Connection Guide

Connect PingOne Without Breaking the Audit Trail

Use this guide to connect PingOne or confirm the export-based path that fits your environment. Aurora keeps source, timestamps, ownership, and collection history attached so the first run becomes reusable proof instead of one-off setup work.

Connector Summary

Connection typeDirect connection

CategoryIdentity

Checklist4 steps

Want help with rollout?

We'll confirm what can be automated, what stays export-based, and how to keep the first evidence record clean.

First-Run Checklist

Use this sequence to connect PingOne and make sure the first collection lands cleanly.

1
Create a PingOne Worker application (client credentials) in the target environment.
2
Assign roles/permissions that allow reading Users, Groups, Password Policies, and User Role Assignments (roleAssignments).
3
Store environment_id, client_id, and client_secret.
4
Optional: set tld (default 'com') or override api_base_url/auth_base_url for non-US regions.

Credentials and Secrets

The keys, secrets, or tokens Aurora uses to authenticate and collect proof.

client_idclient_secret

Recommended Access

Aurora only asks for the minimum read access needed for collection and checks.

Access requirements depend on the collection mode and scope you choose.