Configuring Customer Management in PingOne Cloud: A Guide for MSPs

Configuring Customer Management in PingOne Cloud: A Guide for MSPs

Managed Service Providers (MSP)  play a pivotal role in managing identity access management. A go-to IAM solution is Ping Identity's PingOne Cloud which offers a robust platform for MSPs to efficiently oversee individual customer identity environments. This guide outlines the essential PingOne Cloud components and provides step-by-step instructions to help MSPs properly segregate each customer's population, user directory, authentication, and access control policies.

Key Components of PingOne Cloud

PingOne Cloud is a cloud-based SaaS service that provides identity and access management capabilities. It allows organizations to manage user identities, authentication, and authorization for their applications and services in the cloud.

• Organization: The MSP Provider’s PingOne Cloud SaaS Tenant that is set up by Ping Identity.
• Population: Used to define and segregate a customer’s set of users within an Environment.
• Users: The unique identities that interact with the applications and services in the Population to which the user is assigned. You can use the Users page to manage users in your Population.
• Application: Any software program designed to perform specific tasks or functions to support users in various tasks that are integrated with the PingOne Cloud Identity Platform
• Groups: Are used to organize a collection of user identities’ access to applications.
• User attributes: Determine the types of data that are stored for each user, such as name, address, account number, or email address. You can specify the attributes that are applied to users in your Population’s user directory.
• Role: is a collection of permissions that can be assigned to a user, application, or connection.

Benefits of Using PingOne Cloud for MSPs

Managed Service Providers (MSPs) specialize in managing complex IT infrastructures, including Identity and Access Management (IAM). They possess expertise in setting up, configuring, and maintaining Identity-as-a-Service (IDaaS) solutions, ensuring optimal performance and security. MSPs can easily scale IDaaS services to accommodate business growth, changes in user demands, or the addition of new applications, offering flexibility in managing user access and privileges as the organization evolves.

MSPs assist in integrating IDaaS solutions with existing IT systems and applications, optimizing setups for maximum efficiency, and ensuring seamless user experiences through centralized management. Managing IDaaS involves complexities such as user provisioning, authentication protocols, and federation. MSPs alleviate this burden by handling these tasks, allowing businesses to focus on core operations. By partnering with MSPs for IDaaS management, businesses can leverage specialized expertise, ensure reliable and secure identity services, maintain compliance, and offload the complexities of managing IAM solutions to a dedicated and experienced provider.

Configuring Customer Management in PingOne Cloud

To set up and manage customer environments effectively, follow these steps:

1. Log into PingOne Cloud

• Use your administrative credentials to access the PingOne Cloud console.

2. Add an Initial Environment

• From the dashboard, select Environments in the left-hand toolbar.
• Click Add Environment and provide a name that reflects the customer or purpose (e.g., "DEV," "TEST," or "IDMWORKS MIAMI").
• Specify the region and license, then click Finish to create the environment.

3. Create a Population

• From the environment’s dashboard, select Directory > Populations from the left-hand toolbar.
• Click Add Population and give it a name that is unique and identifies the first customer you wish to manage (e.g., "IDMWORKS MIAMI").
• Save the population.

4. Create Groups for Application Access

• In the same population, navigate to Directory > Groups from the left-hand toolbar.
• Click Add Group and name the group using the same customer name as the population, appending the application name at the end (e.g., "IDMWORKS MIAMI CONCUR").
• Repeat this process to add groups for all applications required by this customer.

5. Add Users to the Population

• Navigate to Directory > Users from the left-hand toolbar.
• Click Add User and ensure that the correct population is selected from the Population drop-down menu.
• Enter the required user details (e.g., name, email, etc.) and save.
• Repeat this process for all users associated with the customer.

6. Assign Users to Groups

• For each user, go to their profile under Directory > Users.
• Select the Groups tab from the user’s details page.
• Assign the user to the relevant groups by selecting the appropriate group names that align with the applications they need access to.

7. Add Applications to the Environment

• Navigate to Applications > Applications from the left-hand toolbar.
• To add a custom application, select Add Application and configure its settings.
• Alternatively, select Applications > Application Catalog to add a pre-configured application from the PingOne Cloud catalog.

8. Configure Application Access

• For each application, go to its details page and select the Access tab.
• Click the pencil icon to edit the Group Membership Policy.
• Select the relevant groups by checking the boxes for each group to control access.
• Save the changes.

9. Repeat for Additional Customers

• Repeat steps 2 through 8 for each new customer, ensuring that each environment, population, group, and user is uniquely identified to maintain proper segregation.

Best Practices for Decommissioning Customers

It is highly recommended that ALL artifacts. When removing a customer, follow these steps to ensure all associated artifacts are thoroughly deleted from PingOne Cloud:

• Delete all users associated with the customer.
• Remove all groups created for the customer’s applications.
• Decommission all applications tied to the customer.
• Finally, delete the customer’s population to complete the process.

These best practices ensure a clean and organized system, preventing unnecessary clutter or security risks.

Additionally, these instructions can be revisited as needed for adding, editing, or removing customers, users, or applications. For decommissioning, it is highly recommended to remove all artifacts related to an MSP customer, including users, groups, applications, and the population itself, to maintain optimal system organization and security.

Conclusion

Utilizing PingOne Cloud enables MSPs to efficiently manage individual customer identity platforms with tailored configurations. By properly segregating each customer's population, user directory, and application access control, MSPs can ensure secure and scalable identity management solutions that align with each customer's unique business requirements.

Author: Cory Parson, IDMWORKS, IAM Architect