PingOne

Managing administrators

If you use PingOne as your identity provider, have administrator security enabled with PingOne or a hybrid authentication source, and you have the appropriate permissions, you can invite other administrators to register for PingOne.

Or, if you’re an administrator with the appropriate permissions, you can add new administrators yourself and define their permissions using roles.

Complete the appropriate set of steps:

To prevent privilege escalation, you cannot create an administrator user if you do not have administrator privileges.

Inviting administrators to register

You can invite administrators to register with PingOne using their name and email address. These users receive an email containing a verification code, as well as a link to complete the registration process.

You can also set an expiration time on the invitation. The maximum time allowed is 24 hours.

Before you begin

To invite other administrators to access PingOne, you must use PingOne as your identity provider, have administrator security enabled with PingOne or a hybrid authentication source, and have the appropriate permissions.

Steps

  1. In the PingOne admin console for the Administrators environment, go to Directory > Users and select Invite Admin from the Users list.

  2. Enter the user’s email address and first and last name in the appropriate fields.

  3. Specify when you want the invitation to expire in the Invitation Expires field and click Next.

  4. On the Available responsibilities tab, select the administrator roles you want the new administrator to have for each environment, such as Environment Admin, Identity Data Admin, or Organization Admin.

    You cannot assign privileges greater than those you are assigned. Best practice is to assign only the roles necessary for new administrators to do their jobs. Learn more in Administrator Roles and Managing user roles.

  5. Click Send Invitation.

    Invitations display on the Users page. The toggle indicates whether the invitation is still active. Click the user to view details about the invitation.

  6. (Optional) If you want to revoke the invitation or resend it with a new authentication code, click Revoke or Resend.

    The administrator’s email address is not yet verified, but will be when the administrator accepts the invitation.
    A screen capture of the Users page highlighting the administrator’s email address, which is not currently verified.

Next steps

The new administrator accepts the invitation and signs on to the admin console.

Accepting the administrator account registration invitation

When you receive an email indicating that you were added as an administrator in PingOne, copy the invite code and paste it into PingOne to complete the registration process.

Steps

  1. Click Complete Registration on the email you received.

  2. On the sign-on page, enter your PingOne username.

  3. Click the Complete Registration button.

  4. Copy the invite code from the email and paste it into the Invite Code field.

    If you enter an incorrect invite code five times, you will be locked out of the account and the invitation will need to be sent again.
    A screen capture of the screen users see when they complete their registration.

  5. Enter and verify a new password for the account and click Continue.

    Result:

    You are signed on to the PingOne admin console.

Adding administrators

You can designate an existing user as an administrator or create a new administrator user.

To prevent privilege escalation, you cannot create an administrator user if you do not have administrator privileges.

Steps

  1. In the Administrators environment, go to Directory > Users and browse or search for the user you that want to make an administrator.

    To create a new user with administrator privileges, click the icon. Learn more in Adding a user. All administrator users should be maintained in the Administrators environment.

  2. Click the user entry to open the user details panel.

  3. On the Roles > Administrator Roles tab, click Grant roles.

  4. Select an administrator role, such as Environment Admin, Identity Data Admin, or Organization Admin.

    You cannot assign privileges greater than those you are assigned. When you are determining which role to assign, consider the role that has the minimum permissions necessary for the administrator to perform their job responsibilities. Scope that role according to the levels at which the administrator should have this access.

    Learn more in Administrator Roles and Managing user roles.

  5. Click Save.

  6. On the Profile tab, click Verify to send a verification email to the user.

    All administrator users must verify their email address.

  7. Go to Settings > Environment Properties and copy the Console Login URL.

  8. Contact the new administrator and provide them with the following:

    • Their PingOne user name, if different from their email address.

    • The Console Login URL from the previous step.

    • (Optional) A temporary password for the console (if you set one up when you created the user).

    • The instructions for Completing the administrator account registration

Next steps

The new administrator completes their account registration.

Completing the administrator account registration

When you receive an email indicating that you were added as an administrator in PingOne, verify your email address and update your password to complete the registration process.

Before you begin

You should have received the following information from the PingOne administrator who added you as an administrator:

  • Your PingOne user name if it is different from your email address.

  • The Console Login URL for the environment that you are being added to.

  • (Optional) A temporary password.

Steps

  1. Go to the PingOne console using the URL you received from the administrator.

  2. Enter your PingOne Username.

  3. Update your Password.

    Choose from:

    • If you received a temporary password, enter it and create a new password when prompted.

    • Click Forgot Password, enter your PingOne username on the Password Reset window, and click Submit.

      An email containing a recovery code is sent to the email address associated with your PingOne user account. Paste the code where indicated on the Enter New Password window. Create a new password and click Save.

      Result:

    You are signed on to the PingOne administrator console.

  4. On Verify Email Address, click Verify.

    Result:

    A new verification code is sent to your email address.

  5. Paste the verification code where indicated and click Confirm.

Result

Your administrator account registration is complete.