PingOne Advanced Identity Cloud

Custom object relationships for analytic reports

Analytic reports now support additional custom object relationship use cases for companies that require more refined reports.

  • Use case 1: Relate an identity schema object to another identity schema object.

  • Use case 2: Relate an identity schema object to a new custom object.

  • Use case 3: Relate a custom object to an identity schema object.

  • Use case 4: Relate a custom object to another custom object.

Realm visibility for custom objects

The realm visibility of your custom objects depends on a naming prefix. The following table displays the rules for the naming prefix:

Description Example Realm visibility

Custom object name starts with "alpha_"

alpha_leadResearcher

Only alpha

Custom object name starts with "bravo_"

bravo_leadResearcher

Only bravo

Custom object name doesn’t start with "alpha_", "bravo_", nor has "_" in the name

parentOrganization

Both alpha and bravo

Custom object name doesn’t start with "alpha_", "bravo_", but has a "_" in the name

parent_organization

None

Use case 1: Relate an identity schema object to another identity schema object.

In this use case, you link a standard, out-of-the-box identity schema object to another identity schema object.

Scenario

An AI research company wants to generate a report that lists all of its lead researchers for each suborganization. This report helps create a comprehensive view of your company’s leadership structure.

What you’ll do

To configure your report, do the following tasks:

  • Create a parent organization and its suborganizations.

  • Define a role and assign users as members.

  • Create user profiles and link them to the appropriate roles and organizations.

  • Build a report template in the Advanced Reporting UI that joins Users, Roles, and Organizations.

  • Generate the final report to view the results.

Before you begin

  • Ensure you have administrator access to the Advanced Identity Cloud admin console.

  • Confirm you’re familiar with creating and managing standard objects like Users, Roles, and Organizations.

  • Verify you have access to the Advanced Reporting feature.

Data model

The data model for use case 1 has the following structure:

  • Organizations: The company has a parent AI Research organization with two suborganizations: Natural Language Processing and Computer Vision.

  • Roles: A lead_researcher role grants permissions to approve research proposals and access high-performance computing resources.

  • Users: Researchers like Dr. Evelyn Reed and Dr. Kenji Tanaka are created as users.

  • Relationship: You link a user to a role and then scope that role membership to a specific organization. For example, Dr. Evelyn Reed is assigned the lead_researcher role, but her permissions are constrained to only the Natural Language Processing organization.

Report model

Create a report on the following identity relationships to produce a clear overview of who leads which research unit.

User Role Organization

Dr. Evelyn Reed

lead_researcher

Natural Language Processing

Dr. Kenji Tanaka

lead_researcher

Computer Vision

Tasks

Task 1: Create the organizations

Create the parent AI Research organization and its two suborganizations, Natural Language Processing and Computer Vision.

  1. In the Advanced Identity Cloud admin console, go to Identities > Manage.

  2. On the Manage Identities page, click Alpha realm - Organizations and New Alpha realm - Organizations.

  3. On the New Alpha realm - Organizations page, enter the name: AI Research.

  4. Click Save.

  5. In the organization page, leave the Parent Organization field blank.

  6. Click Save.

Task 2: Create the suborganizations

Create the suborganizations: Natural Language Processing and Computer Vision.

  1. Create Natural Language Processing:

    1. In the Advanced Identity Cloud admin console, go to Identities > Manage.

    2. On the Manage Identities page, click Alpha realm - Organizations and New Alpha realm - Organizations.

    3. On the New Alpha realm - Organizations page, enter the Name: Natural Language Processing.

    4. Click Save.

    5. In the organization page, enter AI Research in the Parent Organization field.

    6. Click Save.

  2. Create Computer Vision:

    1. In the Advanced Identity Cloud admin console, go to Identities > Manage.

    2. On the Manage Identities page, click Alpha realm - Organizations and New Alpha realm - Organizations.

    3. On the New Alpha realm - Organizations page, enter the name: Computer Vision.

    4. Click Save.

    5. In the organization page, enter AI Research in the Parent Organization field.

    6. Click Save.

Create the user profiles for Evelyn Reed and Kenji Tanaka. For each user, link their profile to the appropriate organization. For example, on Evelyn Reed’s profile:

  1. In the Advanced Identity Cloud admin console, go to Identities > Manage.

  2. On the Manage Identities page, click Alpha realm - Users and New Alpha realm - User.

  3. On the New Alpha realm - User page, enter information for the following users and then click Save.

    • Evelyn Reed

    • Kenji Tanaka

  4. On the user page for Evelyn Reed, add the following:

    1. Click Provisioning Roles > add Add Provisioning Roles, and select Lead Researcher.

    2. Click Organizations I Administer > add Add Organizations I Administer, and select Natural Language Processing.

    3. Click Save.

    4. Click Organizations to which I belong > add Add Organizations to which I Belong, and select Natural Language Processing.

    5. Click Save.

  5. Repeat the previous steps for Kenji Tanaka.

Task 4: Create the role and add members

Create an internal role named Lead Researcher and add the users evelynReed and kenjiTanaka as members.

  1. On the New Alpha realm - Role page, go to Role Members > add Add Role Members.

  2. In the Add Role Members modal, enter evelynReed and kenjiTanaka, and click Save.

Task 5: Create the report template

Create a report template that combines these three objects to produce a clear overview of who leads which research unit.

  1. In the Advanced Identity Cloud admin console, click New Report.

  2. On the New Report modal, enter the following properties, and then click Next:

    Field Description

    Name

    Name of the report. Follow the naming conventions established by your company.

    Description

    (Optional) Enter a description describing the report.

    Who Can Run

    Click to set who can run this report.

    Groups:

    • Report Viewer

    Users:

    • Select the users who can run this report. The users available to select are those assigned the report_viewer group permission."

  3. Next, add a data source or select an existing data source:

    1. Click Data Source.

    2. On the Add a Data Source modal, select a data source to use in this report, and then click Next:

    3. Select Roles as a data source.

    4. On the Reports canvas, click Name in the Roles source.

  4. In Related Data Sources, click Members.

    1. In the Roles/members source, click Common Name.

  5. In Related Data Sources, click Organizations to which I Belong.

    1. In the Roles/members/orgs source, click Name.

  6. In Related Data Sources, click Parent Organization.

    1. In the Roles/members/orgs/parentOrganization source, click Name.

  7. Click Save.

  8. Click Save.

Task 6: Generate the report

  1. On the Reports page, locate your report.

  2. Click Run and then Run Now.

  3. On the report page, click View Report.

    Example of a custom object relationship for out-of-the-box IDM object to another out-of-the-box IDM object.

Use case 2: Relate an identity schema object to a new custom object.

In this use case, you link a standard identity schema object to a new custom object. This allows you to extend your core identity data with business-specific information.

Use case 2: Scenario

The AI research company wants to track the academic publications authored by its researchers. The standard User object doesn’t have fields for this, so you must link the User object to a new publication custom object.

What you’ll do

  • Define the new publication custom object.

  • Add a relationship property to the standard User object to link to your new custom object.

  • Create records for individual publications.

  • Edit user profiles to link them to their corresponding publication records.

  • Build and run a report that joins the Users data source with your custom publication data.

Before you begin

  • Ensure you have administrator access to the Advanced Identity Cloud admin console.

  • Verify you have access to the IDM native admin console to modify objects.

  • Confirm you are familiar with creating and managing standard User objects.

Data model

The data model for use case 2 has the following structure:

  • Custom Object publication: Define a new object to store publication details.

    • paperTitle (String): Title of the paper.

    • journalName (String): Name of the journal.

    • publicationDate (Date): Date of publication.

  • Standard Object User: Out-of-the-box user object.

  • Relationship: Add a new relationship attribute, authoredPapers, to the User object. This attribute links a user’s profile to one or more records in the publication object.

Report model

Create a report that joins the User object with the publication custom object to see which papers were authored by which researchers.

Researcher Name Paper Title Journal

Dr. Evelyn Reed

Advances in Neural Network Compression

Journal of Machine Learning Research

Dr. Kenji Tanaka

Real-time Object Detection on Edge Devices

IEEE Transactions on Pattern Analysis

Tasks

Task 1: Create the 'publication' custom object

To create a custom object publication:

  1. In the Advanced Identity Cloud admin console, click Native Consoles > Identity Management.

  2. In the top navigation menu, click Configure > Managed Objects.

  3. Click add New Managed Object.

    1. In the Managed Object Name field, enter publication.

    2. In the Readable Title field, enter Publication.

    3. In the Managed Object Icon field, select an icon for the object to appear on the Managed Objects page.

    4. In the Managed Design Icon field, find an icon in the Google icon repository.

    5. In the Description field, enter a general description of the object. For example, Stores metadata for academic papers published by company researchers.

  4. In the Managed Object/publication page, click add Add a property. For each property, enter or select the following:

    Property Name Label Type Required

    papertitle

    Title of the paper

    String

    Required

    journalname

    Name of the journal

    String

    Required

    publicationdate

    Date of the publication

    String

  5. Click Save.

Task 2: Create the publication records

To create a publication custom object:

  1. In the Advanced Identity Cloud admin console, navigate to Identities > Manage.

  2. Click Publications to view the list of existing publication records if any.

  3. Click add New Publication to open the creation form.

  4. Fill in the details for the paper. For example:

    • Title of the paper: Advances in Neural Network Compression

    • Name of the journal: Journal of Machine Learning Research

    • Date of the publication: 2025-10-15

  5. Click Save.

  6. On the Publication page, click Save.

  7. Repeat the steps for another publication:

    • Title of the paper: Real-time Object Detection on Edge Devices

    • Name of the journal: IEEE Transactions on Pattern Analysis

    • Date of the publication: 2025-02-19

You’ve now created a record for the specific publications.

Task 3: Add a relationship from the User object to the Publication object

To create a custom relationship property using the Advanced Identity Cloud admin console:

  1. In the Advanced Identity Cloud admin console, click Native Consoles > Identity Management.

  2. In the top navigation menu, click Configure > Managed Objects.

  3. Select a managed object type: alpha_user.

  4. Click add Add a Property. An entry field displays.

    1. In the Name field, enter a name for the custom relationship property. The name must begin with the string custom_, such as custom_publication.

    2. In the Type list, select Relationship.

    3. Click Next. The Add Resources modal displays.

    4. In the Resource list, select the resource to map the custom relationship property to. Select publication.

    5. In the Display Properties list, select the properties on the resource to map to the custom relationship property. Select paperTitle.

  5. Click Save. The Relationships Property screen for the new relationship property displays.

  6. Click Save.

Objects are limited to 10 custom relationships. If you need an object to have more, create custom relationships from the related object and map them to the original object.

To set the publication object for each user:

  1. In the Advanced Identity Cloud admin console, navigate to Identities > Manage.

  2. Click Alpha realm - Users, search for evelynReed, and click the user.

    1. On the Alpha realm - User page, scroll down to Custom_publication. Select Advances in Neural Network Compression.

    2. Click Save.

  3. Repeat the steps for kenjiTanaka. Click Alpha realm - Users, search for kenjiTanaka, and click the user.

    1. On the Alpha realm - User page, scroll down to Custom_publication. Select Real-time Object Detection on Edge Devices.

    2. Click Save.

Task 5: Create the report template

  1. In the Advanced Identity Cloud admin console, click New Report.

  2. On the New Report modal, enter the following properties, and then click Next:

    Field Description

    Name

    Name of the report. Follow the naming conventions established by your company.

    Description

    (Optional) Enter a description of the report.

    Who Can Run

    Click to set who can run this report.

    Groups:

    • Report Viewer

    Users:

    • Select the users who can run this report. To select a user, you must have assigned the report_viewer group permissions to the user from the Manage Identity page.

  3. Next, add a data source or select an existing data source:

    1. Click Data Source.

    2. On the Add a Data Source modal, select a data source to use in this report, and then click Next:

    3. Select Users.

    4. On the Reports canvas, click Common Name.

  4. In Related Data Sources, click Custom relationship.

    1. In the users/custom_publication source:

      1. Click Title of the paper.

      2. Click Name of the journal.

  5. Click Save.

  6. Click Save.

Task 6: Generate the report

  1. On the Reports page, locate your report.

  2. Click Run and then Run Now.

  3. On the report page, click View Report.

    Example of a custom object relationship for out-of-the-box IDM object to a custom object.

Use case 3: Relate a custom object to an identity schema object.

In this use case, you link a new custom object to a standard identity schema object. This allows you to track business-specific information and relate it directly to your core identity data.

Scenario

The AI research company wants to track specific research projects and assign them to lead researchers. To do this, create a researchProject custom object and link it to the standard User object.

What you’ll do

  • Define the new researchProject custom object that includes a relationship to the User object.

  • Create records for individual research projects.

  • Link each project record to a lead researcher by selecting a user.

  • Build and run a report that joins the researchProject data source with the User data.

Before you begin

  • Ensure you have administrator access to the Advanced Identity Cloud admin console.

  • Verify you have access to the IDM native admin console to modify objects.

  • Confirm you’re familiar with creating and managing standard User objects.

Data model

The data model for use case 3 has the following structure:

  • Custom Object researchProject: Define a new object to store project details.

    • projectName (String): Public name of the project.

    • projectID (String): Unique internal identifier.

    • projectStatus (String): Current state, such as "Active" or "Completed."

    • leadResearcher (Relationship): Link to a record in the User object.

  • Standard Object User: Out-of-the-box user object.

  • Relationship: The leadResearcher attribute on the researchProject object creates a direct link from a project to the user who leads it.

Report model

You can create a report that joins the researchProject custom object with the User object to see which projects are assigned to which researchers.

Project Name Project Status Lead Researcher

Project Chimera

Active

Dr. Evelyn Reed

Project Griffin

Active

Dr. Kenji Tanaka

Tasks

Task 1: Create the researchProject custom object

To create a custom object researchProject:

  1. In the Advanced Identity Cloud admin console, click Native Consoles > Identity Management.

  2. In the top navigation menu, click Configure > Managed Objects.

  3. Click add New Managed Object.

    1. In the Managed Object Name field, enter "researchProject".

    2. In the Readable Title field, enter "Research Project".

    3. In the Managed Object Icon field, select an icon for the object to appear on the Managed Objects page.

    4. In the Managed Design Icon field, find an icon in the Google icon repository.

    5. In the Description field, enter a general description of the object. For example, Stores information about active and proposed research projects.

  4. In the Managed Object/publication page, click add Add a property. For each property, enter or select the following:

    Property Name

    Label

    Type

    Required

    projectName

    Project Name

    String

    Required

    projectID

    Project ID

    String

    projectStatus

    Project Status

    string

    leadResearcher

    Lead Researcher

    Relationship

  5. Click Save.

Task 2: Create records for each research project

To create records for each researchProject:

  1. In the Advanced Identity Cloud admin console, navigate to Identities > Manage.

  2. Click Research Projects to view the list of existing project records if any.

  3. Click add New Research Project to open the creation form.

  4. Fill in the details for the project. For example:

    • Project Name: Project Chimera

    • Project ID: RC-2025-01

    • Project Status: Active

    • Lead Researcher: Evelyn Reed

  5. Click Save.

  6. On the Research Project page, click Save.

  7. Repeat the steps for another project:

    • Project Name: Project Griffin

    • Project ID: TC-2025-01

    • Project Status: Active

    • Lead Researcher: Kenji Tanaka

You’ve now created a record for the specific projects.

Task 3: Create the report template

  1. In the Advanced Identity Cloud admin console, click New Report.

  2. On the New Report modal, enter the following properties, and then click Next:

    Field Description

    Name

    Name of the report. Follow the naming conventions established by your company.

    Description

    (Optional) Enter a description of the report.

    Who Can Run

    Click to set who can run this report.

    Groups:

    • Report Viewer

    Users:

    • Select the users who can run this report. To select a user, you must have assigned the report_viewer group permissions to the user from the Manage Identity page.

  3. Next, add a data source or select an existing data source:

    1. Click Data Source.

    2. On the Add a Data Source modal, select a data source to use in this report, and then click Next:

    3. Select Users.

    4. On the Reports canvas, click Common Name.

  4. In Related Data Sources, click Custom relationship.

    1. In the users/custom_publication source:

      1. Click Title of the paper.

      2. Click Name of the journal.

  5. Click Save.

  6. Click Save.

Task 4: Generate the report

Run the report to view the final output:

  1. On the Reports page, locate your report.

  2. Click Run and then Run Now.

  3. On the report page, click View Report.

    Example of a custom object relationship for a custom object to out-of-the-box IDM object.

Use case 4: Relate a custom object to another custom object.

In this use case, you link two different custom objects. This is useful when you need to model complex business processes that involve multiple types of unique data that don’t exist in the standard identity schema.

Scenario

Continuing with the AI Research company example, you need to track not only the research projects but also specialized, high-cost equipment allocated to each project. You can achieve this by creating a relationship between two custom objects: researchProjectEquipment and specializedEquipment.

What you’ll do

  • Define the specializedEquipment custom object.

  • Define the researchProject custom object, including a relationship to specializedEquipment.

  • Create records for individual specialized equipment objects.

  • Create records for research projects and link them to their allocated equipment.

  • Build and run a report that joins your two custom objects.

Before you begin

  • Ensure you have administrator access to the Advanced Identity Cloud admin console.

  • Verify you have access to the IDM native admin console to modify objects.

  • Confirm you are familiar with the process of creating a single custom object.

Data model

The data model for use case 4 has the following structure:

  • Custom Object specializedEquipment: Define an object to track equipment details.

    • equipmentName (String): Name of the equipment (for example, "Quantum Computing Pod").

    • assetTag (String): Unique internal tracking tag.

    • equipmentStatus (String): Current state, such as "In Use" or "Available."

  • Custom Object researchProjectEquipment: You use the same object from use case 3, but add a new relationship property.

    • projectName (String): Project name.

    • projectID (String): Unique project ID.

    • leadResearcher (Relationship): A link to the out-of-the-box User object.

    • allocatedEquipment (Relationship): New field to link to the specializedEquipment custom object.

  • Relationship: The allocatedEquipment attribute on the researchProjectEquipment object creates a link from a project to the specific equipment it uses.

Report model

You can create a report that joins these two custom objects to see which equipment is allocated to which project, which helps with resource management and auditing.

Project Name Lead Researcher Allocated Equipment

Project Chimera

Dr. Evelyn Reed

Quantum Computing Pod

Project Griffin

Dr. Kenji Tanaka

GPU Cluster B

Tasks

Task 1: Create the specializedEquipment custom object

In the IDM native admin console, create a new managed object named specializedEquipment with the properties equipmentName, assetTag, and equipmentStatus.

  • Object Name: specialized Equipment

  • Description: Stores information about specialized computing hardware and lab equipment.

  • Attributes:

    • equipmentName (String): Name of the equipment, for example, "Quantum Computing Pod."

    • assetTag (String): Unique internal tracking tag, for example, "EQUIP-QC-001."

    • equipmentStatus (String): Current state, such as "In Use", "Available", or "Under Maintenance."

To create a custom object specializedEquipment:

  1. In the Advanced Identity Cloud admin console, click Native Consoles > Identity Management.

  2. In the top navigation menu, click Configure > Managed Objects.

  3. Click add New Managed Object.

    1. In the Managed Object Name field, enter specializedEquipment.

    2. In the Readable Title field, enter Specialized Equipment.

    3. In the Managed Object Icon field, select an icon for the object to appear on the Managed Objects page.

    4. In the Managed Design Icon field, find an icon in the Google icon repository.

    5. In the Description field, enter a general description of the object. For example, Stores the information about active and proposed research projects.

  4. In the Managed Object/publication page, click add Add a property. For each property, enter or select the following:

    Property Name

    Label

    Type

    Required

    equipmentName

    Equipment Name

    String

    Required

    assetTag

    Asset Tag

    String

    equipmentStatus

    Equipment Status

    String

  5. Click Save.

Task 2: Create the researchProjectEquipment custom object

The researchProjectEquipment object has the following structure:

  • Object Name: researchProjectEquipment

  • Description: Stores the information about active and proposed research projects

  • Attributes:

    • projectName (String): Project Chimera

    • projectID (String): RC-2025-07

    • leadResearcher (Relationship): A link to the out-of-the-box User object

    • allocatedEquipment (Relationship): A new field to link to the specializedEquipment custom object

To create a custom object researchProjectEquipment:

  1. In the Advanced Identity Cloud admin console, click Native Consoles > Identity Management.

  2. In the top navigation menu, click Configure > Managed Objects.

  3. Click add New Managed Object.

    1. In the Managed Object Name field, enter researchProjectEquipment.

    2. In the Readable Title field, enter Research Project Equipment.

    3. In the Managed Object Icon field, select an icon for the object to appear on the Managed Objects page.

    4. In the Managed Design Icon field, find an icon in the Google icon repository.

    5. In the Description field, enter a general description of the object. For example, Stores the information about active and proposed research projects.

  4. In the Managed Object/publication page, click add Add a property. For each property, enter or select the following:

    Property Name

    Label

    Type

    Required

    projectName

    Project Name

    String

    Required

    projectID

    Project ID

    String

    leadResearcher

    Lead Researcher

    Relationship

    allocatedEquipment

    Allocated Equipment

    String

  5. Click Save.

Task 3: Create records for specialized equipment

To create records for the specializedEquipment object:

  1. In the Advanced Identity Cloud admin console, navigate to Identities > Manage.

  2. Click Research Project Equipment to view the list of existing project records if any.

  3. Click add New Research Project Equipment to open the creation form.

  4. Fill in the details for the equipment. For example:

    • Equipment Name: Quantum Computing

    • Asset Tag: EQUIP-QC-001

    • Equipment Status: In Use

  5. On the Research Project page, click Save.

  6. Repeat the steps for another project:

  7. Fill in the details for the equipment. For example:

    • Equipment Name: GPU Cluster B

    • Asset Tag: EQUIP-QC-004

    • Equipment Status: In Use

You’ve now created records for the specific equipment.

Task 4: Create records for the allocated equipment

To create records for the allocatedEquipment object:

  1. In the Advanced Identity Cloud admin console, navigate to Identities > Manage.

  2. Click Research Projects to view the list of existing project records if any.

  3. Click add New Research Project to open the creation form.

  4. Fill in the details for the project. For example:

    • Project Name: Project Chimera

    • Project ID: RC-2025-07

    • Lead Researcher: Evelyn Reed

    • Allocated Equipment: Quantum Computing Pod

  5. Click Save.

  6. On the Research Project page, click Save.

  7. Repeat the steps for another project:

    • Project Name: Project Griffin

    • Project ID: TC-2025-01

    • Lead Researcher: Kenji Tanaka

    • Allocated Equipment: GPU Cluster B

You’ve now created a record for the specific equipment.

Task 5: Create the report template

  1. In the Advanced Identity Cloud admin console, click New Report.

  2. On the New Report modal, enter the following properties, and then click Next:

    Field Description

    Name

    Name of the report. Follow the naming conventions established by your company.

    Description

    (Optional) Enter a description of the report.

    Who Can Run

    Click to set who can run this report.

    Groups:

    • Report Viewer

    Users:

    • Select the users who can run this report. To select a user, you must have assigned the report_viewer group permissions to the user from the Manage Identity page.

  3. Next, add a data source or select an existing data source:

    1. Click Data Source.

    2. On the Add a Data Source modal, select a data source to use in this report, and then click Next:

    3. Select Research Project Equipment.

    4. On the Reports canvas, click Project Name.

  4. In Related Data Sources, click Lead Researcher.

    1. In the researchProjectEquipment/allocatedEquipment source, click Equipment Name.

  5. In Related Data Sources, click Allocated Equipment.

    1. In the researchProjectEquipment/allocatedEquipment source, click Equipment Name.

  6. Click Save.

  7. Click Save.

Task 6: Generate the report

Run the report to view the final output:

  1. On the Reports page, locate your report.

  2. Click Run and then Run Now.

  3. On the report page, click View Report.

    Example of a custom object relationship for out-of-the-box IDM object to a custom object.