When configuring a SAML-based Single Sign-On (SSO) connection, it’s common for partners to exchange metadata that contain digital certificates.
To avoid service interruption, your Identity Provider (IdP) customer must either renew or replace the certificate before it expires. The certificate is then sent to you, so you can modify the SSO configuration.
But as a service provider with hundreds or even thousands of customers, managing digital certificates and coordinating certificate updates is a huge task.
Ping Identity provides multiple ways to increase efficiency.
For example, PingFederate allows an administrator to configure a secondary verification certificate, ensuring uninterrupted SSO service when a signing certificate is renewed or replaced. It also gives users an option to use the subject DN instead of the certificate itself for a CA-issued certificate.
In the case of PingOne, the platform allows you to establish an explicit trust relationship between you and each of your IdP partners.
To simplify certificate management through multiplexing, PingOne reduces the number of connections, and, therefore the certificates required, from hundreds or even thousands, to just one.
Similarly, an IdP needs just one connection (one certificate) to PingOne, enabling access to multiple service providers.
Either way, Ping Identity lets you and your customers eliminate the pain of certificate management, providing more time to grow and run your business.