Updates to our Federated Access Management Solution
Today, Ping Identity has released updates to the foundation of our Federated Access Management solution with PingFederate 7.3 and PingAccess 3.1. This release centers on the Federation Hub in PingFederate and advanced attribute and session management capabilities with PingAccess--driving revenue and reducing risk for the enterprise.
The Federation Hub feature of PingFederate stops the worry about which federation protocol you need to support in order to connect with your customers, partners and applications. The benefit is that you can easily connect your applications and your identity providers together to share information, build business partnerships and drive revenue without federation protocol limits. You can also stop negotiating and enforcing federation support for specific applications. Instead, may now use the Federation Hub to coordinate the protocols from the identity provider and service provider. The Federation Hub coordinates the protocols by accepting a SAML assertion or WS-Federation token and then translating that token into the appropriate federation token format for the application.
The Federation Hub also centralizes and simplifies administration by multiplexing a single application to many IDPs. Administrators can easily add and update federation relationships without affecting an application. Additionally, multiplexing supports many federation relationships to an application constrained to a single federation connection, like Microsoft® SharePoint.
IdP discovery becomes more important with the Federation Hub when multiplexing is involved. Adaptive Federation features enable PingFederate to select an IdP based on contextual information available from an authentication request, such as source IP address, requested level of assurance and user agent details. This simplifies the selection of the correct identity provider without onerous question and answer processes.
PingFederate has also matured the OAuth 2 Authorization Server to strengthen identity security for APIs, mobile applications and server-to-server communication. Now you can customize authentication and identity requirements for each API client or application while integrating with existing identity stores. When combined with PingAccess, these changes provide a complete, customizable identity security framework for all clients and their corresponding APIs.
In addition to its API security capabilities, PingAccess can now capture and react to changes in identity stores. As administrators update user groups or other identity attributes, a user's web session is updated with the latest information. With this latest information, security can be enforced against an up-to-date user profile.
The real value to continuous updates for attributes is what happens when users are deleted or disabled. When the 'delete' or 'disable' event is detected, all single sign-on (SSO) and web access management (WAM) sessions are immediately terminated. Additionally, this functionality can be plugged into the OAuth 2 Authorization Server to invalidate all access tokens for the users. With the single delete or disable event, a user will lose access to all applications regardless of the client involved.
PingAccess 3.1 also brings built-in load balancing features that reduce the network complexity and total infrastructure cost of moving from an agent-based architecture to a gateway-based architecture. PingAccess also monitors and manages fail-over across multiple servers for a single application.