So welcome to Ping Universe 2023.
We've been busy.
It's exciting times for the industry and for Ping, and I know for all of you.
We are on our toes right now.
We're excited about some of the things we're gonna share this morning, So let's get right into it.
Every year I stand up here and I talk about the things that we've been investing to innovate.
In the last 5 years, there has been a real, real push for Ping.
And I wanna thank all the customers that have been taking that journey with us.
I know there's a lot of bumps in that journey.
It's hard to get all of this stuff mission critical and enterprise-grade, If that makes sense.
I wanna share with you some of the things we're doing today also to make our infrastructure More scalable and more secure.
What we're doing to make our services more resilient, because I do think we're kind of Entering that phase right now.
But first, let me address the elephant in the room.
Bing and ForgeRock, we're now one company and I'd like to extend a very, Very warm welcome to all of the ForgeRock customers and employees.
Now we are One, and I'm excited to share this morning some of our ideas and our combined Roadmap and what we're gonna do to support all of you well into the future.
So together our innovation, our flexibility, scale, and our global reach.
Positions us to serve our customers uh in ways that we never could have imagined before.
And we're super excited about that.
Two areas that I'm particularly excited about are our flexibility and innovation, And where I think we're stronger together with our combined capabilities.
So I'm gonna outline some of those, uh, today.
You've known Ping is a provider of best-of breed capabilities.
These are kind of modular, standalone capabilities.
It's very, uh, I, I'll say indicative of where and how we got started.
So as you know, we started in Authentication with single sign-on right about the time Open Standards were emerging in the industry, and we stuck to our knitting for the most part, For the better part of a decade.
And we were all about working with anything that you had, Recognizing that you had made a lot of investments and weren't necessarily looking to change at all.
So, our focus was on configurability, We largely sold to IT, and over time, our portfolio grew with more modules, or Capabilities each that could be independently consumed.
ForgeRock, on the other hand, had different origins and approached the market differently.
Their platform focused on maximum control and uh and developer-level Extensibility.
Companies who wanted to control everything.
Uh, many times in highly regulated industries, choose the ForgeRock platform, and nearly 1000 customers globally chose that platform.
Together enterprises can now enjoy maximum flexibility from one company, And by combining our innovation engines and unifying and strengthening our combined Resources, we can cover more use cases than ever before.
Both of these platforms are strategic, and you're gonna hear me repeat that several times.
So here's an early glimpse at, uh, at our combined strategy, And, and this will develop and unfold in more detail every time, uh, we're together.
Ping's unique and growing set of PingOne services will soon be consumable by the Ford Rock Platform and ForgeRock customers.
Over 1000 Ping customers have consumed our cloud services and layered it on Top of their existing infrastructure, layered It on top of Ping deployments running, Uh, self-managed in your cloud of choice or in your data center.
We're excited to share that the plan is to share those innovations with our 4 Draw customers.
In a select few areas, we will unify our Efforts to deliver an even stronger set of capabilities, and I'll highlight some of those Shortly.
Together we call this our North Star roadmap.
It's a multi-year strategy which will bring unparalleled breadth of functionality to our joint customer base.
So in today's increasingly complex world, the needs of all enterprises aren't always the same.
We all value speed and ease of use, but not all companies are the same.
And so to meet the needs that matter most to all of you, Our combined companies will offer more flexibility than any other provider.
So Ping has always been focused on helping you centralize the Identity control plane.
And we've had a growing number of capabilities that allow you to do that.
That focus will continue, but combined with ForgeRock, together, Our experience and capabilities will be second to none.
We have now twice the Engineering and Development horsepower.
Combined, we serve well over 2,000 global enterprises, and we do so at Extreme scale for some of the most trusted enterprises around the globe.
Together, I think we serve over 7 billion or secure over 7 billion accounts.
A lot of responsibility here.
And with a global footprint, we're positioned to serve our global customers better than we ever have before.
ForgeRock was founded in Europe and has a very strong European presence, Where regulation and sovereignty and data privacy have driven their platform to meet the needs that are unique to that market.
Those needs will not be, uh, unique over time.
Many of the things that we think are happening over there will spread around the globe, And vice versa.
Many of the things we've done here in the U.S.
and approaches that we've taken are also finding their way around the globe.
So together we share the same vision, and that has been to enable identity as the heart of Security, the control plane from which all access is granted.
This has been our mission from day one, more relevant now than ever before.
And if you take a look at what our real challenge is, It's to make all of this seem frictionless for our end users.
Really hard task.
And I'll walk into that, and I know you guys all appreciate that.
It's getting more complicated under the covers every day.
We have one culture, and that's a culture of putting our people first, Partnering with our, and serving our customers, and winning as a team sport with our partners.
This is a big game that we're playing, we can't do it alone.
None of us has all the resources to succeed here.
So winning as an ecosystem is very important to our culture.
And we will operate under one brand, and that is the Ping brand.
So our commitment to all of our customers, these are the Ping customers, And this is all of the 4 drop customers, is to support both platforms.
Both are strategic, both are highly profitable.
What's good for you is good for us.
Both have a place in our goal to become an indispensable partner to global enterprises for Your identity security needs.
The 2nd commitment that we're going to make is that we get infrastructure.
We know the time horizons from which you make commitments on behalf of your company to this Infrastructure.
So we recognize that everything that we do has Got to be smooth.
We all have an opportunity to move into the future, But it can't be discontiguous.
We must challenge ourselves to find ways to make the upgrade.
If you will, to the future as smooth as we can possibly make it.
So everything we do in the North Star Roadmap will respect the history and the reality that exists in many of your Enterprises.
All right, so let's talk about some of the areas that we're going to, Uh, unify our strengths.
What we do sounds easy, and I'm sure a lot of you are talking to the check holders who are Saying, why is this so difficult and why does this cost so much?
But the truth is, this is the reality many of you live.
It's complicated.
It's not easy to enable a frictionless yet Secure journey for identity that is the foundation of all of our enterprises.
When you have to deal with a myriad of technology that somehow has to be organized in Such a way that it feels smooth to your end users.
Creating these frictionless, beautiful journeys, if you will, Is the mandate for all of us.
And guess what, it can never go down.
The second it goes down, the first thing that gets blamed is identity.
Whether it is or is not the problem.
Network problems, it's Identity.
Mobile carrier problems, it's Identity.
SMS carrier exchange problems, it's got to be the MFA provider.
So making this all resilient is really a challenge for us.
Identity is becoming the perimeter, or it is the perimeter, and to many extents our Authentication systems have become the new perimeter.
And our goal towards Zero Trust, don't trust the user, The network, or the device by default.
Verify always.
Everyone must be strongly authenticated and appropriately authorized.
That is the mission of the Identity Control Plane, and it's the mission of Ping as stewards Of this infrastructure on your behalf to make this picture a reality.
Looks simple, it's hard.
How much trust do we have in the identity, and the device at a moment in time that a user Creates a session to our network?
What risk and fraud signals do we leverage in our authentication policy to simply make a Decision: do we let the user in or not?
That used to be a static statement, it's not a static statement anymore.
It's dynamic.
Access depends, depends on lots of things.
And making this system work at scale with the level of resiliency that we need for all Identities is a real challenge.
Some of our customers are running our software Directories at ungodly scale.
Scale I would imagine 10-15 years ago when we first built these systems, We couldn't imagine.
Billions of entries, topologies with 80, 90, 100+ servers running in a dozen global data Centers, all synced.
One hiccup and the whole enterprise stops, and the phone rings and there's 150 people on a Bridge.
And it's like this thing needs to get running, because our whole company has stopped.
The scale, resiliency, and performance, manageability of these directories cannot be Underestimated.
Both of our companies, Ping and ForgeRock, have evolved in parallel paths with our software directory from the same origins.
It both came from the Sun OpenDS and in parallel, both of these companies have Developed, have developed and delivered some incredible scale in our data repositories.
We're going to bring these two teams together.
We're gonna task them with building an ultimate, highly scalable, Highly performing, highly resilient identity and data repository.
There just aren't enough skills globally to do this.
We must combine our resources to pull this one off.
And I've been on a lot of calls with people that say, You have to design this so that we cannot make a mistake.
OK, let's also make sure that everyone touches it is certified.
We're not gonna go into open heart surgery with someone who hasn't been trained.
And we're gonna talk about what we're doing on that front as well.
So this is one of the areas that makes complete sense.
These directories also sit beneath our cloud services, so we're gonna need that scale.
Another area of collaboration is all things related to the MobileIron experience, especially the workforce MFA app.
Now with ForgeRock, we actually offer more flexibility for many of you that have been Working with PingID and our MFA service.
It's a cloud service, There is no on-premises alternative.
ForgeRock actually provides that.
So when I talk about more flexibility, that's what I mean.
We're gonna challenge the teams to figure out how we can have one Workforce Mobile app that Can talk to multiple back ends.
So you can choose how you want to serve up Those capabilities from the cloud or your own services.
Next area, um, and a thing that Ping has already pioneered is this notion of Extending the Ping account into all of the services that you run, Whether the services are running in Ping Cloud or not.
So we will, over time, develop a roadmap that allows you to have one Ping account to access All of your Ping and 4D services.
Won't happen overnight, doesn't need to happen overnight, but that common control plane, That common place where you can see all your services running, dashboards, and other things Reporting capabilities, we over time want to unify that.
So together these efforts will deliver more scale, a better user experience, Uh, and more resiliency to the future.
We call this our North Star strategy.
We're gonna outline more details every time we're together, Because the teams have been very busy over the course of the last 6 weeks, Level by level, going through their roadmaps and looking to where we can build better Future for all of you together.
So let me shift gears here for a bit and talk about some of the areas of non-overlap, Areas that we have an opportunity to standardize our efforts on something that we were uniquely doing.
Turns out in the last 5 years, while some of our core infrastructure clearly has had overlap, Even though we approached the market differently, um, We actually chose to focus in unique areas of differentiation.
Now all of a sudden, we can standardize on that uniqueness for the benefit of our combined Customers.
So I'd like to share some things that We're gonna standardize going forward as part of the new combined North Star Roadmap.
The first off is DaVinci.
This will be our combined Universal orchestration engine, Tackling what we call the ecosystem level orchestration.
This is the thing that almost sits above any one Identity Provider or IDM infrastructure that Stitches together and weaves all the other technologies that you want to essentially weave Identity into.
ForgeRock trees will remain the ForgeRock Platform Authentication Policy and Experience Designer.
So you don't need to worry if you're a ForgeRock Customer about what happens on those two.
They operate at different levels.
Now DaVinci has been the most, uh, I'll, I'll say the fastest adopted product in ING history.
Today, it will serve over 70 million transactions, and the chart is going straight Up.
So if you haven't seen it, let me introduce it To you.
Let's roll the video.
The foundation of the PingOne cloud platform.
With PingOne DaVinci, anyone can become an experienced architect using Ping's best-in-class Services, third-party services, or both, all within a simple drag-and-drop interface.
Getting started is easy.
Just add connections out of the box from a list of hundreds of services you use, Including Identity Providers, MFA, Biometrics, Threat Detection Vendors, and more.
Want to add a new connector?
It's simple.
PingOne DaVinci has a proven process to quickly Certify and publish connectors built by our customers and partners.
These connectors become the nodes and the flows that you'll create, Edit, and optimize in real time.
No code is required.
That brings us to the Flow Studio.
Here you can orchestrate any journey across the identity life cycle.
From frictionless registration, aggressive profiling, passwordless sign-on, Invisible fraud prevention, and more.
You can decide to build a custom flow from scratch yourself, Or browse a marketplace of flow templates to utilize.
Just import the ones that are best for you and use them as editable starting points.
This can be a simple social login or account recovery flow.
A delegated administration flow, or a flow that assesses risk and adds step-up verification.
You can even use flows to perform risk-free, just-in-time migrations that migrate users from Legacy systems as they log in with their existing credentials.
Once you've established a flow, you can use flow policies to A/B test by sending some users Down one path, and others down another to see which performs best.
This lets you optimize your user journeys to quickly test new vendors and reduce abandonment.
DaVinci also makes it easy to get experiences into your APPs through widgets, APIs, or redirects.
By embedding just a couple lines of code, Your flows can automatically inherit the styles of your APPs, Making self-service developer integration a breeze.
With PingOne DaVinci, if you can whiteboard a journey, you can orchestrate it.
Start creating with DaVinci today.
I know many of you have seen that video before, but I love it.
It gets a lot of use because there's a lot of power behind what's going on in DaVinci.
It's completely changing how we think about integrating.
And what it's doing is it's architecting future agility into what otherwise has been largely Hardcoded.
All that hard coding that goes on in our Environments become burdensome to all of us over time.
How do you maintain it?
What's the logic?
Where does the logic live?
In all of these identity systems.
So this entire notion of flows, you're gonna hear and see a lot about that.
NEO is going to become our standard for decentralized identity and verifiable Credentials.
This is a new day, this is a new way of doing things.
So we're gonna pioneer that with you.
Let's take a look at one of the many use cases of Neo.
Account sharing has become a costly problem.
At the same time, You want to make it easier for customers to log in.
Introducing verifiable credentials.
Verifiable Credentials make it faster and easier for customers to log in and manage their Account.
They can easily share account access with a Family member.
Users can manage their own subscriptions.
If a family member or friend should no longer get access, It's easy to remove their access.
The advantage here, if they forget to log out, they can revoke the credential.
Stop account sharing and theft with verifiable credentials.
Just one of hundreds of new use cases.
Now when we say that this is disruptive, I really mean it's pretty disruptive.
This notion that individuals now move to the Center of the sharing of their information, where they collect verifiable credentials from All of you, and then decide when, how, and where to share it.
Our ability to prove our real identity in seconds, our ability to better control and Manage our data and our sharing, it's pretty revolutionary.
It's gonna change MFA.
Some pretty amazing use cases where an employee issued digital credential unlocked by your Biometric and shared is a strong authentication that does leverage biometrics.
So there're pretty amazing passwordless use cases in there.
Federation flows that we've historically done where we send people.
To an IdP to authenticate, to then come back with a token to gain access.
Skip all of that too.
You can go directly in.
So do pay attention to this.
We have banks now that are deploying this in early releases to issue these verifiable Credentials of a Bank ID where a customer has gone through vetting, If you will, and a credential is issued.
Now the credential is used for a myriad of services.
So we're gonna help pioneer this with you the Same way we did federation protocols, you know, 15–20 years ago.
But you do need to pay attention to this.
Neo is now in early access and will be standard for the combined companies.
And we're gonna make the upgrade to the future of Centralized Identity to Decentralized, It's gonna be smooth.
One doesn't replace the other, To be clear.
But I do think a lot of use cases that we've Shoehorned into today's model are gonna be enabled directly from Neo and decentralized Identity.
All right.
The next area, let me go back here a Second.
Until recently, attackers were focused on Transactions.
Think the checkout, that makes sense.
That's all changed, like us, they're shifting left.
And we need to shift left with them.
So they're attacking the identity system.
Why attack one thing when you can access to it all?
Right?
And so with them, we also need to focus on Protecting the integrity of our identity system.
So Identity Threat Protection is all about Leveraging risk and fraud signals introspectively.
Focusing on our own infrastructure to ensure that the integrity of our authentications and Our authorizations are not immune, but at least protected from many of the attacks now focused Here.
So PingOne Protect will become our identity Threat Protection standard.
The service can be layered into any Authentication, authorization, or verification service.
You can create the policies and thresholds and the responses when risk is high, You can denote how, when, and where you respond.
Let's take a look at PingOne Protect.
Online fraud is an expensive global reality.
Bad actors try to penetrate digital identity systems to access valuable business resources and commit even bigger crimes.
PingOne Protect helps prevent fraud losses without hindering user experience and causing Legitimate users' frustration by evaluating user, network, Behavior, and device risk signals in real time across the entire user journey.
It starts by evaluating different risk predictions.
As soon as the session begins.
There are 10 out-of-the-box risk predictors, plus the ability to ingest any third-party data Feeds to create custom predictors.
Getting started with PingOne Protect is easy and fast, Delivering tangible value quickly.
The Setup Assistant wizard instantly configures Default risk policies and scores based on a few questions and responses.
Plus, Ping offers out-of-the-box flow templates for common fraud use cases and hundreds of Connections.
That make integrating all of your risk and Fraud services seamless and secure.
To understand where risk lies and help you make authentication decisions that increase security Posture.
PingOne Protect has a robust dashboard and Detailed reports that provide insight into high-risk locations and factors, Risk events, risk predictors, browser, and operating systems distribution, and the top riskiest users and IPs.
Click on each dashboard card to see additional Details and dive deep into risk data.
Inspect monitored user activity using advanced filtering options.
After the initial training period, you can leverage the dashboard to glean insights that Enable fine tuning of risk thresholds and scores.
Those insights also help you derive tactics for minimizing false positives.
For example, adding allow list IPs to the Geo Velocity, IP reputation, and anonymous network predictors.
You can also add custom predictors.
Composite predictors and overrides.
If anomalies are detected or a bad actor has potentially gained access to your systems, PingOne Protect helps you investigate and gather forensic evidence to prevent future Events.
Investigators have access to logs with robust Data inputs that can be reviewed manually, streamed via WebHook, or pushed via API.
Protect your business resources by preventing account takeover and new account fraud with PingOne Protect.
All right, a lot going on there.
As an industry, we haven't really solved authorization.
That's next.
The last 10 years was focused on the Authentication journey from standards-based single sign-on to MFA now to password lists, Focus on the user experience.
We as an industry have to figure out how we can abstract out our authorization policy that is Now today embedded everywhere.
We'll never get to Zero Trust without it.
So Penguin Authorized will become our standard for fine-grained, Dynamic policy-driven authorization.
The service is today managing fine-grained authorization to data in many OpenBanking use Cases around the globe.
It's also the centerpiece for Zero Trust.
Now, we're gonna have to unlock this capability through open standards that we don't have today.
So I've tasked the teams, and you all know that we've invested significantly over many Years in Open Standards to figure out which Open Standards we need to put our back behind So that we can unlock this capability.
Many of you need this.
You're struggling today with an old paradigm Applied to an increasingly complex world where finer and finer access is required.
Over the years, many of you have asked Ping for more capabilities around identity lifecycle management.
ForgeRock has invested significantly here.
And the ForgeRock identity lifecycle management capabilities will become a future Standard for both ForgeRock and Ping customers.
We'll look to make it easily consumable by all of our Ping customers.
All of these things will take time, you gather, but these are all areas that you've asked us For where now all of a sudden we can standardize and unify our strength and Capabilities.
Together, these efforts, as you can see, will enable more scale and flexibility, and more capabilities at an accelerated pace.
So we're super excited about that.
Let me highlight a couple of areas we're now focused on to make things easier and faster.
And this by no means is an exhaustive list, but these are a few areas of particular pain points For many customers.
The first is for many of you who are taking the cloud journey with Ping, How you connect the use cases to your on-prem infrastructure and hybrid was complicated.
And early at Ping, we had to really go through machinations to get the networks connected, If you will.
Over the course of the last couple of years, We've invested in a series of Gateway to enable the RADIUS, Kerberos, and data connectivity, LDAP and other.
So these gateways are lightweight, if you think, think virtual appliance-like in nature.
They just make it easy to connect your cloud identity infrastructure to your on-premises, Uh, to your on-prem capabilities.
That's one area we've made a lot of progress.
The second area, and this was a challenge for the team because when we entered 2023, We didn't have this effort budgeted.
This is an example of just above and beyond Bioengineering teams knowing that you needed this.
We now have 95% coverage of all Ping software and PingOne capabilities.
Covered in our Terraform providers.
So this is all available to you now.
And if you are focused on config as code and how you can automate solutioneering, If you will, across a diverse set of capabilities, Terraform is going to be a major, Major capability for you.
So again, super excited about that one.
That one's a real enabler for automation.
The next area that we continue to invest is the out-of-box integrations in DaVinci that allow You to weave and stitch other technologies into and around your Ping infrastructure.
So we have 800+ Connectors today that will be 3,000 soon.
And we are working on ways to automate the way in which we ingest APIs from third-party services that you're looking to integrate in your Zero Trust initiatives and make that as Easy as possible for you to build your policies and your workflows, And your other experiences.
Another area that we're investing in.
Is in our turnkey flows; think of these as templates, logic that goes into the integration of a user experience that we want to make as turnkey and out-of-the-box as possible.
And we'll build a library of these flows, well organized into the entire life cycle journey of An employee from onboarding to off-boarding, for customers, From registration to offboarding.
Flows for everything, integration flows, user experience flows, Various templates for user experience, policy flows, data flows, Workflows.
We're building a library of these now we have 36 today, So it's just a start.
But you can see over time, the logic behind how you stitch together an increasingly complex Identity Control Plane.
We're looking to canonize all of it, if we can.
And another area of focus for us is reusability.
So this is a Labs project started by a small Team at Ping.
When we recognize so many things get reinvented.
At Ping, they get reinvented, in the industry, they get reinvented.
So the question is, what can we do to make, what can we do to make a best practice easier?
And so one of these labs' efforts was this notion of a Ping library.
Think of this as a repository that we can submit code snippets to, Flows to, subflows to, policies to.
Make them easily searchable, and over time connect this library.
This repository of all the great work going on by our partners, by our customers, by us internally, so they can be reused by teams.
Over time, all of this library material will be exposed directly from within our products.
So over the years we've experienced a wide range of outcomes with our customers.
Some customers succeed with unbelievable speed.
It's mind-boggling, and others struggle to get the first app live.
Skill sets and experience matter a lot.
And many times I've observed, it just takes one rainmaker and a competent small team to do magic at companies, but not all of us have access to those rainmakers.
You, I would suggest, are the rainmakers for the industry.
But you are not the norm for everything that we run into out in the wild, which is why all of our Support services are so critical, especially our training and Certification and Badging.
This stuff takes time to learn.
You can't just presto and make all of this stuff happen, So.
This is where we're very focused.
Our combined resources between Ping and ForgeRock will expand this.
The self-service content, our documentation, our documentation to APIs, All of our badging and certifications, programs in our Customer Success program, All of these things are designed for us to get ahead.
Of success, and we find when we leave this open or uncommunicated bad things.
Happen, we need to get way in front of who's doing the implementation.
Are they certified?
Are they trained?
Do you have the right partners involved?
Do you have the right skill sets in your Company to succeed?
If not, we're here to help you or our partners are here to help you.
Let's not forget about our partners now.
Winning here is a team sport.
Many of you lack the resources to deploy, integrate, operate, Uh, all of these IDM services in increasing sophistication.
So that's where our partners come in.
I wanted to recognize Ping's top 10 Americas Partners.
These are companies who, um, work with many of You to find opportunities for our joint companies.
They're really doing an incredible job.
And I also wanted to highlight companies who have taken the time and effort.
To become our top delivery partners.
These are the people who have invested significantly in the training and certification of their staff to ensure your success.
And many times when I see these companies involved in a deal, I just relax.
Things are just quiet.
Things just get done.
That's the level of investment we're looking for to make sure that success is not optional.
Two of the partners I'd also like to highlight and encourage you to take a look at this Afternoon, I think around 4, 4:30, we have a, we have a session on these, is proof ID and SIMO for the art of the possible work they've done with DaVinci and Ping for CoBank in the North Carolina Department of IT.
Pretty amazing things that they've done there, and we'll highlight what they've done in a lot Of detail this afternoon.
Lastly, I'm excited to announce that tonight we'll share our 2023 Identity Excellence Awards.
These are companies and their partners that are pioneering the future with Ping.
And those awards will also take place this afternoon.
Very, very excited about the work they've done.
Alright, so together, Ping and ForgeRock, along with our partners, In partnership with all of you, we're building a very, Very bright future.
We got a lot of hard work to do.
We're on it; we're moving fast.
We're committed to your success more than ever before.
We're committed to providing you a smooth roadmap to the future.
Recognize that these platforms are strategic, and like I said, If you don't believe me, just know, they are very, very good business.
Highly profitable businesses, so don't think that we would do anything to harm ourselves.
What is good for you is gonna be good for us.
So that smooth roadmap to the future with identity at the center, None of that changes.
We're just gonna do it bigger and faster.
We've ever done it before.
So with that, I just want to thank you all for being here.
