Ping Identity
Visualize Ping Identity users, groups, applications, and roles, map Ping Identity users to employees, and monitor changes through queries and alerts.
- Installation guide
- Ping Identity data model
Installation
To install this integration, you will need to configure settings both within PingIdentity and on JupiterOne. Before enabling in JupiterOne, ensure that you complete the setup within your PingIdentity.
Configuration in PingIdentity
Create a PingIdentity application connection:
- Navigate to Connections and click + Add Application.
- Select the
Worker
application type and click Configure. - Create the application profile by entering the following information:
- Application name. A unique identifier for the application.
- Description (optional). A brief characterization of the application.
- Icon (optional). A pictorial representation of the application. Use a file up to 1MB in JPG, JPEG, GIF, or PNG format.
- The worker application must have READ permissions for the ingested resources,
namely:
USER
,ROLES
,GROUP
,APPLICATION
, andENVIRONMENT
.
- Click Save and close.
The Applications page will now show your new application. To view the application's access token, you must enable the new application, which can be done by clicking the Enable toggle switch on the right. The toggle switch will show green to confirm that the new application is enabled.
Get the application access token
Now that the application has been created and enabled, you will need to get the application's access token.
- Navigating to the application's Configuration tab.
- Expand the General section.
- Scroll down to the Advanced section and click Get Access Token.
- Copy the Access Token for use in JupiterOne.
For additional information on creating application connections and generating access tokens, see PingIdentity's documentation.
Acquire your Environment ID
The last step before enabling the integration in JupiterOne is to acquire your Environment ID from the Admin console. Navigate to Settings > Environments > Properties and copy the Environment ID.
Configuration in JupiterOne
To install the PingIdentity integration in JupiterOne, navigate to the Integrations tab in JupiterOne and select PingIdentity. Click New Instance to begin configuring your integration.
Creating a configuration requires the following:
The Account Name used to identify the PingIdentity account in JupiterOne. Ingested entities will have this value stored in
tag.AccountName
when theAccountName
toggle is enabled.Description to assist in identifying the integration instance, if desired.
Polling Interval that you feel is sufficient for your monitoring needs. You may leave this as
DISABLED
and manually execute the integration.Your PingIdentity AccessToken, Environment ID, and Location generated for use by JupiterOne.
Click Create once all values are provided to finalize the integration.
Next steps
Now that your integration instance has been configured, it will begin running on the polling interval you provided, populating data within JupiterOne. Continue on to our Instance management guide to learn more about working with and editing integration instances.
Data Model
Entities
The following entities are created:
Resources | Entity _type | Entity _class |
---|---|---|
Account | pingone_account | Account |
Application | pingone_application | Application |
Role | pingone_role | AccessRole |
User | pingone_user | User |
UserGroup | pingone_group | UserGroup |
Relationships
The following relationships are created:
Source Entity _type | Relationship _class | Target Entity _type |
---|---|---|
pingone_account | HAS | pingone_application |
pingone_account | HAS | pingone_group |
pingone_account | HAS | pingone_role |
pingone_account | HAS | pingone_user |
pingone_application | ASSIGNED | pingone_role |
pingone_group | HAS | pingone_group |
pingone_group | HAS | pingone_user |
pingone_user | ASSIGNED | pingone_role |