Managing local identity profiles - PingFederate - 11.2

PingFederate Server

bundle
pingfederate-112
ft:publication_title
PingFederate Server
Product_Version_ce
PingFederate 11.2
category
Administrator
Administratorguide
Audience
Capability
ContentType
DeploymentMethod
Guide
Product
Productdocumentation
SingleSignonSSO
Software
SystemAdministrator
pf-112
pingfederate
ContentType_ce
Guide
Guide > Administrator Guide
Product documentation

A local identity profile (LIP) is a stored user identity (PingDirectory) created and maintained by PingFederate. It provides the capability for user creation and administration, and centralizes those policies with the authentication and authorization policies already within PingFederate.

Users can enter their information during registration using a link on the HTML Login page or after successful authentication from a third-party IdP. You can configure LIPs for user registration, third-party federation (provisioned through SAML), and user profile management.

A typical customer identity and access management (CIAM) use case only requires one LIP. As needed, you can create multiple profiles to suit the needs of your organization. Using the administrative console, LIPs are defined in the Identity Policies section.

Note:

As of PingFederate 10.1, an authentication session is automatically created for a user after registration, preventing the user from having to log in again during the next single sign-on (SSO) transaction. This feature is enabled by default for all new and existing local identity profiles. However, if needed, you can disable it through the /localIdentity/identityProfiles administrative API endpoint by setting the createAuthnSessionAfterRegistration attribute to false.

When associated with an HTML Form Adapter instance, a local identity profile provides users the option to authenticate through third-party identity providers, self-register as part of the sign-on experience, and manage their accounts through a self-service profile management page.

  • To configure a new profile, go to Authentication > Policies > Local Identity Profiles. Click Create New Profile.
  • To modify an existing profile, select it by its name under Local Identity Profile Name.
  • To review the usage of an existing profile, click Check Usage under Action.
  • To remove an existing instance or to cancel the removal request, click Delete or Undelete under Action.

See the following topics for detailed instructions that enable you to complete these configurations: