        |
PingFederate provides many benefits for Service Providers (SPs), including Software-as-a-Service (SaaS), Business Process Outsourcers (BPOs) and other businesses that deliver revenue-generating services to customers. For SaaS providers, Ping Identity offers a partner program that provides special pricing to SaaS vendors, allowing PingFederate to be acquired for little up-front investment, growing with your business.
Service Providers today are seeking a way to quickly and cost effectively deploy a standards-based, highly scalable Single Sign-On (SSO) capability to their customers. The reasons for this are many.
Customer Demand: many customers are demanding standards-based SSO from their vendors as a business condition. Service Providers that provide standards-based SSO have a competitive advantage over those that do not.
Higher Security: many customers demand higher security levels for outsourced applications to support internal security policy and for regulatory compliance reasons. SSO eliminates passwords and requires the user to be authenticated by their corporate authentication system before accessing outsourced applications, making these applications virtually impossible to hack or phish from the outside.
Adoption Rate: SP customers need to achieve a specific application adoption rate in order to obtain a desired return on investment. SSO eliminates a major adoption hurdle, making outsourced applications as easy to use and convenient as their in-house cousins. Increased adoption rate also benefits the SP, as the faster that users adopt an application, the faster the account grows.
Additional SP Revenue: SSO can be offered as a value-added service, shifting SSO from a cost to a profit item.
Reduced Costs: According to the Meta group, help desk calls cost an average of $25. Many SP help desks take calls from customers to reset passwords and help with account-related issues. Since SSO requires no passwords, every customer that uses SSO saves the SP money.
As Internet applications continue to become more distributed, many service providers are delivering services that are completely or partly provided by third parties. These so-called Web Services "mashups" provide substantial value by allowing the SP to quickly integrate additional products and services into their portfolio. In order to provide a highly personalized user experience without requiring customers to sign on repeatedly, user identity needs to be securely shared between Web Services.
PingFederate provides a standards-based capability called a WS-Trust Security Token Service (STS) that allow Web Services to securely share user identity. The STS generates standard SAML security tokens that are transmitted by the Web Services Client to the Web Services Provider as a part of a standard SOAP message. The SAML security tokens are designed for secure transmission over the Internet. On the Web Services Provider side, PingFederate's STS validates security token authenticity and can also generate a "local" security token for consumption by other applications.
Service Providers spend a lot of time and money assisting customers with account management activities, and customers spend a lot of time and money engaged in this activity as well. Customers need help creating, modifying and deleting user accounts, and many of these activities are performed on a manual, labor-intensive basis. This can lead to higher risk of data loss and potential compliance audit failures due to neglected "zombie" accounts that remain active after an employee has left the company.
PingFederate provides two mechanisms for automating this process for the SP and customers, saving money and increasing convenience for both.
Express Provisioning takes information provided when an initial customer SSO connection is made to automatically create a user account if it does not exist. This provides a high level of convenience for the SP and a high level of service to their customers.
SaaS Provisioning integrates with the customer's internal directory system, automatically replicating changes to the SP's directory using Web Services calls. Customers create a group or filter in their local directory that specifies which users are authorized to access the application. User additions, deletions or changes are detected by PingFederate and sent across to the SP. On the SP side, integration with LDAP directories and database systems completes the cycle.
  |
