download pdf



PingAccess can quickly and easily enable SSO for web applications and APIs. Using PingFederate for authentication and token services, both internal and external users get access to applications without compromising security. PingAccess can also co-exist with legacy WAM products while applications are migrated along normal development cycles.


  • Enable SSO for web applications and APIs and centrally manage sessions and access policies for any application.

  • Apply access policies at the URL and HTTP method level with an extensible rules engine.

  • Ensure that users are signed on with an appropriate authentication level.

  • Reduce maintenance and licensing costs by migrating applications away from legacy WAM and IAM products.






  • Web and API access management
  • Integration with existing IAM infrastructures
  • Dynamic authentication policy enforcement
  • Identity-aware content rewriting and auditing
  • Centralized policy management
  • Gateway and agent deployment models
  • Support for current WAM deployment models
  • Enablement of a proxy-based architecture
  • Open and lightweight agent protocol with advanced caching directives
  • Agents decoupled from the PingAccess policy server for independent upgrades




  • Easily integrate with web applications and APIs
  • Manage sessions for internal and external users
  • Protect and control access to web apps and APIs
  • Deploy in less than 30 minutes
  • Audit all access correlated by identity and context






PingAccess offers architectural flexibility with both gateway and agent-based deployment options, allowing IT to choose the model appropriate for their environment. The gateway model offers a high-performance reverse proxy that can centrally protect any number of applications. Alternatively, agents installed directly on the servers provide the same access control, web session management and identity-based auditing features as the gateway option without requiring network or infrastructure modifications.



Whether the application has an agent deployed or is expecting an HTTP header, an X.509 client certificate or a legacy WAM token, PingAccess can easily integrate with existing applications without code or architecture changes.



PingAccess Agents


  • Provide a one-to-one replacement option for migration from your current WAM architecture
  • Support for Apache, IIS, and IBM HTTP web servers as well as industry first support for the popular open source NGINX Plus web server
  • Built on an open agent protocol with a supported SDK that customers and partners can use to build their own agents




PingAccess is designed to embrace standards and avoid vendor lock-in. It uses a JSON Web Token (JWT) to maintain session information and leverages OpenID Connect for user authentication. PingFederate maintains session revocation lists and provides dynamic attribute fulfillment based on these tokens, so user sessions and entitlements are always current. PingAccess also supports signed JWT tokens giving enterprises a more secure and verifiable way to pass user information to back-end sites.




The PingAccess gateway handles tens of thousands of transactions per second with advanced clustering and replication as well as intelligent rate limiting. Built-in load balancing allows PingAccess to distribute requests across multiple back-end servers, reducing network complexity and infrastructure costs. PingAccess is supported on standard operating systems deployed on bare metal or in virtual environments.


Related Resources

  • Webinar

    Bank of America’s WAM Modernization with KPMG LLP 

    get the webinar
  • guide

    Security Leader's Guide to Access Security

    get the guide
  • analyst report

    Gartner Magic Quadrant for Access Management, Worldwide 2019

    read the REPORT

Take the Next Step

See how Ping can help you stay ahead of the curve in a rapidly evolving digital world.