PingOne

Configuration management and promotion in PingOne (early access)

Native configuration promotion capabilities are now available for early access in PingOne. For the purposes of early access, this feature is available for sandbox environments only.

The Promote section provides access to the native PingOne configuration management tools. These tools allow you to automate the promotion of configuration resources (such as applications, DaVinci flows, and policies) from one environment to another environment from the PingOne admin console or using the PingOne APIs.

Learn more about using the PingOne configuration management APIs to perform promotions during early access in the Configuration Management (early access) section of the PingOne API documentation.

PingOne configuration management offers a secure, flexible way to promote configuration resources across environments. This automated process streamlines resource deployment and eliminates manual production changes, which reduces errors and downtime.

Key capabilities include:

  • The ability to create, update, and delete configuration resources seamlessly across environments.

  • Dynamic configuration support using promotion variables to manage environment-specific resource differences.

  • Automatic dependency management to ensure smooth transitions between environments.

  • Rollback support so that you can revert the most recent promotion and restore resources to their previous state instantly in the event of errors or unexpected outcomes.

  • Auditing and reporting features to provide oversight and ensure compliance.

At the start of the promotion process, PingOne generates snapshots of your source and target environments, compares the two, and provides information about the environment resources that can be promoted. You can promote a single configuration resource or multiple resources.

Configuration management constraints and considerations

Before you start using PingOne configuration management, review the following constraints and considerations to ensure that it meets your needs and to understand how to use it effectively.

  • You can promote to only one target environment at a time from PingOne and the environments must be in the same PingOne organization. Cross-organization promotions aren’t currently supported.

  • You can promote up to 100 configuration resources in a single promotion. Dependencies that are automatically included with the selected resource don’t count toward this limit.

  • Full environment promotions (promoting all configuration resources from one environment to another) aren’t currently supported, unless the environment contains fewer than 100 configuration resources. Resources must be configured individually. There is no select all option.

  • The following PingOne services don’t support configuration promotion:

    • PingOne Authorize

    • PingOne Credentials

    • PingOne Privilege

    • PingOne Recognize

  • You must have the Promotion Admin role or a custom role with equivalent permissions in both the source and target environments to create and complete a promotion and to create and assign promotion variables.

  • Both the source and target environments should include the same PingOne services and connected products. For example, if your source environment includes PingOne MFA and PingOne Protect, your target environment should also include PingOne MFA and PingOne Protect. If you try to promote configuration resources from your source environment for a service that your target environment doesn’t include, you might cause issues in your target environment.

  • Runtime and user data can’t be promoted. For example, user profiles, session and device data, and audit logs can’t be promoted. You can find a complete list of non-promotable data in Excluded Resources (early access) in the PingOne API documentation.

  • Don’t make configuration changes directly in your production environments. Instead, emulate the workflow defined in Typical configuration management workflow (early access), modifying as needed for your use cases and PingOne infrastructure. This workflow ensures the integrity of your production environments and minimizes the introduction of issues that could impact end users.

  • Promote small, easily testable sets of resources to simplify testing and troubleshooting. For example, promote a single authentication flow and its dependencies, then test the flow in the target environment before promoting additional resources.

Promotion retention

The following retention policies apply to promotions in PingOne:

  • You can create a maximum of 1000 promotions per environment. When you create promotion 1001, the oldest promotion is automatically deleted from the system.

  • The five most recent promotions are retained at all times.

  • Promotions older than 90 days are deleted from the system unless they’re one of the five most recent promotions.

  • Promotions in the following statuses are removed if they’re more than 30 days old, unless they’re one of the five most recent promotions:

    • Ready

    • Failed

    • In Progress

    • New

Alternative promotion strategies

If your organization uses Terraform for infrastructure as code (IaC), you can leverage official PingOne Terraform providers to manage configuration promotion. Learn more in the PingOne Cloud - Getting started section of the Configuration Automation - Terraform documentation.

Similarly, if your organization has well-established DevOps and DevSecOps teams, you might already have mechanisms in place to automate PingOne configuration management.

Discuss these options with your internal stakeholders to determine the best promotion path for your needs.