Identity experts may be familiar with the ins and outs of what makes a good identity repository and why those things are important. However, those aspects aren’t always apparent to other groups, like application developers. No vendor will ever admit that their user store isn’t flexible, scalable or secure. Those are all very vague concepts with a lot of room for varying definitions of what flexibility, scalability and security mean.
We often state that PingOne for Customers is “built on PingDirectory,” a user store that helps manage and secure identity data for some of the world’s largest enterprises. Now, let’s dive into what goes into that statement. We’ll break down what makes the user store built into PingOne for Customers both easy for developers to use and one of the most powerful directories on the planet—and why those things matter to you and your users.
Flexibility is the key
Flexibility is a key term for developers. When you’re dealing with consumer identities, no one-size-fits-all solution exists for storing user data. Your users and the data you store about them are probably very different from those of other companies, even your direct competition. You may even have different types of consumers that interact with your app. Your app has to be able to query and access that data. Doing all of that requires a few specific capabilities in your cloud user store.
Build the exact user table you need with custom attributes
While user profiles often have common attributes such as first name, username and email that most companies will store, there may be preferences unique to your application. You may need to store things about users like their favorite_snapchat_filtersor some other attribute that is unique to the services your app provides. As basic as it seems, the ability to store these unique attributes isn’t guaranteed in all cloud user stores.
Store complex user data with unstructured JSON attributes
You may need to store even more complex data about your users. For example, say you want to store their browser fingerprint or a list of their favorite bands. That’s much more than just a text string or integer. For those items, a JSON object may be more appropriate. Your app is probably used to handling JSON objects anyway, so why not store them like that right in your cloud user store? A cloud user store that allows you to store unstructured JSON objects can make your user store much more flexible.
Store multiple types of users with different attributes
In addition to crafting one complex user schema that consists of custom attributes and JSON, you may have several different user types, each with different attributes. In these situations, it will make sense to have multiple different user schemas across your application portfolio. Oftentimes, having that capability in a single cloud user store is impossible. Since PingOne for Customers has a powerful user store architected into it, it allows as many user types as you need.
Fast, easy queries of customer data
Even if a user store allows all those things, there’s a chance that it’ll increase the time it takes to query your user data, which can ultimately affect your end-user experiences. With PingOne for Customers, you can query custom attributes, JSON and other user data across different user types quickly and easily. This helps ensure that you can see the user data you need, and that your users have lightning fast experiences with your application.
A reliable user store for better user experiences
Your users count on you to deliver fast and responsive experiences. If you don’t, plenty of your competitors will. Kissmetrics says that 40% of consumers will abandon a website that takes more than three seconds to load. Stats like that illustrate just how demanding consumers are. One of the most common interactions your users have with you is to log in. Additionally, every time your app needs to grab updated customer data, it’s relying on your cloud user store. It's critical to your customer experience that your user store has proven response time.
Enhance your customer experience with high availability and blazing fast response times
PingDirectory, which is the foundation of PingOne for Customers, was originally built to serve the most demanding telecommunications companies and banks with hundreds of millions of identities and complex queries. It doesn’t always take hundreds of millions of users to make a user store slow down or crash. Some directories may stumble at just a few million identities. On top of that, you have to ensure it can support the number of users you’d like to have vs. the number that exists today. Bottom line: It’s critical to ensure that your user store can be responsive even with millions of identities. In that department, PingOne for Customers has you covered.
Give your customers access during peak usage
In addition to storing a large number of users on an ordinary day, you have to also think about peak usage. Whether it’s a foreseen peak usage scenario like Black Friday for retailers or tax day for an e-filing app, or an unforeseen one such as a marketing campaign that goes viral, it’s critical that your user store stays available during those times. Not only are peak usage situations the most likely time for your user store to go down, but they’re also the most costly. Imagine a retailer going down on Black Friday or Cyber Monday. Fifteen minutes where users couldn’t log in might cost them as much revenue as they would lose during a full day of outages at any other time in the year.
Protect your customer privacy and their data
In addition to delivering amazing user experiences with your applications, your users also expect you to protect their data. This means not only ensuring that hackers don’t get their hands on it, it also may mean ensuring their data is stored in a location that complies with local privacy constraints. User stores have a big role to play in that regard.
Protect your customer data. Everywhere.
PingOne for Customers goes the extra mile in encrypting customer data. It’s encrypted on disk where it’s stored, in log files, backups and memory caches, and can only be passed through encrypted channels like TLS. These precautions ensure that no one who isn’t supposed to will have access to unencrypted customer data.
Ensure convenient and secure password requirements
Managing passwords can be a tricky business. PingOne for Customers secures passwords in ways you may never—and shouldn’t have to—think about. It ensures your users have strong passwords by checking against a number of common pitfalls that users succumb to. These include checking against common passwords, ensuring that it isn’t a weak password, and confirming that no portion of the password matches one of the customer's attributes.
Isolate data so only the necessary parties can see it
Having only a single data store where you store all of your customer data makes sense if you only have one app and one type of user. However, when you have many apps and environments with various user types that are all managed by different business units, data isolation becomes a priority. The PingOne for Customers user store has the ability to isolate data at the data layer. That way, if you have a PingOne for Customers account with multiple tenants and user populations, no one tenant will ever be able to see users from another. This not only reduces the attack surface, but it enables architects to model secure on-premises architectures within PingOne for Customers.
Facilitate your migration to the cloud
It seems that everyone, even large enterprises, is becoming more and more comfortable with moving their user data to the cloud. For small businesses, that transition can be as simple as uploading an Excel spreadsheet containing user data into a cloud user store. But it’s seldom that simple for large enterprises. Even if an isolated app dev team within the enterprise is launching a net new app, it will likely need to be connected someday to the rest of the enterprise's identity infrastructure to facilitate a cohesive user experience across all channels.
PingOne for Customers offers the ability to use a data synchronization tool to bidirectionally sync user data with on-premises directories. During the period of time—possibly a very long period of time—between your cloud-first initiative kicking off and when you actually get everything to the cloud, you can still maintain a cohesive unified profile between applications using the PingOne for Customers cloud user store and those still using on-premises customer identity and access management solutions.
A powerful cloud-delivered customer identity solution
The user store underneath cloud identity solutions should not be taken at face value. Arbitrary claims of security, flexibility and scalability should be verified against the use cases you need to solve. Those include capabilities immediately beneficial to developers, like adding custom attributes and storing JSON. Beyond that, it means verifying the way it manages passwords and supports peak usage scenarios. It also has to consider things like data isolation and data encryption. Finally, since enterprises usually can’t just upload a spreadsheet of user data into a cloud user store, the ability to synchronize data between on-prem user directories and cloud user stores is critical for helping to facilitate enterprise migrations to the cloud.
PingOne for Customers is much more than just a powerful user store. It’s a powerful cloud-delivered customer identity solution that enables development teams to get secure identity services—like authentication, registration, multi-factor authentication (MFA) and many more—into their apps quickly and easily using developer-friendly APIs.