PingOne

Early Access: Please contact our support team to enable the PingOne integration for your platform.

Overview

The Veza integration for Ping Identity enables discovery of PingOne Users, Groups, Roles, Populations, Applications, and external Identity Providers.

Once configured, you can use the integration to:

• Extract and search for user attributes, including custom attributes.

• Display users and their assigned applications based on group membership.

• Review all users, identity providers, and applications in a PingOne environment.

• Add custom mappings to define relationships with other integrated systems.

See notes and supported entities for more information.

Setting up the PingOne Integration

Create a new application to access all environments

1. In one of your environments, navigate to Connections > Applications.

2. Click on + to add a new application.

4. In the Roles tab, click Grant roles.

Proceed to the Veza platform to complete the integration using the client secret, client ID, and environment ID obtained from step 6.

Add integration to the Veza Platform

1. Within Veza, navigate to Integrations.

2. Click Add New and choose Ping One as the integration type.

3. Provide the necessary details and click Save.

Optionally, you can define Custom Properties for PingOne users that Veza should recognize. PingOne supports two types of custom attributes: Declared (string attributes, possibly multivalued) and JSON (structured). Veza currently recognizes only Declared attributes (strings and lists of strings). JSON attributes are not supported at the moment.

Before finalizing the configuration, consider adding a custom identity mapping for any data sources that Ping Users might access.

Notes and Supported Entities

After setting up the integration, Veza will recognize the following entity types and attributes:

Ping One Organization

An Organization is the primary entity within Ping Identity, encompassing one or more Environments. Each environment is configured individually.

Attributes supported by Veza:

• OrganizationType

• Description

Ping One Environment

Each PingOne Environment houses distinct sets of Users, Groups, Applications, and Identity Providers.

Attributes supported by Veza:

• OrganizationID

• Region

• Description

• EnvironmentType

Ping One User

A User entity represents an account or digital identity utilized for single sign-on with applications integrated with PingIdentity IAM solutions.

Attributes supported by Veza:

• EMail

• CreatedAt

• UpdatedAt

• UserLastLogin

• UserIsActive

• UserIsLocked

• MFAActive

• FirstName

• LastName

• NickName

• IDPUniqueID

• CountryCode

• Region

• EmailVerified

• ExternalID

• LifecycleStatus

• VerifyStatus

• Title

• Username

• RoleAssignments

Ping One Application

Users can access different applications based on their configurations within Ping:

Veza supports application attributes:

• CreatedAt

• UpdatedAt

• UserIsActive

• HiddenFromUI

• LoginPageURL

• Protocol

• Type

• ACLAdminUserOnly

• ACLGroupsAll

• ACLGroupsAny

• ServiceProviderEntityID

• AcsUrls

Within Ping, application access can be limited 1) only to admins and 2) based on group membership. There are different options for group membership requirements:

• No group limitation

• Users must belong to any of the selected groups

• Users must belong to all selected groups

Ping One Group

A group consists of users who might be granted access to Applications and can be associated with Populations.

Attributes supported by Veza:

• IDPUniqueID

• UserFilter

• Description

• Population

• ExternalID

Ping One Population

In addition to groups, Ping Identity introduced Populations that can be associated with Users and Groups.

Attributes supported by Veza:

• Default

• Description

• Population

Ping One Role

Roles are collections of permissions assignable to an application, connection, or user. Examples include roles like Organization Admin or Client Application Developer.

Attributes supported by Veza:

• Permissions

• Description

• Scope