It's been a great few months here at Ping as we've responded to a handful of analyst surveys related to the identity and access management market. Many analysts are updating their vendor research to determine who is "up and to-the-right" in this rapidly changing market.
As I reviewed the questions and evaluation criteria, I was glad to see a good balance between legacy and cloud capabilities, but especially excited to see identity federation as a core category rather than a line item under the Web SSO section. Standards are fundamental to both networking and scaling identity beyond today's silo'd approach.
There were questions that sought to understand what our federated access management solution was; how we handled both customer facing as well as workforce facing use cases; what legacy, social and SaaS integrations were available out-of-the-box and how our solution supported federated user provisioning amongst other things.
It was obvious that Identity Federation has become a core foundational element for all critical identity and access management capabilities going forward, which makes working with Ping Identity great as identity federation is, and has always been at the heart of our solutions.
As I started to fill out the surveys, it was evident that identity federation has given Ping some interesting capabilities for addressing a broad-range of IAM use cases. Some that quickly came to mind are:
Adaptive federation, which allows an administrator to define policies that combine contextual authentication rules and chains of authentication methods to address a very flexible set of user access scenarios.
Multi-attribute aggregation, which allows collection of identity attributes from any number of sources for generating a unique identity for any application. This ability to collect attributes from a broad-range of authoritative sources on user information can be done in real-time to gather the necessary static and run-time data that is needed to authenticate, authorize and provision users to an application.
Token authorization, which gives administrators the ability to administer, define and enforce policies for controlling both SSO and API token issuance based on a user's identity. This approach allows organizations to leverage their identity federation infrastructure to provide coarse-grained attribute-based access control (ABAC) for web and mobile applications. The solution supports a broad range of use cases - 12 in all, such as, SAML assertion, STS tokens, OAuth access tokens, and session cookies; and can be configured for all data flows, including: Browser SSO, OAuth, STS and attribute query.
This is all good stuff and makes talking about our solution to analyst a lot of fun. I'm not going to say it makes the burden of responding to hundreds of questions any easier, but the rich capabilities we can offer on a identity federation platform makes differentiating ourselves less of a challenge.
And as many of you know, regardless of how Gartner summarizes their research in a Gartner Magic Quadrant, or Forrester does in the Forrester Wave, the key is that the solutions we provide enable our customers to simply and securely solve the identity and access management challenges and opportunities they face.
Loren Russon is the director of product management at PIng Identity