-
06/30/2021
FIPS 140-2 Is Now Available to Support FedRAMP Compliance
Federal Information Processing Standard (FIPS) 140-2 compliance requires that software use only a strict set of cryptographic features and practices. With the new FIPS mode, PingAccess gives our customers this high level of security with a simple switch, enabling it to be deployed in compliance with FedRAMP. In addition, PingAccess 6.3 adds support for API Gateways and new features for modern web developers. These features make it easier to support modern apps, empowering IAM teams with centralized access control and access auditing thus improving security and reducing risk.
See Release Notes -
03/16/2021
Leverage PingAccess for Centralized API and Single Page App Access Control
With PingAccess 6.3 beta, admins can now configure sideband API clients, such as API Gateways, to request access decisions from PingAccess. Furthermore, additional JWT signing algorithms make it simpler to integrate with single page applications to provide a single pane of glass for all access control needs. Finally, admins can enable redirectless authentication when configuring authentication challenge policies with PingFederate.
See Release Notes -
02/10/2021
Easily Protect Your Single-Page Applications Using Our Developer's Guide
Developers can use this guide to take advantage of the features that we have recently made available to protect Single-Page Applications (SPAs). The Github posting includes explanations, containers using our DevOps tooling to stand up local instances of PingFederate and PingAccess, and a basic To-Do List SPA, which demonstrates an example of using identity information to secure a SPA.
See GitHub -
12/17/2020
Accelerate Time to Value for Securing Single Page Applications (SPAs)
Application owners can now use authentication challenge response policies in PingAccess to send custom responses to SPAs, removing the need to modify application code to accept standard responses. Furthermore, SPA resources which don’t correspond to an application resource (e.g. those with no URL path) can now be easily defined and protected in PingAccess.
See Release Notes -
09/17/2020
Updates Improve Customer Experience and Simplify Administration
With this beta release, customers can now view the details of a transaction before approval by including custom scopes in OIDC backchannel authentication requests. In addition, administrators can now more easily configure identity mappings with an option to add all attributes, as well as segregate admin accounts by using a separate token provider.
See Release Notes -
06/08/2020
Enhanced Authorization Logging With Agent Details
PingAccess agents can now send informational headers that can be included in PingAccess logs (version 6.0 or higher required). This ensures that administrators know the active agents deployed, their versions, hostnames, and the platforms where they reside. Improvements also include admins being able to send arbitrary strings, which can be logged for agent inventory purposes for better reporting.
See Documentation -
06/17/2020
Simplify and Enhance Security with Automated Deployments and Risk Based Authorization
Customers can now automatically import configurations on startup, and upgrade configurations on import. Further simplifying administration, resources can be defined using query parameters in addition to specific path parameters. Customers can also enhance security by using an integration with iovation Fraudforce to check device health before granting resource access, and by configuring PingAccess to validate certificates on Mutual TLS Connections.
See Release Notes -
05/10/2020
PingAccess Release 6.0.3
PingAccess 6.0.3 is a cumulative maintenance release for PingAccess 6.0, which introduced several new features, including ACME certificate management, Amazon CloudHSM support, and a simplified upgrade process, along with several other enhancements.
see release notes -
03/18/2020
New Capabilities Boost Security, Simplify Administration and Troubleshooting
To improve security, PingAccess can now authenticate to supported OIDC identity providers such as PingFederate and Microsoft Azure Active Directory using mutual TLS, and check the validity of certificates used when proxying a mutual TLS client connection to protected applications. Administration has been made easier with the relocation of key pair assignments for HTTPS listeners, as well as the logging of complete requests and responses for troubleshooting. Note: this is a beta release.
see release notes -
12/18/2019
Advanced Security and New Administrative UI with PingAccess 6.0
Increase security by automating the lifecycle of HTTPS certificates via Automated Certificate Management Environment (ACME) and storage of HTTPS and client private keys in an Hardware Security Module (HSM). Additionally, the new administrative UI is much faster, providing an even better admin experience in large deployments, and the upgrade process has been simplified allowing administrators to work more and wait less.
See release notes -
11/22/2019
PingAccess Release 5.3.2
PingAccess 5.3.2 is a cumulative maintenance release which introduced several new features, including performance enhancements, logging improvements, simplified PingFederate configuration, and greater control over trusted certificate groups, along with several other enhancements.
See release notes -
10/11/2019
PingAccess 5.3.1 Release
PingAccess 5.3.1 is a cumulative maintenance release for PingAccess 5.3, which introduced several new features including performance enhancements, logging improvements, simplified configuration with PingFederate, and greater control over trusted certificate groups, along with several other enhancements.
See release notes -
9/19/2019
PingAccess 6.0 Beta Increases Security Granularity with CIBA and PKCE Support
A new rule type enabled by added support for the Client Initiated Backchannel Authentication (CIBA) standard allows PingAccess to perform one-time authorizations for defined high-risk transactions like a high-dollar transfer. Additionally, support for Proof Key for Code Exchange (PKCE) has been added to increase security by preventing interception attacks with a dynamic one-time cryptographically secure code and verification mechanism between PingAccess and the OpenID Provider (OP).
See release notes -
8/13/2019
Access Security at Massive Scale with PingAccess 5.3
Performance and logging enhancements have been implemented to efficiently provide access security to thousands of applications, with customers able to monitor health for all of these resources with additional logging capabilities that include startup and response times. To further reduce administrative efforts, a new web session scope and JWT identity mapping exclusion lists have also been added in this release. In addition, the PingAccess Agent for Nginx Plus has been updated to support R18.
See release notes -
6/28/2019
PingAccess Agents Updated for Increased Flexibility
Organizations leveraging PingAccess for agent based protection of resources now have more configuration options. The PAAEnabled directive can now be used inside a directory or location container. Additionally, the ability to set policy caching mechanisms using a property in the agent.properties file has been added. Finally, functionality to enable or disable agent processing for requests based on a note field is now available. The following agents have each received these updates:
- Agent C-SDK 1.2.0 SLES12 Apache2.4
- RHEL6 Apache2.2 Windows VC14
- RHEL7 Apache2.2 IIS agent
- RHEL6 Apache2.4 NGINX R15
- RHEL7 Apache2.4 NGINX R16
- SLES11 Apache2.2 SLES11 Apache2.2
See "Agents and Integrations" in PingAccess Documentation -
6/28/2019
Further Simplify WAM Migration and Coexistence
Organizations can now apply granular authorization policies for applications running on Apache for Windows (VC14+ 64-bit) with a new agent. WAM coexistence has also been made easier with Apache PingAccess agents able to run in conjunction with legacy WAM agents, with the flexibility to enable or disable agent processing as needed.
See release notes -
5/31/2019
Announcing PingAccess 5.2.3
PingAccess 5.2.3 is a cumulative maintenance release for PingAccess 5.2.
See the 5.2.3 release notes -
4/22/2019
Announcing PingAccess 5.2.2
PingAccess 5.2.2 is a cumulative maintenance release for PingAccess 5.2, which introduced several new features, including a customizable reserved application path, support for decrypting ID tokens, and support for PingOne for Customers as the token provider, along with several other enhancements. This maintenance release resolves several important issues to include fixes to the heartbeat endpoints, OIDC authentication delays, POST preservation problems along with other minor issues.
See the 5.2.2 release notes -
3/22/2019
Support for NGINX Agent
We expanded the platform support for PingAccess by releasing a new version of the NGINX Agent that supports both r16 and r17 of the NGINX Plus server. That new agent is available from the PingAccess Downloads site.
See release notes -
3/22/2019
Adds functionality to modernize WAM solutions
This beta release of PingAccess 5.3 adds customer-requested functions to help with the modernization of their Web Access Management solutions. This includes allowing administrators to view OIDC metadata that is available from the configured token provider.
See the 5.3 Beta release notes -
06/26/2018
Announcing PingAccess Policy Migration
PingAccess Policy Migration (PA PM) is a new product that removes the burdensome and error-prone processes involved in manually migrating hundreds of policies from your legacy WAM system to PingAccess. PA PM allows you to maintain your existing network architecture with options to migrate to agent or proxy configurations. During migration, PA PM also enables you to review corresponding import and export values to ensure accuracy, as well as troubleshoot common mapping and export errors.
learn more -
06/15/2018
Simplify Migration from Legacy WAMs with PingAccess 5.1
The newest PingAccess release makes it easier for customers to migrate from legacy WAMs and modernize their IAM environment by increasing flexibility to match existing deployment architectures and incorporate data from API-enabled systems like mobile device management solutions and threat detection systems to make better access decisions.
release notes
