PingOne

Editing a user in PingOne

Use the Users page to edit users in the PingOne directory.

This topic describes only the fields you can edit. Learn more about all of the fields you can view in Viewing user details.

  • The fields you see and can edit vary based on your role assignment, whether you’re in a Customer or a Workforce environment, and the services your license includes.

  • If you have a PingID account connected to your environment, you can’t edit the Username field.

Steps

  1. In the PingOne admin console, go to Directory > Users and browse or search for the user you want to edit.

  2. Click the user entry to open the details panel.

  3. On the Profile tab, click the Pencil icon () and enter or edit user profile details, such as name, address, company information, contact information, and language preferences.

  4. On the Groups tab, click and add or remove the user from groups.

    If the user doesn’t belong to any groups, you can click Manage Groups to add them to one.

    Learn more in Groups.

  5. On the Roles tab, edit administrator or application roles assigned to the user.

    • On the Roles > Administrator Roles tab, click Grant Roles to assign administrator roles to the user. These roles determine the actions administrators can take in PingOne and where the administrator can take them. Click the Delete icon () to remove administrator roles from the user.

      If there aren’t any application roles available in the environment, you just click the Roles tab.

    • On the Roles > Application Roles tab, click or click Grant Application Roles to assign or unassign roles that determine access to features and API resources in applications developed by your organization.

      If there aren’t any application roles available in the environment, this tab isn’t visible.

      Learn more in Managing user roles.

  6. On the Services > Authentication tab, manage authentication methods, the authoritative identity provider (IdP), active user sessions, and linked accounts for the user.

    Unpairing your last device or disabling MFA on your administrator account through the PingOne Self-Service - MyAccount app will block your ability to authenticate. You’ll need another administrator to re-enable your account or assist with device pairing.

    • Click the Multi-Factor Authentication toggle to enable or disable MFA for the user.

    • To bypass MFA for single sign-on (SSO), in the Multi-Factor Authentication box, click Allow MFA bypass. In the Bypass modal, select the bypass duration and click Bypass.

      The bypass time remaining and a Resume link are shown. Click Resume to resume MFA requirements for the user before the bypass period has passed.

    • In the Methods section, you can manage the MFA methods and devices paired for the user.

      Click an entry to show the date and time that the method or device was paired. For mobile devices that have sent logs, this view also displays the date, time, and support ID of the most recent logs.

      • To change the default device, locate the applicable authentication method, click the More Options (⋮) icon, and then click Make Default.

      • To unpair a method or device, locate the applicable authentication method, click the More Options (⋮) icon and then click Unpair. Unpairing a method removes it from the user profile.

      • To block an MFA method, click the More Options (⋮) icon for the method and select Block. Blocking a method prevents the user from using that method for MFA, but it doesn’t remove the method from the user profile.

        After you block a device, the menu updates to show an Unblock option instead of Block.

    • In the Authoritative Identity Provider section, update the identity provider (IdP) that has authority over user records and defines where a user normally authenticates.

      By default, PingOne is a user’s authoritative IdP, meaning that users authenticate with a PingOne username and password. If there are external IdPs configured for the environment, you can change the authoritative IdP to an external IdP:

      • Click the More Options (⋮) icon and select Edit.

      • On the Authoritative Identity Provider modal, select the applicable IdP and click Save.

      Learn more in Authoritative identity providers.

    • In the Sessions & Devices section, you can end PingOne sessions that are active for the user.

      • To end a session, click the More Options (⋮) icon for the session and select End Session.

      Learn more in Managing user sessions.

    • In the Linked accounts section, manage any external accounts, such as Google or LinkedIn, that are linked to the user profile.

      To unlink an external account, click the More Options (⋮) icon, select Unlink, and select the applicable account.

    • (Workforce only) In the Integrations section, manage the services that should be enabled for the user and configure PingID settings:

      • To disable a service, locate the applicable service, click the More Options (⋮) icon, and then select Disable.

      • To bypass a service, locate the applicable service, click the More Options (⋮) icon, and then select Bypass. In the Bypass modal, select the bypass duration and click Bypass.

        Bypassing a service suspends the need for a user to authenticate using the secondary authentication method for a specified amount of time. After the specified time elapses, PingOne resumes the service automatically.

      • To configure PingID settings, click Configure Now. Learn more about PingID settings in PingID User Life Cycle Management in the PingID documentation.

  7. (PingOne Credentials only) On the Services > Credentials tab, you can revoke credentials for the user. Learn more in Managing a user’s credentials.

  8. (PingOne Verify only) On the Services > ID Verification tab , the actions you can take depend on whether you’re in a Customer or a Workforce environment:

    Customer environments

    View user ID verification (IDV) results and Identity Assurance (IDA). You can manage IDA claims and transactions. Learn more about enabling IDA in Creating a verify policy.

    • In the Identity Assurance Claims section:

      • Click Show to display IDA attributes that were verified during the IDV process and stored per policy configuration.

      • Click Reset Data to reset the identity assurance claims for the user.

    • In the Transaction ID section:

      • Click View to view the metadata Result for a specific transaction ID.

      • Click Manually Approve to approve user ID verification manually.

    Workforce environments

    View the user verification history, reset verification status, or manually approve a user. Learn more in PingOne Verify.

  9. On the API tab, click the Copy icon () to copy particular values, such as user ID, environment ID, and population ID. You can also copy the user record in JSON format.

    You can then forward this information to your application developers.