Procedure

1. Log in to the Operations Console with admin credentials.
2. Navigate to Deployment Configurations > Identity Sources > Add New. If you have a replica, adding the identity source to the Primary instance will synchronize with the replica.
   
3. In the Add New Identity Source dialog, provide the following details:
   1. Identity Source Name: Enter a name for the identity server
   2. Type: Select Open LDAP
   3. Directory URL: 
      1. ldap://<ipaddress>:389/(if ldaps is not enabled while configuring Ping Directory)
      2. ldaps://<ipaddress>:636/(if ldaps is enabled while configuring Ping Directory)
   4. Directory User ID: Enter the distinguished name (DN) for the initial root user used when configuring Ping Directory.
   5. Directory Password: Enter the password of the initial root user.

4. Click Validate Connection Information. A successful message should be displayed as shown in the figure:
5. Click Next.
6. Enter the following values in the form:
   1. User Base DN: Enter the distinguished name (DN) for the initial root user used when configuring Ping Directory.
   2. User Group Base DN: Enter distinguished name (DN) for the initial root user used when configuring Ping Directory.
   3. Select Enable the use of MemberOf attribute at the bottom of the form and enter 'uniqueMember' as value.
   4. The remaining fields will be auto filled.

7. Click Save.
8. Ignore the below warning and click Save again.
9. A successful addition message will be displayed to the admin as shown in the figure:
10. Log in to Security Console as an admin.
11. Navigate to Setup > Identity Sources > Link Identity Source to System.
12. Select the configured identity source from the Available list and click the arrow to move it to the Linked list.
13. Click Save.
14. A successful message will be displayed as shown below:

Configure SSL

Perform the following steps to configure SSL.
Procedure

1. Navigate to the bin folder under extracted Ping Directory folder. Run the 'manage-certificates' utility to generate a self-signed certificate if needed. Note that a self-signed certificate can also be created during setup.
2. After creating the certificate, export it using the instructions provided here: https://community.rsa.com/s/article/Get-the-external-Identity-Source-LDAPS-certificate-using-openssl-for-RSA-Authentication-Manager-8-x  

Notes

• For testing purposes, the ports and other variables were kept at their default settings during Ping Directory setup. 
• During setup for our testing, the option “server data is to be encrypted“ was set to No. All other options were kept at their default values.
• Self-signed certificates were used for testing. For production environments, it is recommended to use CA-certified certificates.
• For testing purposes, we used command-line inputs for user updates. Refer to the Ping Directory documentation for more details.

Configure Ping Directory

Perform the following steps to configure Ping Directory.
Procedure

1. Download the '.zip' distribution of the directory software after obtaining the license, and copy it to your Linux machine.
2. Unzip the file using the command: 'unzip PingDirectory<version>.zip'
3. Navigate to the unzipped folder and run the setup using the command: './setup'. Refer to the Ping Directory documentation for more details.