PingOne

Viewing user details

Use the Users page to view and manage all users in your organization.

Steps

  1. In the PingOne admin console, go to Directory > Users and browse or search for the user you want to view.

    You can narrow your search to a particular population. Learn more in Searching for users.

  2. Click the user entry to open the user details panel.

Result

The user details panel shows specific information for the user across several tabs.

User details panel
Profile tab

Shows name, user name, and other contact information for the user. You can also see when the user identity was created and updated.

Groups tab

Shows group membership for the user. Learn more in Groups.

Roles > Administrator Roles tab

Shows the PingOne administrator roles that are currently assigned to the user. Administrator roles are collections of permissions for managing access to resources in the PingOne admin console, such as organizations, environments, and identities. Learn more in Administrator Roles.

If there aren’t any application roles available in the environment, the settings are on the Roles tab.
Roles > Application Roles tab

Shows the application roles that are currently assigned to the user. In PingOne environments that include the PingOne Authorize service, application roles help you manage access to the application resources developed by your organization’s engineering teams. Learn more in Application roles.

If there aren’t any application roles available in the environment, this tab isn’t visible.
Services > Authentication tab

Shows details about authentication methods, as well as identity providers and linked accounts.

  • Multi-Factor Authentication: Shows whether multi-factor authentication (MFA) is enabled for the user.

  • Methods: Shows the MFA methods and devices paired for the user, such as email, mobile, or SMS. You can see when a method or device was paired, and remove or block a particular authentication method. If an end user has renamed an MFA method, it appears here.

  • Authoritative Identity Provider: Shows the current authoritative identity provider (IdP) for the user and the origin of the user. The latter includes the information from the LDAP gateway, such as user type and password authority, if the user was migrated through it.

  • Sessions and Devices: Shows current and recent sessions for the user. A session defines a set of user activity within PingOne applications. Learn more in Managing user sessions.

  • Linked Accounts: Shows any external accounts, such as Google or Apple, linked to the PingOne user account.

  • Integrations (Workforce only): Shows any services that are enabled for the user.

Services > Consent tab

Shows the most recent agreement to which the user has consented.

Services > Credentials tab

(PingOne Credentials only) Shows the credentials for the current user. Learn more in Managing a user’s credentials.

Services > ID Verification

(PingOne Verify only) Shows identity verification information for the user. If you’ve enabled Identity Assurance (IDA) in a verify policy, you can also view the IDA. Learn more in PingOne Verify and Creating a verify policy.

IDA is an extension of the OpenID Connect (OIDC) protocol that provides verified user information and metadata about the verification process used for access control. Learn more in PingOne Verify and identity assurance and Editing a user.

IDA attributes are verified during the identity verification process and stored per policy configuration.
Services > Sync status tab

If you have set up provisioning for the user, this tab shows details about syncing with external identity stores. Learn more in Provisioning.

The following list shows the possible states for each identity:

  • Healthy: The user account was successfully synced to the target identity store.

  • Partial sync: The user account exists in the target identity store, but the user attributes were not fully synced. Ensure that the Allow users to be updated option is selected in the provisioning connection.

  • Not synced: The user account does not exist in the target identity store. Ensure that the Allow users to be created option is selected in the provisioning connection.

  • Sync failure: The user account was not synced to the target identity store because of an error. Check the configuration of the provisioning connection.

API tab

Shows user information in a format that is easy for application developers to use. Learn more in Access user information to send to application developers.