PingOne AIC is an identity and access management platform that helps organizations securely manage user identities, authentication, and access to applications. For more information refer to the PingOne AIC documentation.
Integration Method: API
Tables: User Inventory Info (5003)
This integration supports the following events.
Event | Description |
|---|---|
Users | Returns all information for all managed users from all configured realms in the repository. |
This integration supports the following versions.
PingOne AIC API version | HTTP requests can optionally include the Accept-API-Version header with the value of the resource version, such as resource=2.0. If no Accept-API-Version header is included, the latest resource version is invoked by the HTTP request. |
Note:
In the DataBee implementation, the Accept-API-Version header is not included. The API invokes the latest resource version by default.
Prerequisites
The user should have access to the PingOne AIC Dashboard with Administrator privileges.
The user should have access to the DataBee console.
Configuration Overview
Create a Service Account in PingOne Advanced Identity Cloud and generate its Service Account ID and private key (JWK) with the required scopes to access the APIs.
Add the PingOne Advanced Identity Cloud data feed in the DataBee console with the below parameters.
DataBee Parameter
PingOne AIC Parameter
API Base URL <instance>
Token URL <instance>
Audience <instance>
Issuer ID
Subject ID
Private Key
Realm Names
PingOne AIC Configuration
Log in to the PingOne Advanced Identity Cloud admin dashboard. In the screenshot shown below, the highlighted URL represents the instance API URL. Save this URL for later use, as it will be required while configuring the data feed. The relevant part is highlighted in red.
For Realm Names, go to the top-left corner, click on the currently selected realm name and choose Switch realm....
From there, copy the realm names for which you want to fetch the managed users and use them while configuring the data feed for PingOne Advanced Identity Cloud.
Click Cancel.
Create a Service Account
Navigate to Profile > Tenant settings.
Under Tenant Settings, navigate to Global Settings, then scroll and click on Service Accounts.
Under Service Accounts, click on + New Service Account.
In the New Service Account page, provide the following details:
After clicking Save, the service account will be created successfully, and a confirmation window will appear.
DataBee Configuration
Login to the DataBee UI, navigate to Data > Data Feeds and click the Add New Data Feed button.
Search for the PingOne Advanced Identity Cloud and click it as shown below.
Click on the API Ingest option for the collection method.
Enter feed contact information, keep Entity Resolution checkbox checked if you want it else uncheck it and scroll down.
In the configuration section, confirm the following:
API Base URL: This is the base URL that DataBee will interact with
Replace the <instance> with your instance value that was copied earlier.Authorization Method: JWT Auth
Token URL: Replace the <instance> with your instance value that was copied earlier.
Issuer ID: Paste the service account ID that you copied earlier.
Subject ID: Paste the service account ID that you copied earlier.
Audience: Replace the <instance> with your instance value that was copied earlier.
Private key: Paste the content of the downloaded private key file.
Realm names: Enter the realm names (comma-separated) for which you want to fetch data.
Event Types: Preselected for all the event types that integration pulls.
Click on the Submit button.
Troubleshooting Tips
Ensure the service account has the required scopes and make sure the correct private key has been pasted.
Verify that the correct realm name is provided (comma-separated if multiple). An incorrect value may result in a wrong realm error.
