Environments

PingOne services provide distinct, advanced capabilities in PingOne. Services are deployed at the environment level, and the services available to you depend on your PingOne license. PingOne services provide the following capabilities:

A population defines a set of users, similar to an organizational unit (OU). In a given environment, you can use populations to simplify the management of users. For example, you can create a population for similar types of users and apply a password policy to that population. You must create at least one population before you can create users. Learn more in Populations.

Groups are used to organize a collection of user identities and make it easier to manage access to applications. Groups offer more fine-grained access control than populations. A user can belong to multiple groups, but only one population. For example, you could use a population to contain all your employees and use a group to define subsets, such as Marketing, HR, Contractors, or US Employees. Learn more in Groups.

A user is a unique identity that interacts with the applications and services in the environment to which the user is assigned. An identity is the full representation of a user profile, including relationships, roles, and attributes. Users are associated with populations instead of being defined within a population. Learn more in Users.

Application resources define the connection between PingOne and the actual application, also known as a client connection. Connections to external resources use open standards protocols. Client connections define the configuration for OpenID Connect (OIDC) and OAuth clients.

The environment dashboard is accessed by clicking Overview in the sidebar. This dashboard provides:

Activities, or events, are collections of user-activity information, such as sign-on attempts, password reset attempts, and total active user counts. This audit data can be exported, reported on, or streamed out to customer SIEM (Security Information and Event Management) solutions. Learn more about auditing events and running audit reports in Audit.

User interface branding elements are defined in the branding resource. This resource contains configuration properties for customizable elements of the PingOne user interface. All end user interfaces are branded according to the theme defined in the branding resource. Learn more in Branding and themes.

Password policies define the strength and complexity requirements for a password for users within an environment. Learn more in Password policies.

Authentication policies dictate how the user’s identity will be verified. For example, a single-factor authentication policy requires a single piece of evidence to verify a user’s identity, such as a password. A multi-factor policy could require evidence to verify a user’s identity, such as a TOTP authenticator app, FIDO2 biometrics, a push notification sent to the user’s mobile device, or a one-time passcode (OTP) sent over SMS, voice, or email. Learn more in Authentication policies.

Notification templates are used to create messages that inform end users about certain events, such as device pairing and password resets. You can create templates for SMS, email, or voice messages. Learn more in Notification templates.

External identity providers (IdPs) allow linked users to authenticate using the credentials provided by the external identity provider (IdP). An external IdP includes mapping PingOne user attributes to attributes from the IdP.

When you create a new environment, PingOne creates two default key pairs: one for signing and one for encryption. You can create additional certificate and key pairs as necessary for your environment. Learn more in Certificates and key pairs.