DON’T COMPROMISE SECURITY FOR ACCESSIBILITY
Today’s workforce, partners and customers need digital access everywhere, which means you need to ensure that your digital assets are both accessible and secure. But the complexity and on-premises requirements of legacy web access management (WAM) systems and the limitations of API gateways leave enterprises without a central location to manage access security. Enter PingAccess, which can apply a greater depth of access control to secure both your applications and APIs in any domain, for users in any location.
MODERN ACCESS MANAGEMENT
FOR THE DIGITAL ENTERPRISE
PingAccess provides the comfort of knowing that only the right users can access sensitive resources. A comprehensive policy engine ensures that those requesting access have the appropriate permissions, user context and device posture to access applications, down to the URL level. For APIs, policies can be applied to disallow certain HTTP transactions to users in untrusted contexts, such as administrators using DELETE outside the corporate network.
By applying policies in context, PingAccess can verify user identity across specific resources, evaluating a diverse range of methods and circumstances in which the user is requesting access. ABAC, RBAC, authentication levels, IP address, web session attributes and OAuth attributes and scopes can be used to approve or deny access to sensitive resources.
Ensure consistent enforcement of security policies by centralizing access control across diverse enterprise application portfolios in hybrid IT environments. From a single console, policies for web applications, APIs and single page applications hosted in any domain can be written, managed and updated.
PingAccess abstracts sessions from applications and APIs, removing the risk of errors and inconsistent session security parameters. It also reduces the risk of man-in-the-middle attacks like session hijacking with encrypted session tokens scoped for specific applications.
PingAccess continuously validates authentication tokens with PingFederate in predetermined time intervals. If there’s a change in user context—or if a single logout process terminates a user’s authentication session—all application sessions will immediately be terminated.
You can deploy PingAccess on-premises or in the cloud using agents, proxy or a combination of both. For cloud deployments, we include customizable AWS automation templates that enable you to rapidly deploy advanced clustering, replication capabilities and more with minimal effort. Wherever your resources are hosted, PingAccess can also extend standards based, federated SSO to all applications using HTTP header injection, JWT tokens and token mediation. You can even secure access and extend SSO to on-premises web applications through third-party cloud identity stores like Azure AD. To learn more about the PingAccess for Azure AD partnership, read our white paper.
Modernize Your Legacy WAM
With cloud, API and mobile-first mandates, it’s easy to see how significantly limiting legacy web access management (WAM) systems are. PingAccess provides a modern, lightweight solution that includes the tools and expertise to coexist or migrate from your legacy WAM. Token translators and policy migration tools help to enable coexistence and avoid downtime disruption. You can automatically translate your legacy WAM policies for use in PingAccess, which
Discover True API Security
PingAccess provides foundational API security by controlling access to your enterprise’s internal and public-facing APIs. You can deploy at the perimeter of a protected network between mobile, browser or server-based client applications and protected APIs to ensure only users with the right attributes can gain access. PingAccess also supports more granular API access control, limiting users to transactions permitted by the authorization scopes contained in their access tokens.
WGU LEARNS SIMPLE, POLICY-CONTROLLED ACCESS
To connect to a variety of new and old technology applications, Western Governors University (WGU) needed to replace OpenSSO in order to support modern protocols such as SAML and OpenID Connect. In addition, they needed to protect both APIs and applications through a single access gateway.
PingFederate with PingAccess was found to be superior in performance and lower in admin overhead than any other solution evaluated. It gave WGU the simple access to applications that users wanted and the controlled access to resources that policy demanded.
READY TO DIG DEEP INTO MODERN ACCESS MANAGEMENT?