Managing cloud resources

When you register an Amazon Web Services (AWS), Google Cloud Platform (GCP), or Azure account, the PingOne Privilege controller periodically scans the account to discover its resources.

These discovered cloud assets are categorized and displayed in two sections of the PingOne Privilege admin console:

Targets
Resources

You can also manage Snowflake roles and resources from the admin console.

Targets

The Targets section of the admin console contains resources that users sign on to, including:

Servers, via SSH
Windows servers, via RDP
Databases
Kubernetes clusters
Kafka clusters
Application roles

Configuring targets for access

Target resources must be regiastered and configured before users can access them using the self-service portal.

This involves several key configuration steps:

Register target resources to make them visible and manageable.
Configure gateways and relays to provide secure access paths.
Enable certificate-based SSH for Linux and macOS servers.
Set up database access for supported database types.

Onboarding target resources

Register target resources with PingOne Privilege to make them available for self-service. When you register a resource, it appears in the Targets menu of the admin console.

Cloud provider tags
PingOne Privilege admin console

Register using cloud provider tags

You can automatically register target resources by assigning a specific tag to resources within your AWS, GCP, or Azure accounts.

The PingOne Privilege platform discovers and manages resources with the following tag and value pair:

Tag: PingOne Privilege
Value: managed

Register using the admin portal

To use the admin console to register individual target resources:

In the PingOne Privilege admin console, click Targets.
(Optional) Filter resources using any of the following:

Access status: Select the Ungranted filter checkbox and ensure the Granted filter checkbox is cleared.

Target type: Select a target type checkbox, such as server or database.

Cloud provider: Select a Cloud Provider icon.

Cloud account: Select the specific account from the Account list.
Use the list to locate the resource to register and then click More Info.
On the resource details page, click the Managed toggle in the upper-right corner.

Use the search bar to find a specific resource quickly before clicking More Info to manage it.

Resources

The Resources section of the admin console displays cloud assets that do not require users to sign on, such as:

Storage buckets
Serverless functions
Related platform services

Access to these resources is managed using temporary cloud provider identity and access management (IAM) roles. Once access is allowed, you can use resources via a command-line interface (CLI) or the cloud provider’s web console.