PingOne Privilege

Managing users

This topic describes user and role management on the PingOne Privilege platform. Manage users with the following actions:

User roles

All users on the PingOne Privilege platform are assigned at least one role. These roles determine a user’s permissions and capabilities within the system. The following roles are supported:

Administrator

An administrator has full, unrestricted access to all features on the PingOne Privilege platform. Administrator permissions include the ability to:

  • Manage the lifecycle of resources in Amazon Web Services (AWS), Google Cloud Platform (GCP), Azure, and on-premise environments.

  • Configure integrations with third-party applications.

  • Delete the account tenant.

The first user who signs up for a PingOne Privilege tenant is automatically granted the administrator role. Learn more about managing administrators in Adding and removing administrators.

DevOps user

A DevOps user has access to the self-service portal and can perform the following actions:

  • Request just-in-time (JIT) access to resources.

  • Connect to approved resources without using static credentials.

Creating users

Create users in the following ways:

Creating a new local user

  1. In the PingOne Privilege admin console, go to Directory > Users.

  2. Click Add New.

  3. Fill in the user’s information, select their user type, and click Add To Queue. The user displays in the Users Queue on the right side of the screen.

  4. Once you’re done adding users to the queue, click Complete to create the users in the queue.

After creating local users, their devices must be onboarded before they can access the PingOne Privilege platform.

Changing a user’s active status

Administrators can temporarily deactivate a user’s account to prevent them from accessing the PingOne Privilege platform and its resources. A deactivated user can be reactivated at any time.

Deactivating a user instantly terminates all of their active sessions. The user must be reactivated to regain access to their granted resources.

To change a user’s active status:

  1. In the PingOne Privilege admin console, go to Directory > Users.

  2. Click a user’s name to open their profile.

  3. In the profile, click the Active toggle to change the user’s status.

Updating users

To update a user’s attributes:

  1. In the PingOne Privilege admin console, go to Directory > Users.

  2. Click a user’s name to open their profile.

    • Click Edit Info to update the selected user’s attributes.

Updating user attributes on the PingOne Privilege platform won’t update them in the IdP. For users synced from the IdP through the System for Cross-domain Identity Management (SCIM), the IdP remains the source of truth.

To change attributes for users synced from the IdP, update them directly on the IdP.

Deleting a user

Administrators can permanently remove a user and all their associated data from the PingOne Privilege platform:

Deleting a user will terminate all active sessions for the user and unregister all their associated devices. This action can’t be undone.

  1. In the PingOne Privilege admin console, go to Directory > Users.

  2. Click a user’s name to open their profile.

  3. On the user’s profile page, click Delete User.

  4. On the confirmation modal, type delete into the textbox. Click Delete to confirm the action.