PingOne Privilege

Managing cloud resources

When you register an Amazon Web Services (AWS), Google Cloud Platform (GCP), or Azure account, the PingOne Privilege controller periodically scans the account to discover its resources.

These discovered cloud assets are categorized and displayed in two sections of the PingOne Privilege admin console:

You can also manage Snowflake roles and resources from the admin console.

Targets

The Targets section of the admin console contains resources that users sign on to, including:

  • Servers, via SSH

  • Windows servers, via RDP

  • Databases

  • Kubernetes clusters

  • Kafka clusters

  • Application roles

Image shows selected resources as Targets.

Configuring targets for access

Target resources must be regiastered and configured before users can access them using the self-service portal.

This involves several key configuration steps:

Onboarding target resources

Register target resources with PingOne Privilege to make them available for self-service. When you register a resource, it appears in the Targets menu of the admin console.

Register target resources using:

Register using cloud provider tags

You can automatically register target resources by assigning a specific tag to resources within your AWS, GCP, or Azure accounts.

The PingOne Privilege platform discovers and manages resources with the following tag and value pair:

  • Tag: PingOne Privilege

  • Value: managed

Register using the admin portal

To use the admin console to register individual target resources:

  1. In the PingOne Privilege admin console, click Targets.

  2. (Optional) Filter resources using any of the following:

    Access status: Select the Ungranted filter checkbox and ensure the Granted filter checkbox is cleared.

    Target type: Select a target type checkbox, such as server or database.

    Cloud provider: Select a Cloud Provider icon.

    Cloud account: Select the specific account from the Account list.

    When you filter resources, the view displays matching resources, as shown in the following image:

    A variety of filters help you display specific Target resources.

  3. Use the list to locate the resource to register and then click More Info.

  4. On the resource details page, click the Managed toggle in the upper-right corner.

    Use the Managed toggle on the resource tails page to register a target resource.

Use the search bar to find a specific resource quickly before clicking More Info to manage it.

Resources

The Resources section of the admin console displays cloud assets that do not require users to sign on, such as:

  • Storage buckets

  • Serverless functions

  • Related platform services

Access to these resources is managed using temporary cloud provider identity and access management (IAM) roles. Once access is allowed, you can use resources via a command-line interface (CLI) or the cloud provider’s web console.

The Resource Catalog displays cloud assets that do not require sign on credentials. Access is granted using short-lived roles.