Today, Microsoft and Ping Identity are announcing the general availability of the integration between Azure Active Directory (Azure AD) and PingAccess. This integration allows today's mobile users to authenticate to Azure AD and have secure single sign-on (SSO) access to on-premises web applications. That's right, login to Azure AD and have simple secure access to not only Office 365 and your SaaS apps, but also all of those legacy web applications either on-premises or in private clouds.
Microsoft and Ping Identity learned a lot during the private and public previews of this integration. Over the past five months, dozens of customers installed PingAccess on-premises, configured the Azure AD application proxy and were able to give seamless SSO to those users. Here is the exciting part, they did it without the need for a VPN. Network guys love it, security guys love it, and the end users certainly love it.
Since this is pretty revolutionary, we knew we needed to make it simple. This whole process starts within your Azure AD control panel. As you configure an application for SSO, you will find a link to PingAccess and you are on your way.
Remember that simple part? We made the first 20 applications that you configure free. And, we give you a single point of contact for support at Microsoft, for both Azure AD and PingAccess. Once PingAccess is installed, you simply configure additional applications using the easy to follow documentation.
The technical wizardry that happens once the configuration is done is that when one of your users goes to access an on-premises application, PingAccess will reach out to Azure AD, get an OpenID Connect (OIDC) token, translate that to the header that the user expects and grant or deny them access.
Most legacy web applications expect header based authentication so your app owners know and expect this behavior. But sometimes these applications already have a legacy Web Access Management (WAM) solution in front of them. Luckily, we have created a simple process for using PingAccess and PingFederate to translate that OIDC token to the appropriate proprietary header. We ran into this scenario quite frequently during the preview period.
Azure AD is one of the fastest growing enterprise technologies in Microsoft's history, delivering incredible security for today's mobile workers. Giving Azure AD customers seamless secure access to legacy on-premises web applications is the cherry on the top and one we are proud to be delivering in partnership with Microsoft.