download pdf

PingAccess Solutions

federated access management

PingAccess has been integrated with PingFederate® to create a federated access management solution—the cornerstone of Identity Defined Security. This allows enterprises to adapt to mobile workforce trends and customer identity requirements beyond the firewall. Unlike legacy WAM products, PingAccess and PingFederate harness open standards like SAML, OAuth and OpenID Connect to enable secure web single sign-on (SSO), protect APIs and provide centralized, dynamic session management. Open standards prevent vendor lock-in and accelerate application development to enable IT to manage access consistently, no matter where users, devices or applications are located.




PingAccess can quickly and easily enable web application SSO. Using PingFederate for authentication and token services, both internal and external users get access to applications without compromising security. PingAccess can also co-exist with legacy WAM products while applications are migrated along normal development cycles.


  • Enable web SSO and centrally manage sessions and access policies for any application.
  • Apply access policies at the URL level with an extensible rules engine.
  • Ensure that users are signed on with an appropriate authentication level.
  • Reduce maintenance and licensing costs by migrating applications away from legacy WAM and IAM products.




PingAccess offers architectural flexibility with both gateway and agent-based deployment options, allowing IT to choose the model appropriate for their environment. The gateway model offers a high-performance reverse proxy that can centrally protect any number of applications. Alternatively, agents installed directly on the servers provide the same access control, web session management and identity-based auditing features as the gateway option without requiring network or infrastructure modifications.






  • Web and API access management
  • Integration with existing IAM infrastructures
  • Dynamic authentication policy enforcement
  • Identity-aware content rewriting and auditing
  • Centralized policy management
  • Gateway and agent deployment models




  • Easily integrate with web applications and APIs
  • Manage sessions for internal and external users
  • Protect and control access to web apps and APIs
  • Deploy in less than 30 minutes
  • Audit all access correlated by identity and context



Whether the application has an agent deployed or is expecting an HTTP header, an X.509 client certificate or a legacy WAM token, PingAccess can easily integrate with existing applications without code or architecture changes.




PingAccess is designed to embrace standards and avoid vendor lock-in. It uses a JSON Web Token (JWT) to maintain session information and leverages OpenID Connect for user authentication. PingFederate maintains session revocation lists and provides dynamic attribute fulfillment based on these tokens, so user sessions and entitlements are always current. PingAccess also supports signed JWT tokens giving enterprises a more secure and verifiable way to pass user information to back-end sites.




The PingAccess gateway handles tens of thousands of transactions per second with advanced clustering and replication as well as intelligent rate limiting. Built-in load balancing allows PingAccess to distribute requests across multiple back-end servers, reducing network complexity and infrastructure costs. PingAccess is supported on standard operating systems deployed on bare metal or in virtual environments.


PingAccess Agents


  • Provide a one-to-one replacement option for migration from your current WAM architecture
  • Support for Apache, IIS, and IBM HTTP web servers as well as industry first support for the popular open source NGINX Plus web server
  • Built on an open agent protocol with a supported SDK that customers and partners can use to build their own agents




  • Supports the current WAM deployment models and enables a proxy-based architecture
  • Open and lightweight agent protocol with advanced caching directives
  • Agents are decoupled from the PingAccess policy server so that they can be upgraded independently

Related Resources

  • Webinar

    Bank of America’s WAM Modernization with KPMG LLP 

    get the webinar
  • guide

    Security Leader's Guide to Access Security

    get the guide
  • analyst report

    Gartner Magic Quadrant for Access Management, Worldwide 2018

    read the REPORT