bridge identity & service providers
In order for a large complex enterprise to enable any workforce, partner, or customer user to access any resource, a robust identity federation solution is required. A federation hub that supports multiple identity standards, like PingFederate, makes it faster and more cost effective to provide secure access for all users. Here are some ways you can deploy PingFederate to bridge an identity provider (IdP or authentication provider) and service provider (SP or application) to address your authentication and access needs:
Legacy authentication meets modern application. As a large, long-standing enterprise, you likely have legacy authentication schemes that do not leverage modern identity standard or protocols. At the same time, your workforce needs to access new SaaS applications or resources built on the latest open identity standards. In order to connect your workforce to new applications, such as Salesforce or O365, and older applications you will need PingFederate’s federation hub capabilities to bridge and translate across older authentication sources, multiple standards and modern applications.
Existing authentication meets new application portfolio. Mergers and acquisitions are commonplace amongst global enterprises. When a company makes an acquisition, it is often the case that employees of the acquired company need to gain access to a portfolio of new applications that the parent company offers, such as corporate expense reporting, business spend and cloud storage sites like Concur, Coupa and Egnyte. In most cases, the acquired company has an existing authentication method already in place. To streamline access to the new applications, PingFederate bridges the acquired company’s existing authentication method to all of the parent company’s applications.
Connect multiple partners to your enterprise application. Your enterprise’s partner network is an essential part of your business operations. To securely and easily manage multiple partners’ access to your enterprise’s partner site, such as Microsoft SharePoint, your application needs to connect to each of those partners’ authentication methods, which often differ from your enterprise’s authentication method. PingFederate has the ability to out-of-the-box connect to multiple authentication methods and give all of your partners secure access to the relevant enterprise applications they are entitled to.
Access an application portfolio via multiple authentication methods. Most global enterprises today have multiple authentication methods deployed because authentication requirements vary across geographic regions, business units, or as a result of M&A activity. At the same time, global enterprises have defined application portfolios that specific users need to access. For example, the global finance organization may have a suite of applications it needs to access via multiple authentication methods. PingFederate’s federation hub capabilities can satisfy this complex use case by providing access to the global finance team’s application portfolio for each finance employee, regardless of the employee’s geographic or business unit authentication method.
non standards-based apps
Many enterprises have older applications that were built with proprietary identity flows and protocols, or they were built before modern identity standards were developed. Rather than reconfigure your older applications to enable SSO, you can leverage the combined power of PingFederate and PingAccess. When combined with PingFederate, PingAccess, acting as a gateway solution, simplifies the process of enabling single sign-on for non standards-based applications.
SSO FOR APIs AND MOBILE APPLICATIONS
Your workforce and partners are using mobile devices and applications more often to get work done, which has driven the widespread use of APIs. However, API security and scalability can be threatened by the constant collection and replay of multiple usernames and passwords.
Together, PingFederate and PingAccess can protect your enterprise’s resources by consolidating and securing identity-driven web SSO authentication and API authorization and access. PingAccess provides the authorization and access management for both web applications and APIs and uses PingFederate for its authentication and federation capabilities.