Identity Federation Hub

Identity Federation Hub

Connect all identity types to the applications and resources they need

what it solves

Federate Beyond Your Workforce

Today’s modern enterprises serve multiple different identity types, from workforce to customers to partners. This complex ecosystem is most effectively managed by identity federation, which provides a bridge to connect all of those different user identities in one place and reduces your administrative overhead. A versatile federation solution can solve your current and future identity management challenges. As your organization evolves to allow more users to securely access the applications they need, a single authentication authority will be essential.

Using PingFederate, any user can connect to any application or service.
how it solves it

Bridge Identity & Service Providers

In order for a large complex enterprise to enable any workforce, partner, or customer user to access any resource, a robust identity federation solution is required. A federation hub that supports multiple identity standards, like PingFederate, makes it faster and more cost effective to provide secure access for all users. Here are some ways you can deploy PingFederate to bridge an identity provider (IdP or authentication provider) and service provider (SP or application) to address your authentication and access needs:


  • IdP to SP

    Legacy authentication meets modern application. As a large, long-standing enterprise, you likely have legacy authentication schemes that do not leverage modern identity standard or protocols. At the same time, your workforce needs to access new SaaS applications or resources built on the latest open identity standards. In order to connect your workforce to new applications, such as Salesforce or O365, and older applications you will need PingFederate’s federation hub capabilities to bridge and translate across older authentication sources, multiple standards and modern applications.

  • IdP to Many SPs

    Existing authentication meets new application portfolio. Mergers and acquisitions are commonplace amongst global enterprises. When a company makes an acquisition, it is often the case that employees of the acquired company need to gain access to a portfolio of new applications that the parent company offers, such as corporate expense reporting, business spend and cloud storage sites like Concur, Coupa and Egnyte. In most cases, the acquired company has an existing authentication method already in place. To streamline access to the new applications, PingFederate bridges the acquired company’s existing authentication method to all of the parent company’s applications.

  • Many IdPs to SP

    Connect multiple partners to your enterprise application. Your enterprise’s partner network is an essential part of your business operations. To securely and easily manage multiple partners’ access to your enterprise’s partner site, such as Microsoft SharePoint, your application needs to connect to each of those partners’ authentication methods, which often differ from your enterprise’s authentication method. PingFederate has the ability to out-of-the-box connect to multiple authentication methods and give all of your partners secure access to the relevant enterprise applications they are entitled to.

  • Many IdPs to Many SPs

    Access an application portfolio via multiple authentication methods. Most global enterprises today have multiple authentication methods deployed because authentication requirements vary across geographic regions, business units, or as a result of M&A activity. At the same time, global enterprises have defined application portfolios that specific users need to access. For example, the global finance organization may have a suite of applications it needs to access via multiple authentication methods. PingFederate’s federation hub capabilities can satisfy this complex use case by providing access to the global finance team’s application portfolio for each finance employee, regardless of the employee’s geographic or business unit authentication method.

get the guide
how it solves it

Identity Provider Initiated SSO

Enterprises are focused on improving user experience for all, whether that is customers, partners, or their own employees. One way to improve user experience for your employees is through a consistent single sign-on (SSO) experience initiated by an IdP. With PingFederate, enterprises can streamline how their workforce accesses all of their corporate applications. A single set of credentials gives the employees access to a corporate dock where they can open each of their applications with a single click. If desired, enterprises can even challenge users to provide additional authentication factors in order provide employees access to their applications.


Identity provider initiated SSO
how it solves it

Service Provider Initiated SSO

Enterprise employees demand flexibility in how they access corporate resources. Often times employees need immediate access to an application such as and directly visit that application’s website instead of going through their corporate dock. With PingFederate, users can still leverage their SSO credentials to have the application begin the SSO process and minimize password sprawl.

how it solves it

SSO-enable Your Non Standards-based Apps

Many enterprises have older applications that were built with proprietary identity flows and protocols, or they were built before modern identity standards were developed. Rather than reconfigure your older applications to enable SSO, you can leverage the combined power of PingFederate and PingAccess. When combined with PingFederate, PingAccess, acting as a gateway solution, simplifies the process of enabling single sign-on for non standards-based applications.


get the white paper
how it solves it

SSO for APIs and Mobile Applications

Your workforce and partners are using mobile devices and applications more often to get work done, which has driven the widespread use of APIs. However, API security and scalability can be threatened by the constant collection and replay of multiple usernames and passwords.


Together, PingFederate and PingAccess can protect your enterprise’s resources by consolidating and securing identity-driven web SSO authentication and API authorization and access. PingAccess provides the authorization and access management for both web applications and APIs and uses PingFederate for its authentication and federation capabilities.

How SSO for APIs and Mobile Applications work.
how it solves it

SSO to Web Services

Today’s complex enterprises must provide access to web services leveraging numerous versions of identity federation standards, such as SOAP and WS-Trust. In order to support a heterogenous application environment, enterprises need a modern federation service that supports universal token translation and a security token service (STS). PingFederate enables the enterprise to extend SSO by generating tokens using the necessary identity standard to give users secure access to a variety of web services.


read the article

Take the Next Step

See how Ping can help you stay ahead of the curve in a rapidly evolving digital world.