Page does not exist at path /content/ping/en/company/blog/authors/john-fitzgerald
We often discuss how easy it is to implement our products and how happy life can be with a strong identity management plan and solution in place. However, when you're researching for which solution(s) that are best for you, "easy" and "happy" may not be the best adjectives to describe your experience. Understanding that world, here's some simple information to help you determine which identity bridge to use with our identity management as a service (IDaaS) product, PingOne®.
As organizations utilize IDaaS solutions (such as PingOne) across the hybrid cloud, they will likely require an identity bridge to overcome the different inner-workings between on-premises, software as a service (SaaS) and partner landscapes.
An identity bridge is important for both "to the cloud" and "from the cloud" application access. For example, on-premises identity systems that leverage Kerberos and LDAP don't make the leap to SaaS applications. Therefore, using this example, external identities (say, those of your partners or customers) wouldn't be able to readily connect from their environments to on-premises resources. To solve this gap, a 'bridge' is needed between existing identity management processes and IDaaS and SaaS applications.
Ping Identity offers two identity bridges -- PingFederate® and AD Connect -- to allow connectivity to the PingOne IDaaS from the on-premises enterprise.
The AD Connect identity bridge is best if you:
Leverage Kerberos or Active Directory passwords as the initial user authentication.
Store user attributes in a well-formed Active Directory.
Desire SSO for SaaS-based applications or SAML-based on-premises applications.
The PingFederate identity bridge is the right choice if you:
Store user attributes across multiple identity stores.
Authenticate users with stronger authentication methods besides Kerberos and AD password.
Wish to leverage PingFederate's SSO capabilities for on-premises applications.