Microsoft Recommends Migrating to Ping as ACS Is Deprecated

November 20, 2017
Edward Killeen
Partner Marketing Manager

If you're an existing Microsoft ACS customer, you need to start looking at a migration strategy. Microsoft has deprecated ACS, and its last day will be in November 2018. You'll need to make sure that any authentication happening through ACS is moved to another platform. For enterprise customers, Microsoft has recommended Ping Identity for our product's ability to handle large, diverse authentication scenarios.


Replacing ACS? You Have Options.

There's some basic functionality that ACS provides which Azure AD doesn't. Because of this, you may need to look at alternate solutions. Microsoft recommends the Ping Identity Platform for enterprise customers because of our comprehensive IAM capabilities that cover all ACS features and more. To maintain ACS functionality as you move forward, see how our comprehensive capabilities will meet your needs:

If you need to migrate a claims-aware web application off of ACS, consider migrating to PingOne. This cloud-based service helps you achieve federated single sign-on (SSO) with a multitude of identity providers, including Facebook, Google, Yahoo, Microsoft, ADFS and more. For details on integrating with PingOne, including the claims customization capabilities, read up on our IDaaS SSO solution.

If you require even more flexibility, you'll want to consider PingFederate as an option. This robust software can be installed and deployed on infrastructure you own (on-premises or in the cloud), and it can help you achieve federated SSO to your apps and services currently using ACS. PingFederate supports all identity providers that PingOne does, and it also provides much richer customization and a wider range of authentication protocols. It can also be used to secure web services and APIs using the WS-Trust protocol, similar to how ACS provides server-to-server authentication via WS-Trust and OAuth. For details on integrating with PingFederate, read more about our software-based SSO solution.

Why Ping Identity?

The Ping Identity Platform is the most comprehensive, most flexible access management solution in the market, offering:


  • Breadth and Depth of Platform Capabilities. Our platform allows you to govern, control and secure access to customer profiles and identity and preference data utilizing an industry-leading, high-scale, high-performance data store with multiple deployments over 100 million users.
  • Centralized Control. Our solutions are built with support for a central IT/security organization in mind, including the ability to create and enforce a wide range of centralized policy and management controls for identity providers, authentication workflows, authorization levels, app and API access security, data access governance and much more.
  • Flexible Deployment Model. As an enterprise platform, our products are easy to deploy, easy to configure and are built to deploy and scale in any combination of on-premises and cloud infrastructure to address enterprise hybrid IT requirements.
  • Enterprise-grade Security. Our solutions are designed for enterprise customers that can have unique and extensive security requirements. We offer a wide range of configurable, policy-driven capabilities in areas of contextual multi-factor authentication (MFA), access security and data layer security.
  • Flexible Integrations. Integrating with existing technology solutions is an increasingly important requirement in the enterprise. We have broad mature integrations with enterprise technology vendors and platforms. For example, Ping and Microsoft have a strategic partnership that enables SSO to legacy apps from Azure Active Directory, leveraging integrations with our access security and identity federation capabilities.


If your enterprise relies on ACS today, Ping Identity is clearly a superior replacement option that's endorsed by Microsoft, a leader in identity technology and standards definitions that's been committed to enterprise success for over a decade. For more information on PingOne and PingFederate please visit our single sign-on page.