A week or so ago when the Ping Marketing crew started rolling out our next version of PingFederate, version 6.6, I had one of those moments in product management when you realize you have underestimated the value of the new features prioritized for a release. You always expect to have a few new use cases emerge as you talk with existing and new customers, analysts and partners, but rarely do you get to see the number of use cases blossom as we have seen with this release.Â
Like many great ideas, the new features in PingFederate 6.6 grew out of customer demand. As we started to see more and more requests for advanced authentication and complex attribute retrieval, our engineering team at Ping put their heads together and realized that they could add some unique management capabilities that leverage the flexible and extensive adapter framework that PingFederate is built on. Here are the highlights that I see:
- Flexible authentication rules that provide the ability to define rules based on remote user location or context (data sensitivity), which would enable our customer's to ensure that their cloud-based services comply with corporate security and compliance policies. What makes this feature very cool is that "context" is any aspect of the authentication request that is presented to PingFederate. So, one could create a rules set that evaluates HTTP header values, or query parameters to determine how a user will authenticate to any application or service based on the risk of their context. For example, if you have an application or service being accessed by a user with a social media identity, or a location outside the firewall, you can step-up their authentication requirements to ensure that they are who they say they are before granting access.
- Authentication chaining provides the ability to form "chains" of authentication methods (adapters) for creating unique multi-factor authentication patterns or fall-back scenarios. This gives our customers stronger security and higher availability. Tied with the new authentication rules, you can now address a variety of security policies based on the applications and services you need to protect.
- Identity Attribute Aggregation doesn't seem as sexy as the other features, but the few customers we have shown this feature to tell us how much money and time it saves them. This feature allows quick and easyÂ onboarding of new SaaS applications that requires additional user information. Customers have the ability to interact with multiple sources for gathering user profile data (attributes) needed to interact with identity and service providers.
As the 6.6 version of PingFederate is rolled out, I'm looking forward to hearing about more unique use cases customers are able to address with these new features. I'm sure I'll continue to be amazed at the creativity and ingenuity of the Ping community.