- 29 Sep 2024
- 2 Minutes to read
- Print
- DarkLight
- PDF
PingIDM (formerly ForgeRock)
- Updated on 29 Sep 2024
- 2 Minutes to read
- Print
- DarkLight
- PDF
PingIDM (formerly ForgeRock) is a high-performance identity store that provides the necessary encryption to protect enterprise data at rest and encryption.
This page describes how to connect PingIDM (formerly ForgeRock) (on-prem platform) deployments. To connect PingOne Advanced Identity Cloud, see PingOne Advanced Identity Cloud.
Types of Assets Fetched
This adapter fetches the following types of assets:
- Users
- Devices
Parameters
Host Name or IP Address (required) - The hostname or IP address of the PingIDM server that Axonius can communicate.
User Name and Password (optional) - The credentials for a user account that has the permissions to fetch assets.
Verify SSL - Select whether to verify the SSL certificate of the server against the CA database inside of Axonius. For more details, see SSL Trust & CA Settings.
Search Base (optional) - Specify the desired search base location to search for a particular directory object. When this parameter is left empty, the adapter uses the default search base location.
Port (optional) - The port used for the connection.
User Query Mode (optional, default: false) - Select whether to change the query mode from AND (&(objectClass=user)) to OR (|objectClass=user)). Default is AND mode.
User Filter (required, default: person) - Specify the queried object from the server. You can add multiple values in this parameter by separating them with a comma and without a space. For example: first,second
Device Query Mode (optional, default: false) - Select whether to use the Device Query mode.
Device Filter (required, default: device) - Specify the queried object from the server. You can add multiple values in this parameter by separating them with a comma and without a space. For example: first,second
Get All (optional, default: true) - Select whether to get all available subtree objects from the user and device.
HTTPS Proxy (optional, default: empty) - Connect the adapter to a proxy instead of directly connecting it to the domain.
HTTPS Proxy User Name (optional, default: empty) - The user name to use when connecting to the value supplied in Host Name or IP Address via the value supplied in HTTPS Proxy.
To learn more about common adapter connection parameters and buttons, see Adding a New Adapter Connection.
Advanced Settings
Advanced settings can either apply for all connections for this adapter, or you can set different advanced settings and/or different scheduling for a specific connection, refer to Advanced Configuration for Adapters.
- Assets per page (default 500, Min 10, Max 1000) - Set the number of assets to fetch at a time. Adjust this value to improve performance depending on the size of the records fetched. Larger for fewer requests/responses: appropriate for smaller record sizes. Smaller for managing response size: appropriate for larger record sizes.
To learn more about Adapter Configuration tab advanced settings, see Adapter Advanced Settings.
APIs
Axonius uses the ForgeRock REST and LDAP API.
Required Ports
Axonius must be able to communicate with the value supplied in Host Name or IP Address via the following ports:
- 8080
- 8443
- 8444
Required Permissions
The value supplied in User Name must have permissions to fetch assets, depending on the server configuration.
The value supplied in API Key must be associated with credentials that have permissions to fetch assets.
Version Matrix
This adapter was only tested with the versions marked as supported, but may work with other versions. Contact Axonius Support if you have a version that is not listed, which is not functioning as expected.
Version | Supported | Notes |
---|---|---|
LDAP v3 | Yes |
Supported From Version
Supported from Axonius version 4.5