lab report.

Module 3: Identity Orchestration (DaVinci) (Day 3)
Topics: PingOne DaVinci orchestration engine (no-code workflows) . DaVinci console UI, Canvas nodes, flow branching, subflows. Use Cases: Registration and login journeys, conditional logic, multi-channel authentication. - Hands-on Lab: Build a sample registration/login flow using DaVinci: e.g. integrate Google OAuth or SMS OTP step. Verify conditional steps (e.g. device or group-based step-up). - Assessment: Quiz on orchestration concepts; lab design critique.

Module 4: Security and MFA (Day 4)
Topics: Trust and PKI (keys, certificates, CSR generation) for signing/encryption . Multi-Factor Authentication methods in PingOne (email/SMS OTP, Push, FIDO2/WebAuthn) . Use Cases: Policybased MFA triggers, FIDO authenticator setup. Hands-on Lab: - PKI Lab: Generate key pairs and import signing/encryption certs into PingOne. - MFA Lab: Configure an MFA policy (e.g. require OTP or FIDO) and enroll a user’s device; test login. - Assessment: Scenario quiz: “Which MFA method to use?”, lab validation.

Module 5: Federation and SAML SSO (Day 5)
Topics: SAML 2.0 protocol in PingOne. Just-In-Time (JIT) provisioning via SAML assertions. IdP vs. SP-initiated SSO; SAML 6-step flow . Metadata, certificate management for SAML. Hands-on Labs: - SAML Lab: Configure PingOne as SAML IdP and SP; perform SP-initiated and IdP-initiated logins using a demo app. Enable JIT provisioning to auto-create users from SAML attributes. Use SAML tracer tools to debug. - Assessment: Quiz on SAML steps and roles; review SAML workflow lab exercise.

Module 6: OAuth2/OIDC (Day 6)
Topics: OAuth2 and OpenID Connect fundamentals . Authorization flows: Authorization Code, Implicit, PKCE, Client Credentials, and Resource Owner grants . Token types (ID, Access, Refresh) and validation. PKCE and mobile considerations. - Hands-on Labs: - OIDC Lab: Register an OIDC client in PingOne and test login flows (Auth Code + PKCE) using a browser or Postman. - Grant Lab: Use Postman to exercise Client Credentials, Resource Owner, and Refresh token flows . - Assessment: Lab report on grant behaviors; quiz on grant use cases.

Module 7: Social Login and API Integration (Day 7)
Topics: PingOne as a Social OIDC/OAuth broker. Configuring external IdPs (Google, Facebook, etc.) . Webhooks: definition and use for custom logic. Attribute mapping and transformation between systems. - Hands-on Labs: - Social Login Lab: Configure PingOne to use Google as an external IdP; enable “Login with Google” on an app. 7 12 12 13 14 4 15 16 17 18 2 - API Lab: Use PingOne REST APIs (or PingAccess/IDM APIs) for user management (CRUD) and for fetching audit logs. Test with curl or Postman . - Assessment: Quiz on social login config; lab integration checklists.

Module 8: Access Management (PingAccess) (Day 8–9)
Topics: PingAccess policy server overview . Architecture: Gateways, Agents, Sites, Sessions and Stores . Protecting web apps/APIs via PingAccess with PingOne as token provider. Performance and clustering in SaaS mode. - Hands-on Labs: - PingAccess Lab: Deploy PingAccess on-prem; configure a protected web application and register PingOne as the OAuth provider. - Hybrid Login Flows: Test SSO across on-prem and SaaS apps (PingAccess PingOne). - Operations Lab: Set up health alerts/monitors for PingOne; simulate system events. - Assessment: Scenario exercise on choosing access control strategy; lab success criteria.

Module 9: Directory, Federation and Troubleshooting (Day 10)
Topics: Review PingDirectory and PingFederate roles (brief). Server engineering deep-dive (Docker, multizone deployment). Monitoring/logging (PingOne logs, transaction logs) and troubleshooting methodologies . Best practices and IAM governance (account review, password policies, audit). - Hands-on Labs: - Troubleshooting Clinic: Given a broken SSO/MFA flow, use logs and tracing tools to diagnose (instructorled). - Capstone Project: End-to-end scenario: deploy a new application using PingOne (configure directories, auth policies, login flow, MFA, and audit logs). This “Go-Live Simulation” ties all learning objectives together. - Assessment: Final practical exam (capstone project demo) and written quiz on advanced topics.

Course Logistics and Materials
Delivery: Instructor-led (ILT or virtual), with interactive lectures (slide decks) and live demos . Emphasis is on hands-on labs (80% lab exercises). Labs: Each module includes guided labs using PingOne tenant(s) and open-source tools (Postman, OpenSSL, SAML tracer). Sample environments include pre-provisioned PingOne/PingAccess tenants and LDAP/PingDirectory VMs. Materials: Course slideware, lab guides, cheat-sheets (OAuth/SAML flows). Provide PingOne trial accounts or use Ping’s sandbox for hands-on practice. Supply digital certificate examples for PKI labs. Assessments: Quizzes or short tests after each module (to reinforce concepts). A final capstone project counts as the summative assessment. Attendance and lab completion certificates awarded.

Recommended Certification
At course end, students are prepared to take Ping Identity Certified Professional – PingOne (PICP-P1) . Optionally, those focused on workforce IAM can also pursue Ping Identity Certified Professional – PingFederate (for on-prem federation) or ForgeRock Certified Professional – PingOne Advanced Identity Cloud (for the CIAM variant). The curriculum covers the bulk of the PICP-P1 objectives (tenant setup, SSO config, MFA, APIs, etc.), ensuring readiness for the official exam. Sources: Curriculum design is based on Ping Identity’s official course outlines and community resources , industry training providers (Red Education, Ascendient) and the “Deployment-Ready” use case document provided. These outline the core PingOne modules (SaaS IAM, orchestration, security, federation, OAuth/OIDC, directory integration, PingAccess) and their practical labs . The syllabus aligns with PingOne’s recommended training path and job-role requirements, ensuring comprehensive coverage of identity orchestration, authentication protocols, and operational best practices in PingOne deployments .

Your Instructors

K
kodestree
0 Rating 71 Courses 0 Students
70,000.00
Buy Course
This course includes:
Duration 80h
Skill Level Intermediate
Certificate Yes
Share Course
Page Link
Share On Social Media
Contact Us

Quick Links

Courses

Contact Us

  • Street No:15, Kundalahalli Gate, Sunrise Heights, Sai Baba Temple Rd, Green Garden Layout, Bengaluru, Karnataka 560037
Copyright © 2025 Kodestree. All rights reserved.
error: Content is protected !!