PingFederate Server

Enabling profile management

In addition to registration, you can enable self-service profile management and specify which local identity fields users can update on the profile management page.

About this task

Use the administrative console to enable profile management.

To illustrate the configuration steps, consider the sample use case in Setting up self-service registration or Enabling third-party identity providers with the added requirement of allowing users to modify their mobile number and to remove their local accounts.

Configuration steps:

As the required components remain the same, the step sequence matches those in Setting up self-service registration and Enabling third-party identity providers as well. If you require more information for a given step, see the same step in one of the aforementioned pages.

Steps

  1. Set up PingDirectory to connect with PingFederate.

  2. Create an authentication policy contract. For more information on how to create an authentication policy contract, see Managing policy contracts.

  3. Configure profile management when creating a new or reconfiguring an existing local identity profile.

    1. Go to Authentication → Policies → Local Identity Profiles configuration wizard.

    2. On the Profile Info tab, select the Enable Profile Management check box. Click Next.

    3. Optional: On the Authentication Sources tab, define authentication sources. For more information, see Defining authentication sources.

    4. On the Fields tab, select the Profile Management check box under Applies To for the applicable fields as you define local identity fields.

      These selected local identity fields will be shown to authenticated users on the profile management page.

      For this sample use case, select the Profile Management check box for the lipMobile local identity field.

    5. On the Email Verification tab, click Next.

    6. On the Registration tab, click Next.

    7. On the Profile Management tab, select the Enable Profile Deletion check box.

    In general, this is an optional feature. It is selected here because it is one of the requirements of this sample use case.

  4. Configure an HTML Form Adapter instance for customer identities. For more information, see Configuring the HTML Form Adapter for customer identities.

  5. Create an IdP authentication policy. For more information, see Defining authentication policies.

  6. Provide the profile management URL to users.

    1. Go to Authentication → Policies → Local Identity Profiles.

    2. Select the local identity profile that you have configured profile management in [step_o3x_zvl_wcb].

    3. Copy the profile management URL as shown on the Summary tab and pass it to the users.

Result

You have now successfully enabled profile management. Authenticated users can review and modify the local identity fields that have been configured to show on the profile management page and delete their local accounts if the option has been enabled.

The following screen capture provides a sample of the profile management page based on the sample use case.

A screen capture of a user’s profile management page.

If you add Facebook, Google, LinkedIn, and Twitter to the local identity profile, when a user accesses the profile management page, the user will see a page similar to the following screen capture.

A screen capture of a user’s profile management page when you have added Facebook, Google, LinkedIn, and Twitter or other third-party identifier to the local identity profile.

If you have only one authentication source, the profile management page reminds the users that they must set a password for their local accounts before disconnecting the third-party identity provider.