Authentication Authority
Connect any user with any application
Authentication for Everyone and Everything
Enterprises need to provide a consistent way for customers, employees and partners to sign on to their on-premises, cloud and SaaS resources. This includes accounting for multiple standards, custom app requirements and other complex authentication use cases while balancing user convenience, risk and levels of assurance. Learn how a versatile authentication authority for all identity types, user populations, apps and environments helps you authenticate everyone and everything.
Balance Security and Convenience
As users sign on to your digital properties, some may exhibit high-risk behaviors like logging in from unrecognized devices and locations. You can gain greater assurance of user identity with multi-factor authentication (MFA) or other methods. But you don’t want to add unnecessary friction for everyone. The PingOne Cloud Platform leverages identity intelligence to strike the just-right balance between security and convenience. Using adaptive authentication policies that evaluate a user’s devices, behavior and other contexts, it lets you assess the risk and respond appropriately, from approving or denying requests to requiring a user to login again or stepping up authentication.
Give Your Customers Control
The PingOne Cloud Platform provides fully customizable templates for registration, sign-on and self-service account management, as well as common account recovery flows. It comes with out-of-the-box options for social login, registration and account linking that allows users to connect or disconnect social accounts, even after they’ve registered. This way, you can ensure your customers have convenient registration and sign-on experiences.
SSO Across Everything
Modern enterprises have many different service providers (SPs) that users access. They may also have several identity providers (IdPs) that business units or partners use to sign on. The exact mix of SaaS applications, IdPs, SPs, standards and use cases are different for every organization. For large enterprises, a simple single sign-on (SSO) solution is insufficient. You need a versatile federation hub to provide SSO between IdPs and SPs, no matter how they’re configured or what standards they use.
The PingOne Cloud Platform acts as a federation hub by:
- Supporting IdP- and SP-initiated SSO
- Enabling SSO to non-standards-based applications
- Providing SSO for APIs as well as mobile and SaaS applications
- Multiplexing multiple IdPs to a single SP, or a single IdP to multiple SPs
.png)
Discover True Platform Extensibility
Enterprise environments are complex and unique. Each one contains different sets of standards, applications, directories, user populations, environments and use cases. The PingOne Cloud Platform is an agile, standards-based identity solution that thrives in complex environments. It makes integrating new apps and technologies fast and easy with:
- Support for OpenID Connect, OAuth, SAML, WS-Federation, WS-Trust, SCIM and other standards
- Cloud IdP integrations with Facebook, LinkedIn, Google and others
- Data storage, password credential validator (PVC), hardware security modules (HSMs), mobile device management (MDM) and other integrations
- A robust software development kit (SDK) for custom integrations
- MFA connectors such as RSA SecurID, Symantec VIP and Duo
- Token translators such as JWT and X.509
Deploy in Hybrid IT Environments
Today’s enterprises have applications deployed on-premises and in a range of cloud environments like Azure, AWS, SaaS, private clouds and others. Many authentication solutions are limited to working in a single type of cloud environment or with an emphasis on SaaS apps—but don’t work on-premises. The PingOne Cloud Platform can be deployed on-premises or in cloud environments, and it can provide access to all SaaS, cloud and on-premises applications. Instances deployed in disparate environments work together to create a centralized authentication and SSO solution across your hybrid IT infrastructure.
Keep Identities in Sync
An authentication authority can connect to many different types of user repositories for credential validation or to gather user details. Through provisioning, these repositories can be kept in sync with internal or external IdPs or SPs. When configured as an SP, an authentication authority has two options for inbound provisioning: accept SCIM API requests from IdPs to add, update or remove (deprovision) users from a local repository, or leverage just-in-time (JIT) provisioning which allows it to modify user records locally based on user information contained in SSO tokens. These capabilities ensure user data remains synchronized no matter your SSO use case.
Unify the Data Layer
SaaS applications or partner applications that you don’t control require SSO and provisioning capabilities to provide your users with convenient access. However, the user stores for applications you do manage can be synchronized to reduce the number of identity and credential silos that exist. Ping’s directory solution provides data synchronization capabilities to create a unified profile and credential store for any and all on-premises and cloud directories your apps leverage, including RDBMS, LDAP, CRM and many more. This simplifies your architecture and SSO requirements. It also gives you a single, scalable and secure user store that all of your applications can access via developer-friendly REST APIs.
See how Ping’s authentication capabilities help connect any user with any application.
