Access Management for the Modern Enterprise
Market leading, open standards-first access management solution providing flexible, modular and scalable identification, authentication, authorization and federation services to applications, apps and APIs for Consumer, Employee and B2B use cases.
Icon
Heading
Create and Orchestrate Delightful and Secure Identity Experiences
Description
Building Identity Experiences that streamline the end user journey has never been more important than today. A frictionless, secure and intuitive registration, authentication or check-out experience is a competitive differentiator. PingAM is packed with innovative capabilities that make Identity Experience Orchestration easier than ever.
Icon
Heading
Efficient Developer Experience
Description
Use PingAM to create identity journeys using drag and drop and leverage PingAM Node Designer to manage your custom Tree Nodes in a reusable and efficient manner. PingAM is API-first; in combination with Ping SDKs, application developers can focus on business innovation rather than the intricacies of identity protocols.
Icon
Heading
Centralize Access Control
Description
Manage authentication and authorization policies centrally and enforce them using PingAM Java & Web Agents, PingGateway, Ping SDKs or direct REST API calls. Instead of building an access policy into a web application, you can install an agent with the web application to request policy decisions from AM. This approach avoids issues caused by embedding policy decisions into applications.
Icon
Heading
Scale & Performance with Flexible Deployment Options
Description
Designed for the high-scale required by modern enterprises with millions of customers, citizens, services and devices. Deploy PingAM on-premise, in your private cloud, public cloud, or in a hybrid cloud fashion.
Icon
Heading
Easy to Integrate with Ping SaaS Based Services
Description
Augment your Identity Experiences with PingOne services such as PingOne Verify & Protect. Leverage our out-of-the-box PingAM Tree Nodes to accelerate identity journey innovation by integrating PingOne services with minimum effort.
Key Features
- Standards-based SSO across cloud, SaaS, mobile, and on-prem applications.
- Contextual and Adaptive Authentication: policies in PingAM can dynamically evaluate user context, including device type, geolocation, risk signals, IP reputation, and behavioral patterns.
- Protect legacy applications: with PingGateway, PingAM extends modern access controls to legacy applications that don't natively support OAuth or SAML.
- Strong standards, compliance, and certifications, including OIDC/OAuth2, SAML2, FIDO2, and FAPI.
- Deliver strong multi-factor authentication from your self-managed deployment by adding WebAuthn, FIDO2, and OATH authenticators with easy to implement patterns.
- Create identity experiences with a graphical drag & drop Tree designer.
- Extensive partner integration ecosystem.
Capabilities & Benefits
Orchestration
Orchestrate frictionless, secure identity experiences with ease.
- Build no-code flows using a drag-and-drop interface, with example PingAM Trees to help you get started.
- Rapid creation of custom login flows, consent prompts, registration screens, and fraud response logic—without coding.
- Create and reuse custom nodes using PingAM Node Designer.
Single Sign-On
- Enable users to log in to multiple resources with a single ID.
- OIDC and SAML2 federation will allow for standards-based SSO integration.
- PingGateway in combination with PingAM can bring SSO to your legacy non-standard applications.
Multi-Factor Authentication & Passwordless
- Provide MFA choice with multiple options easily integrated in your PingAM Trees.
- Provide on-premise based MFA with strong authenticators such as WebAuthentication, FIDO2, and OATH.
- Evaluate user and device signals in your identity journeys to only add MFA when required.
- Remove passwords by using FIDO2/Passkeys or device binding in authentication journeys.
Standards Support
- Leverage mTLS to secure your APIs and participate in open ecosystems.
- PingAM and PingGateway work in concert to secure access to resources using modern identity protocols and profiles.
Integrations & Customizations
- Our marketplace provides supported integrations from a variety of vendors.
- Build your own custom integrations if required.
- Easily add custom OIDC claims using a claim script plug-in.
- Customize the OAuth2 authorization server at well-defined scriptable plug-in points.
Authorization
- Centrally manage access to applications and APIs.
- Configurable, high-performance authorization engine.
- Can act as a Policy Decision Point (PDP) and enforce access by deploying Policy Enforcement Points (PEP) such as PingAM agents.
- Integrate with PingIDM as a Policy Information Point (PIP).
- Configure policies centrally in PingAM and use PingGateway as a reverse proxy based enforcement point.
Secure APIs
- Leverage mTLS to secure your APIs and participate in open ecosystems.
- PingAM and PingGateway work in concert to secure access to resources using modern identity protocols and profiles.
Title
Part of Ping’s Advanced Identity Software Stack
Card Image
Card Title
Hide Accent Bar
Card Subtitle
Card Body
Card Link
PingIDM
true
Manage complex business relationships, automate your joiner/leaver/mover processes, and integrate your business applications.
PingDS
true
Store your user data with confidence and at scale.
PingGateway
true
Protect web applications, APIs and microservices in combination with PingAM.
PingAM Java & Web Agents
true
Protect your Java EE and web applications in combination with PingAM.
Advanced Identity Software – Deployment Flexibility
Confidently deploy and manage your IAM platform to suit your stringent business needs.
On-Premise & Private Cloud
You run and manage infrastructure yourself. From Kubernetes to VMs and Ping supplied hardened Secure Containers, we have you covered.
Public & Multi-Cloud
Your strategy requires multiple cloud infrastructure providers. Automation will mitigate against configuration drift.
Hybrid Cloud
Keep certain IAM components on-premise whilst leveraging Ping's Cloud for other services.