datasheet

PingID

download pdf

PingID® is a cloud-based, adaptive multi-factor authentication (MFA) solution that balances secure access to applications with ease of use for the end user, while allowing businesses  to define and enforce authentication policies that are tailored to their needs.

 

FAST AND EASY MULTI-FACTOR AUTHENTICATION


PingID provides organizations with a fast and easy way to deploy MFA for a wide range of use cases without draining IT resources. From protecting workforce apps accessed via web single sign-on (SSO), to integrating seamlessly with Microsoft Azure AD, Active Directory Federation Services (AD FS) and Windows Login, to embedding advanced MFA functionality directly into your own mobile app—PingID has you covered.

 

 

PingID is designed to support a wide range of customer, partner and workforce use cases. PingID comes with multiple implementation options including the PingID mobile application for Apple and Android devices that is fully managed by Ping Identity, the PingID desktop app, PingID APIs, and PingID SDKs that allow you to embed multi-factor authentication capabilities directly into your Apple and Android mobile applications. PingID supports a wide range of  authentication methods, can integrate in minutes, and is versatile enough to secure all your applications and services regardless of where they’re hosted.

PingID App For Employees and Partners

 

HOW IT WORKS

 

When an administrator enables the PingID App, the user is prompted to walk through a self-registration process to register their device. First, they install the PingID App on their Apple or Android phone or tablet. Next, they scan a QR code to pair their device. Once registered, the PingID App is ready for use. If the user does not have an Apple or Android device, they can elect to authenticate using one-time passwords (OTPs) that are sent via SMS, voice call or email. Alternatively, they can utilize a YubiKey hard token or the Windows or Mac desktop applications. The PingID service adds adaptive multi-factor authentication to PingOne®, PingFederate®, PingAccess®, third party applications, Secure Shell (SSH) applications, Windows Login/RDP or any RADIUS compliant VPN server or remote access system.


Plus, PingID’s integrations with Microsoft Azure AD and Active Directory Federation Services (AD FS) enable it to provide convenience and security for hybrid IT environments that utilize a mix of on-premises, private cloud and SaaS applications, many of which are non-Microsoft. Our PingID solution makes leveraging Office 365 and Azure AD easier, more secure and productive for your enterprise. Whether your user’s journey starts with authenticating via on-premises Active Directory or cloud-based Azure Active Directory, the user experience is the same: seamless, secure access to all applications, regardless of where they reside.

 

BALANCE SECURITY AND CONVENIENCE

When policy dictates the need for strong authentication, the PingID service will send a notification to the user’s smartphone through the PingID App. On iOS and Android devices, this is sent via the Apple or Android notification service, eliminating the expense of sending an SMS or voice call. The notification prompts the user to swipe in the device’s PingID App to be authenticated. The PingID App also includes native Apple watch support. In the event a user is unable to get a signal to their mobile phone, an offline mode is available where the PingID App generates an OTP. Alternately, the OTP can be delivered via SMS, voice, email or desktop application. Finally, a YubiKey hard token can also be used in sensitive environments or for users without device or phone access. The registration and authentication process is localized and branded. Users can also self-manage their trusted authentication devices.

 

USE FACIAL RECOGNITION OR FINGERPRINT AS AN AUTHENTICATION FACTOR
 

For the ultimate in convenience, the PingID App can be configured to use facial recognition or the fingerprint reader on the registered device. After the notification is sent to the phone through the PingID App, the user will simply touch the fingerprint reader or conduct a face scan for authentication. This is an optional feature that works with Apple’s Face ID, Touch ID and select Android devices.

 

 

 

DEFINE ADAPTIVE AUTHENTICATION POLICIES TO MEET YOUR ENTERPRISE’S NEEDS

 

To meet your enterprise’s specific security needs, administrators can define advanced authentication, pairing and device posture policies, such as:

  • Limiting MFA to specific groups, IP addresses or applications.

  • Employing geo-fencing to skip MFA requirement if trusted device is accessing from a “secure” location or network.

  • Restricting devices that are rooted or jailbroken through root detection.

  • Defining sessions that allow users to avoid prompt for MFA if authenticated within a predefined amount of time (hours, minutes, days, etc.).

PingID SDK for Customers


HOW IT WORKS

 

PingID has a mobile SDK for Apple and Android that enables you to embed multi-factor authentication capabilities natively into your own mobile application. This allows you to deliver convenient and secure MFA to your customers, without requiring them to download a separate application.

 

ENHANCE EXISTING AUTHENTICATION WORKFLOWS

The PingID SDK can send push notifications, the most secure and convenient method of second-factor authentication, during web, mobile web, call center, face-to-face, high-value transactions or any other customer interaction. Also, the PingID SDK supports OTPs sent via SMS, voice or email, which can be used as a backup authentication method when push notifications aren’t an option for the user. Additional device-based context can also enhance security during mobile app authentications. The security PingID SDK adds through your native mobile app is a benefit you can promote to customers to drive mobile app adoption. The PingID SDK augments your existing authentication workflow. Customers who have your app benefit from additional MFA security. Customers who don’t aren’t required to download it and can instead utilize your existing authentication process.

 

SUPPORT OUT-OF-BAND WEB AUTHENTICATION

 

PingID SDK allows you to require approval from a customer-defined, trusted device when a customer attempts to log in to a web application. You also have the option to achieve passwordless authentication by requiring customers to enter only their username and allowing PingID SDK’s MFA capabilities to replace their password.

 

MANAGE TRANSACTION APPROVALS
 

You can require strong, out-of-band authentication for high-value transactions. These transactions may include transferring funds, making purchases, updating account information and more. Transaction details can also be sent to the customer’s trusted device so they know exactly what they’re approving. Selectively requiring MFA to approve high-value transactions allows you to mitigate a significant amount of security risk with little effect on customer experience.

 

STRENGTHEN SECURITY WITH TRUSTED DEVICE AUTHORIZATION
 

Mobile app authentication can be strengthened by ensuring that customers are authenticating from a trusted device. This ensures a user-friendly, secure mobile app login experience for customers, while preventing hackers from using stolen credentials to authenticate from apps on untrusted devices. PingID can also integrate with leading enterprise mobility management (EMM) and mobile device management (MDM) solutions such as Microsoft Intune, VMware AirWatch and MobileIron to make policy decisions based on the user’s device posture, which mitigates security risks.

 

ENABLE CUSTOMER-MANAGED NETWORK OF TRUSTED DEVICES
 

PingID SDK lets your customers self-manage their own network of trusted devices. Initially, customers can add a primary trusted device by simply authenticating from your mobile application and utilizing behind the scenes pairing. They can also add a trusted device manually through an authorization code delivered by a secure process that you define. From their primary device, customers can add other trusted devices, change their primary device and add devices with reduced permissions. PingID SDK’s APIs allow you to build interfaces into web or mobile applications for customers to self-manage their trusted device networks.

 

 

SIMPLIFY ADMINISTRATION
 

From a single, user-friendly administrative interface you can set up and manage new applications that utilize PingID’s mobile SDK, manage users, and run transaction and user reports. A single PingID SDK tenant can be utilized for multiple mobile applications and managed from an easy-to-use administrative portal.

 

 

PingID App and PingID SDK Specifications

 

Related Resources