PingOne Privilege

Setting up your environment in PingOne

This topic guides administrators through the process of setting up a new environment for PingOne Privilege. The environment setup is the first step to enable secure, centralized privileged access management (PAM) for your organization.

Before you begin

  • Access to the PingOne admin console.

  • Make sure you have the following administrator roles assigned: Identity Data Admin, PingOne Privilege Administrator, and Application Owner (all three are required for initial setup).

  • A PingOne environment and solution built with PingOne SSO and PingOne MFA. Learn more about Building solutions in the PingOne documentation.

Steps to set up your environment

  1. In the PingOne admin console, go to Overview.

  2. In the Services section, click the icon.

  3. In the Add a Service list, select PingOne Privilege.

    A screenshot showing the Add a Service list with p1privilege selected.

  4. Select the Authentication Mode.

    The authentication mode determines how you will deploy PingOne Privilege and how users will authenticate when requesting access to resources. Learn more in Choosing a deployment model.

  5. Click Finish.

  6. Create a group for PingOne Privilege administrators and assign the required administrator roles to the group:

    1. In the PingOne admin console, go to Directory > Groups.

    2. Click the icon.

    3. Enter a Group Name. Click Save.

  7. Grant access to PingOne Privilege for the administrator group.

    1. In the PingOne admin console, go to Applications > Applications.

    2. Click on the p1privilege application.

    3. In the Access tab, click the Pencil icon.

    4. In the Edit Access window, select the group you created for PingOne Privilege administrators. Click Save.

  8. Ensure administrators are members of the group you created for PingOne Privilege administrators:

    1. In the PingOne admin console, go to Directory > Users.

    2. Select a user that will be a PingOne Privilege administrator.

    3. In the Groups tab, select the group you created for PingOne Privilege administrators. Click Save.

    4. Repeat the previous two steps for each user that will be a PingOne Privilege administrator.

  9. For each administrator, provide roles:

    1. In the PingOne admin console, go to Directory > Users.

    2. Click the user you would like to assign administrator roles to.

    3. In the Roles tab, click a role to assign it to the user. Click Save.

      The following roles are required for initial setup of PingOne Privilege:

      • PingOne Privilege Administrator: Required to create onboarding links to invite users to PingOne Privilege and to manage its resources.

      • Identity Data Administrator: Required to manage users and groups in the directory.

      • Application Owner: Required to grant access to PingOne Privilege for the administrator group.