authentication for everyone and everything
Enterprises need to provide a consistent way for customers, employees and partners to sign on to their on-premises, cloud and SaaS resources. They must account for multiple standards, custom app requirements and other complex authentication use cases while balancing user convenience, risk and levels of assurance. With the Ping Identity Platform as your authentication authority, you get a versatile solution for all identity types, user populations, apps, and environments.
balance security
and convenience
As users sign on to your digital properties, some may exhibit high risk behaviors, such as logging in from unrecognized devices and locations or trying to access a high-value resource. To avoid adding unnecessary friction for all of your users, you need to be able to respond to these specific scenarios to increase user assurance through multi-factor authentication (MFA) or other methods. The Ping Identity Platform leverages identity intelligence to strike the balance between security and convenience with powerful adaptive authentication policies that evaluate a user’s devices, behavior and other contexts to assess risk and respond appropriately. As a result, it can approve or deny requests, require a user to login again, or step up authentication to PingID or other third-party MFA services.
give your customers control
The Ping Identity Platform provides fully customizable templates for registration, sign-on and self-service account management, as well as common account recovery flows. It comes with out-of-the-box options for social login, registration and account linking that allows users to connect or disconnect social accounts, even after they’ve registered. This way, you can ensure your customers have convenient registration and sign-on experiences.
sso across everything
Modern enterprises have many different service providers (SPs) that users need access to. They may also have several identity providers (IdPs) that different business units or partners use to sign on. The exact mix of SaaS applications, IdPs, SPs, standards and use cases are different for every organization. For large enterprises, a simple SSO solution is insufficient. You need a versatile federation hub to provide SSO between IdPs and SPs, no matter how they’re configured or what standards they use.
The Ping Identity Platform acts as a federation hub by:
- Supporting IdP- and SP-initiated SSO
- Enabling SSO to non-standards-based applications
- Providing SSO for APIs as well as mobile and SaaS applications
- Multiplexing multiple IdPs to a single SP, or a single IdP to multiple SPs
discover true platform extensibility
Enterprise environments are complex and unique. Each one contains different sets of standards, applications, directories, user populations, environments and use cases. The Ping Identity Platform is an agile, standards-based identity solution that thrives in complex environments. It makes integrating new apps and technologies fast and easy with:
- Support for OpenID Connect, OAuth, SAML, WS-Federation, WS-Trust, SCIM and other standards
- Cloud IdP integrations with Facebook, Google and others
- Data storage, password credential validator (PVC), hardware security modules (HSMs), mobile device management (MDM) and other integrations
- A robust software development kit (SDK) for custom integrations
- MFA connectors such as RSA SecurID, Symantec VIP and Duo
- Token translators such as JWT and X.509
deploy in hybrid it environments
Today’s enterprises have applications deployed on-premises and in a range of cloud environments like Azure, AWS, SaaS, private clouds and others. Many authentication solutions are limited to working in a single type of cloud environment, or with an emphasis on SaaS apps—but not on-premises. The Ping Identity Platform can support application portfolios that span all of them. It can be deployed on-premises or in cloud environments, and it can provide access to all SaaS, cloud and on-premises applications. Instances deployed in disparate environments work together to create a centralized authentication and SSO solution across your hybrid IT infrastructure.
keep your identities in sync with provisioning
PingFederate is able to connect to many different types of user repositories for credential validation or to gather user details. It’s important to keep those in sync with internal or external IdPs or SPs that they interact with. PingFederate does this through provisioning capabilities. When configured as an SP, PingFederate has two options for inbound provisioning. First, it can accept SCIM API requests from IdPs to add, update or remove (deprovision) users from a local repository. It can also leverage just-in-time (JIT) provisioning which allows it to modify user records locally based on user information contained in SSO tokens. When PingFederate is configured as an IdP, it can periodically poll its local user store to ensure it’s in sync with the SP’s data store or work with PingOne to pass SCIM requests through to a SaaS SP. Together, these provisioning capabilities ensure that user data remains synchronized no matter your SSO use case.
unify the
data layer
SaaS applications or partner applications that you don’t control require SSO and provisioning capabilities to ensure that your users have convenient access. However, there are many applications and user stores that you do manage. In these situations, you have an option to synchronize the repositories to reduce the amount of identity and credential silos that exist. PingDirectory has data synchronization capabilities that create a unified profile and credential store for any and all on-premises and cloud directories—RDBMS, LDAP, CRM and many more—that your apps leverage. This can drastically simplify your architecture and the requirements of your SSO solution. It can also give you the additional benefits of a single, scalable and secure user store that all of your applications can access via developer-friendly REST APIs.
