a good thing!
With PingAccess 6.3 beta, admins can now configure sideband API clients, such as API Gateways, to request access decisions from PingAccess. Furthermore, additional JWT signing algorithms make it simpler to integrate with single page applications to provide a single pane of glass for all access control needs. Finally, admins can enable redirectless authentication when configuring authentication challenge policies with PingFederate.
To improve security, PingAccess can now authenticate to supported OIDC identity providers such as PingFederate and Microsoft Azure Active Directory using mutual TLS, and check the validity of certificates used when proxying a mutual TLS client connection to protected applications. Administration has been made easier with the relocation of key pair assignments for HTTPS listeners, as well as the logging of complete requests and responses for troubleshooting. Note: this is a beta release.
PingAccess agents can now send informational headers that can be included in PingAccess logs (version 6.0 or higher required). This ensures that administrators know the active agents deployed, their versions, hostnames, and the platforms where they reside. Improvements also include admins being able to send arbitrary strings, which can be logged for agent inventory purposes for better reporting.
With this beta release, customers can now configure the end user’s logout experience on a per-application basis, allowing them to "onboard" more applications without making changes to application code. Customization options include whether or not to use the OIDC Provider’s single logout (SLO) feature to logout of all application sessions, and where to redirect the user’s browser after logout.
PingAccess 6.0.3 is a cumulative maintenance release for PingAccess 6.0, which introduced several new features, including ACME certificate management, Amazon CloudHSM support, and a simplified upgrade process, along with several other enhancements.
Performance and logging enhancements have been implemented to efficiently provide access security to thousands of applications, with customers able to monitor health for all of these resources with additional logging capabilities that include startup and response times. To further reduce administrative efforts, a new web session scope and JWT identity mapping exclusion lists have also been added in this release. In addition, the PingAccess Agent for Nginx Plus has been updated to support R18.
Developers can use this guide to take advantage of the features that we have recently made available to protect Single-Page Applications (SPAs). The Github posting includes explanations, containers using our DevOps tooling to stand up local instances of PingFederate and PingAccess, and a basic To-Do List SPA, which demonstrates an example of using identity information to secure a SPA.
With this beta release, customers can now view the details of a transaction before approval by including custom scopes in OIDC backchannel authentication requests. In addition, administrators can now more easily configure identity mappings with an option to add all attributes, as well as segregate admin accounts by using a separate token provider.
A new rule type enabled by added support for the Client Initiated Backchannel Authentication (CIBA) standard allows PingAccess to perform one-time authorizations for defined high-risk transactions like a high-dollar transfer. Additionally, support for Proof Key for Code Exchange (PKCE) has been added to increase security by preventing interception attacks with a dynamic one-time cryptographically secure code and verification mechanism between PingAccess and the OpenID Provider (OP).
Application owners can now use authentication challenge response policies in PingAccess to send custom responses to SPAs, removing the need to modify application code to accept standard responses. Furthermore, SPA resources which don’t correspond to an application resource (e.g. those with no URL path) can now be easily defined and protected in PingAccess.
Federal Information Processing Standard (FIPS) 140-2 compliance requires that software use only a strict set of cryptographic features and practices. With the new FIPS mode, PingAccess gives our customers this high level of security with a simple switch, enabling it to be deployed in compliance with FedRAMP. In addition, PingAccess 6.3 adds support for API Gateways and new features for modern web developers. These features make it easier to support modern apps, empowering IAM teams with centralized access control and access auditing thus improving security and reducing risk.
PingAccess 5.3.2 is a cumulative maintenance release which introduced several new features, including performance enhancements, logging improvements, simplified PingFederate configuration, and greater control over trusted certificate groups, along with several other enhancements.
PingAccess 5.3.1 is a cumulative maintenance release for PingAccess 5.3, which introduced several new features including performance enhancements, logging improvements, simplified configuration with PingFederate, and greater control over trusted certificate groups, along with several other enhancements.
Organizations leveraging PingAccess for agent based protection of resources now have more configuration options. The PAAEnabled directive can now be used inside a directory or location container. Additionally, the ability to set policy caching mechanisms using a property in the agent.properties file has been added. Finally, functionality to enable or disable agent processing for requests based on a note field is now available. The following agents have each received these updates:
Customers can now automatically import configurations on startup, and upgrade configurations on import. Further simplifying administration, resources can be defined using query parameters in addition to specific path parameters. Customers can also enhance security by using an integration with iovation Fraudforce to check device health before granting resource access, and by configuring PingAccess to validate certificates on Mutual TLS Connections.
Increase security by automating the lifecycle of HTTPS certificates via Automated Certificate Management Environment (ACME) and storage of HTTPS and client private keys in an Hardware Security Module (HSM). Additionally, the new administrative UI is much faster, providing an even better admin experience in large deployments, and the upgrade process has been simplified allowing administrators to work more and wait less.
Organizations can now apply granular authorization policies for applications running on Apache for Windows (VC14+ 64-bit) with a new agent. WAM coexistence has also been made easier with Apache PingAccess agents able to run in conjunction with legacy WAM agents, with the flexibility to enable or disable agent processing as needed.
PingAccess 5.2.1 is a cumulative maintenance release for PingAccess 5.2, which included improved PingFederate integration, improved support for local OAuth token validation, and enhanced support for groovy scripts. This release more tightly integrates PingAccess and PingFederate, which improves performance and exchange of data.
PingAccess has added more options for administrators to tailor the logout end-user experience. Improving the end-user experience reduces frustration, reduces support costs and improves brand perception. Additionally, we added more flexibility in how we handle the digital certificates that are used to secure client connections which is especially helpful during migrations without making time-consuming and costly application changes.
This beta release of PingAccess 5.3 adds customer-requested functions to help with the modernization of their Web Access Management solutions. This includes allowing administrators to view OIDC metadata that is available from the configured token provider.
PingAccess Policy Migration (PA PM) is a new product that removes the burdensome and error-prone processes involved in manually migrating hundreds of policies from your legacy WAM system to PingAccess. PA PM allows you to maintain your existing network architecture with options to migrate to agent or proxy configurations. During migration, PA PM also enables you to review corresponding import and export values to ensure accuracy, as well as troubleshoot common mapping and export errors.
Ping is pleased to announce PingAccess Policy Migration 2.0, which adds tooling for the entire policy lifecycle - migration, testing, promotion, and monitoring - to improve enterprise migration from their legacy access systems.
The newest PingAccess release makes it easier for customers to migrate from legacy WAMs and modernize their IAM environment by increasing flexibility to match existing deployment architectures and incorporate data from API-enabled systems like mobile device management solutions and threat detection systems to make better access decisions.
We expanded the platform support for PingAccess by releasing a new version of the NGINX Agent that supports both r16 and r17 of the NGINX Plus server. That new agent is available from the PingAccess Downloads site.
Ping is pleased to announce PingAccess 5.2, which includes improved PingFederate integration, improved support for local OAuth token validation, and enhanced support for groovy scripts. This release more tightly integrates PingAccess and PingFederate, which improves performance and exchange of data. We also released PingAccess Policy Migration 1.1 that adds support for PingAccess 5.0+ features.