PingAccess has been integrated with PingFederate® to create a federated access management solution—the cornerstone of Identity Defined Security. This allows enterprises to adapt to mobile workforce trends and customer identity requirements beyond the firewall. Unlike legacy WAM products, PingAccess and PingFederate harness open standards like SAML, OAuth and OpenID Connect to enable secure web single sign-on (SSO), protect APIs and provide centralized, dynamic session management. Open standards prevent vendor lock-in and accelerate application development to enable IT to manage access consistently, no matter where users, devices or applications are located.
WEB ACCESS MANAGEMENT
PingAccess can quickly and easily enable web application SSO. Using PingFederate for authentication and token services, both internal and external users get access to applications without compromising security. PingAccess can also co-exist with legacy WAM products while applications are migrated along normal development cycles.
Enable web SSO and centrally manage sessions and access policies for any application.
Apply access policies at the URL level with an extensible rules engine.
Ensure that users are signed on with an appropriate authentication level.
Reduce maintenance and licensing costs by migrating applications away from legacy WAM and IAM products.
PingAccess offers architectural flexibility with both gateway and agent-based deployment options, allowing IT to choose the model appropriate for their environment. The gateway model offers a high-performance reverse proxy that can centrally protect any number of applications. Alternatively, agents installed directly on the servers provide the same access control, web session management and identity-based auditing features as the gateway option without requiring network or infrastructure modifications.
Web and API access management
Integration with existing IAM infrastructures
Dynamic authentication policy enforcement
Identity-aware content rewriting and auditing
Centralized policy management
Gateway and agent deployment models
Easily integrate with web applications and APIs
Manage sessions for internal and external users
Protect and control access to web apps and APIs
Deploy in less than 30 minutes
Audit all access correlated by identity and context
Whether the application has an agent deployed or is expecting an HTTP header, an X.509 client certificate or a legacy WAM token, PingAccess can easily integrate with existing applications without code or architecture changes.
PingAccess is designed to embrace standards and avoid vendor lock-in. It uses a JSON Web Token (JWT) to maintain session information and leverages OpenID Connect for user authentication. PingFederate maintains session revocation lists and provides dynamic attribute fulfillment based on these tokens, so user sessions and entitlements are always current. PingAccess also supports signed JWT tokens giving enterprises a more secure and verifiable way to pass user information to back-end sites.
SCALABLE AND READY FOR THE CLOUD
The PingAccess gateway handles tens of thousands of transactions per second with advanced clustering and replication as well as intelligent rate limiting. Built-in load balancing allows PingAccess to distribute requests across multiple back-end servers, reducing network complexity and infrastructure costs. PingAccess is supported on standard operating systems deployed on bare metal or in virtual environments.
Provide a one-to-one replacement option for migration from your current WAM architecture
Support for Apache, IIS, and IBM HTTP web servers as well as industry first support for the popular open source NGINX Plus web server
Built on an open agent protocol with a supported SDK that customers and partners can use to build their own agents
Supports the current WAM deployment models and enables a proxy-based architecture
Open and lightweight agent protocol with advanced caching directives
Agents are decoupled from the PingAccess policy server so that they can be upgraded independently