a good thing!
We're excited to reduce policy administration efforts significantly with the new copy and paste capability in authentication policies, reusable fragments, and between them. Updating policies has never been easier! We're also adding API support for Device Authorization Grant, enabling our customers to create beautiful end-user experiences for their customer identities. Last but not least, we're proud to introduce support for JWT Secured Authorization Response Mode and JWT Response for OAuth Token Introspection, which are essential to Financial-grade API initiatives and Open Banking.
Microsoft has put the Azure AD Graph API on a path to deprecation, with a retirement date planned beyond the end of this year, 2022. The PingFederate Office 365 Connector, versions 2.2 and earlier, and the Azure AD PCV, versions 1.2 and earlier, use the Azure AD Graph API. Consequently, affected adapter versions will not be guaranteed to receive responses from the Azure AD Graph endpoint after the end of this year, 2022. Although Microsoft has yet to announce a specific date of retirement, we recommend prioritizing an upgrade to the latest versions of these adapters to avoid future impact or outage.
PingFederate can use previous secrets for an admin-configurable amount of time. In environments where some or all client secrets must be updated regularly, this new capability reduces the coordination effort between the admins and the OAuth application developers and allows for maximum flexibility.
Are you using the PingOne unified administration console yet? If you’re already using PingFederate or other products from Ping, the PingOne unified admin is a single place for you to access many of Ping’s products, services and resources. Better yet, a helpful guide walks you through the steps for setting up SSO to PingFederate.
Watch the video
The PingOne MFA Integration Kit now returns the state of jailbroken, or rooted, devices. The device state can be leveraged as a risk predictor and for authentication policies. Additionally, the ThreatMetrix Integration Kit now supports advanced configuration options, the Microsoft Cloud Identity Connector introduced additional configuration options for social login and the DUO integration kit is now FIPS compliant.
In this beta release, PingFederate deployed in the cloud can now connect to local directory servers through PingOne, eliminating complex network configurations while maintaining connectivity to on-premise end-user data. In addition, the new Secret Managers support allows customers to store certain credentials, such as data store credentials, in external secret management systems and allows PingFederate to retrieve them as needed. This new capability helps customers comply with internal IT policies or meet and exceed their industry standards.
PingFederate has expanded its social login options to increase convenience for users at registration and login. The new PingFederate Microsoft Cloud Identity Connector includes the Microsoft IdP Adapter. The adapter allows a Service Provider (SP) to leverage Microsoft as an Identity Provider (IdP) for access to applications in the SP domain via the Microsoft API which authenticates users and returns user information. The adapter supports SSO for single and multi tenant directories as well as social login for personal Microsoft accounts.
The updated ThreatMetrix integration kit added adaptive authentication support for mobile and web applications via the PingFederate authentication API. Additionally, the updated ServiceNow integration kit now supports the ServiceNow Quebec release and includes the updated certification and listing of Ping provisioning applications in the ServiceNow store.
PingFederate and PingOne for Enterprise now provide SSO and outbound user and group provisioning integrations to the Contentful CRM platform. Additionally, the new Slack Enterprise Grid integration supports outbound user and group provisioning across multiple workspaces within a single organization, easing administration for central IT departments
In this beta release, OAuth applications can query or revoke authentication sessions on a per-user basis, and close server-side sessions if credentials have been compromised. Additionally, the new Virtual Issuers for OpenID Connect and separate ID Token Signing Key Sets for different issuers eliminate the need to host multiple environments for customers who require distinct branding or regulatory requirements, further reducing complexity and TCO
This integration enhances enterprise security by enabling PingFederate to retrieve the security posture from Jamf Pro managed Apple mobile devices. The integration enables admins to make policy decisions based on the employee’s device posture, which mitigates the risk of corporate resources being accessed from unmanaged devices.
PingFederate 10.2.2 is a cumulative maintenance release for PingFederate 10.2.
PingFederate's ServiceNow Provisioning Connector is now certified to work with ServiceNow Paris, the latest version of the IT service management solution. The connector includes a quick connection template to simplify the configuration of single sign-on, outbound user provisioning, and user lifecycle management. To set up provisioning, you can install the connector from ServiceNow's Marketplace.
Has been updated to include a number of improvements to fix issues with SameSite cookies and an issue that caused the adapter to ignore the cookie settings in the agent configure file.
Adds support for the PATCH method for group updates which is important for performance optimizations when adding a large number of users to groups.
The ServiceNow Provisioning Connector has added support for the Paris version of ServiceNow.
Allow enterprises to use Ping Identity products for attribute-based access control (ABAC) in the AWS Identity and Access Management (IAM) and AWS Single Sign-On (SSO) services.
PingFederate admins can now personalize user registration with a combination of conditional tasks based on user input, and required tasks such as completing a terms of service agreement. Additionally, you can now provide customers logging in with Apple, GitHub, Amazon, LinkedIn and Twitter with a simpler login experience through a pop-up window instead of redirecting them to their social identity provider.
PingFederate now provides a “once and done” integration with PingOne, enabling admins to add PingOne MFA, PingOne Risk Management and upcoming additional PingOne services in the future with a single connection. This month, PingFederate also added out of the box integrations for single sign-on, provisioning and deprovisioning to over 300 newly added SaaS applications.
Duo Security’s Universal Prompt is a redesign of their authentication experience, which includes a migration of their authentication prompt from an embedded iframe within a customer’s application to a Duo hosted page. The Duo Security Integration Kit 3.0 supports this update and more, including Duo’s updated Web SDK as well as the PingFederate Authentication API.
Provides the ability to customize the ciphers used in outbound HTTP requests to RSA for granular security controls. Additionally, it enables improved error handling when the username and passcode fields are left blank.
The PingFederate AWS Single Sign-On Connector enables enterprises to provision users and groups to Amazon Web Services. You can assign user permissions based on common job functions and customize these permissions to meet your specific security requirements. Additionally, the PingOne MFA Integration Kit 1.0 allows PingFederate to integrate with the cloud-based PingOne MFA service for customer MFA.
Our beta release of PAR support enables your applications to send authorization requests, which can include sensitive customer data, directly to PingFederate instead of exposing this data to a browser. PAR is critical to complying with privacy regulations, such as Open Banking in the UK and Consumer Data Right in Australia.
Customers can now sign in to your applications without being redirected to another page using our Facebook and Google cloud identity connectors, or with our Agentless Integration Kit’s added support for the PingFederate authentication API. We’ve also automated the provisioning of leads and contacts with the new Salesforce Contacts integration.
PingFederate 10.0.5 is a maintenance release of version 10.0. This maintenance release includes several fixes to existing functionality. For customers who want to stay with version 10.0, it is recommended that they upgrade to this maintenance release.
PingFederate 10.1.1 is a maintenance release of version 10.1. This maintenance release includes several fixes to existing functionality. For customers who want to stay current with version 10.1 or upgrade to the most current version of PingFederate, it is recommended that they upgrade to PingFederate 10.1.1.
This integration allows PingFederate to leverage a risk score from ThreatMetrix during authentication. ThreatMetrix recognizes devices requesting access and delivers a risk score by evaluating user attributes, past history and suspicious behaviors tied to that device. In turn, PingFederate uses this score to allow, deny or enforce MFA to optimize the balance of user experience and security.
The new Zoom Connector 1.0 allows PingFederate and PingOne to rapidly integrate with Zoom for user provisioning, authentication and single sign-on. It offers user profile attribute support, and allows users to be easily created, updated, disabled or deleted. Further security comes from removing users from Zoom when they leave the organization. The Zoom Connector can be used with or in place of just-in-time-based SAML provisioning. Additionally, Slack, Workplace by Facebook and Salesforce connectors have been updated.
PingFederate 10.0.2 is a cumulative maintenance release for PingFederate 10.0.
The Zscaler Internet Access (ZIA) Connector added enhancements for group synchronization and updates, as well as support for updating certain attributes in ZScaler. Additionally, the SCIM provisioning connector now accommodates new HTTP header types and the ability to configure group retrieval limits. Finally, an update to the LinkedIn Cloud Identity Connector enables the retrieval of user attributes and email addresses using the same instance of the connector.
Several additions in PingFederate 10.0.1 allow you to reduce network traffic and improve response times which are accomplished by updates made to the configuration replication process. Additionally, a new tool has been added to collect PingFederate configuration and log file data to enable support teams.
The PingFederate Workplace by Facebook Connector now includes support for additional user profile attributes. Additionally, Java, Apache Linux and IIS integration kits have also been updated to include SameSite Cookie configurations to support the SameSite cookie flag in web browsers enhancing user security. The SameSite attribute dictates to the browser how a cookie should be treated in scenarios where the user is navigating between sites (or domains).
This release enhances login security through an integration with ID DataWeb’s ongoing global identity verification service. ID DataWeb leverages human identity, environmental context and relationships to build a confidence score, which can be used by PingFederate for risk based, adaptive authentication.
Now supports an additional core contract that includes the serial number of the client certificate. A new adapter configuration has also been added to support the ability to use the client certificate for acceptable issuer validation.
Now supports an additional core contract that includes the serial number of the client certificate. A new adapter configuration has also been added to support the ability to use the client certificate for acceptable issuer validation.
Administrative APIs allow administrators to make one request to bulk export configuration objects in JSON which simplifies the movement of configuration from one environment to another. Additionally, now administrators can apply an in-place patch to update PingFederate to the latest maintenance release which reduces the effort required to keep the current PingFederate up-to-date.
This kit allows PingFederate or PingOne to integrate with ServiceNow for user provisioning and single sign-on. The release adds support for London, Madrid and New York versions of ServiceNow.
PingFederate now enables users to SSO into applications using Apple credentials. The Apple Cloud Identity Connector 1.0 allows a Service Provider (SP) to leverage Apple as an Identity Provider (IdP) for access to applications in the SP domain. It works with the Apple API to deliver a seamless login experience for Apple users.
PingFederate 9.3.3 is a cumulative maintenance release which introduced many new features, such as authentication API, Identifier First Adapter, notification publishers, CIBA support, Amazon CloudHSM support, a streamlined setup experience for PingID VPN use case, and more.
PingFederate customers can more easily take advantage of the latest in device reputation technology by integrating with iovation’s FraudForce solution. During the authentication process, iovation FraudForce recognizes the device requesting access and delivers a risk score by evaluating associated accounts, past history and suspicious behaviors tied to that device. PingFederate can then leverage this risk score when making authentication decisions, such as adaptive policies to enforce MFA with PingID.
PingFederate 9.3.2 is a cumulative maintenance release which introduced many new features, such as authentication API, Identifier First Adapter, notification publishers, CIBA support, Amazon CloudHSM support, a streamlined setup experience for PingID VPN use case, and more.
The recently released Amazon and Github Cloud Identity Connectors work with the Amazon and GitHub APIs to allow PingFederate users to login to applications with credentials from both online services. The general availability release provides support for login, the retrieval of Amazon and GitHub user information and much more to deliver increased user convenience during login.
This beta release continues to build on support for cloud and modernization initiatives, with the inclusion of better support for DevOps and elastic scaling. The effort to upgrade from a previous release or update to the latest 10.0 maintenance release has also been greatly reduced as customers can now upgrade without using the Upgrade Utility.
The Salesforce Connector 7.0 allows PingFederate and PingOne for Enterprise customers to build on existing integrations to SalesForce with new support for provisioning to the Salesforce Community Cloud as well as the ability to create connections to custom Salesforce Domains. The release also reduces administrative efforts with the ability to create multiple Salesforce connections in a single PingFederate instance and by adding support for the latest version of the Salesforce REST API (v46).
The OAuth playground demonstrates the OAuth and OpenID Connect flows and capabilities of PingFederate. The latest release adds support for Client Initiated Backchannel Authentication (CIBA) where user consent can be requested through an out-of-band workflow without redirects through the browser for a greatly improved authentication experience. This includes an updated setup wizard for CIBA configuration and is bundled with a sample email out-of-band authenticator.
.NET Integration Kit 2.5.3 includes an updated OpenToken Agent to improve the way token timestamps are handled.
The PingFederate Integration Kit for RSA SecurID® allows customers to leverage RSA’s MFA capabilities with PingFederate as the identity provider. The update supports the new RSA SecurID authentication API and can now be used with Java 11. Additional features include the ability to configure failover servers, override user identifiers sent to the authentication API, override default proxy connections and configure API connection timeout settings.
The updated integration kit includes a new configuration option, URL Encode Cookie Values, which will be enabled by default to align with recent PingFederate versions that have RFC 6265 enforcement. In addition, we have added support for the ability to configure single logout (SLO) without requiring an external logout service. If the web application does not have an SLO service configured, the adapter will now redirect back to PingFederate.
This release fixes an issue that prevented the synchronization of groups with certain special characters in the name.
The PingFederate AzureAD password credential validator (PCV) now includes support for passwords with special characters, overriding default proxy connections and configuring connection read and timeout settings when using the API. The WebEx provisioner has also been updated to allow administrators to individually disable provisioning functions, which are turned on by default.
See AzureAD PCV release notes
Google Cloud Identity Connector 1.4.1 adds support for retrieving group memberships in the adapter configuration and extended contract. Atlassian Integration Kit 2.1 includes support for the latest versions of JIRA and Confluence.
The PingFederate 9.3 release includes many new authentication features to improve the end user experience and policy administration. For example, the authentication API now separates the presentation layer from authentication orchestration, allowing front end developers to maintain end-user UI in an external application. Another new capability is Client-Initiated Backchannel Authentication (CIBA) that prompts users for authentication and authorization in a secondary device, avoiding the need to direct the user’s browser to PingFederate for consent
PingFederate 9.2.3 is a cumulative maintenance release for PingFederate 9.2.
PingFederate Amazon Web Services (AWS) Connector 2.0 includes updates to support additional attributes, group capabilities and version 2.0 of AWS API. The PingFederate Integration Kit 1.2 for PingOne for Customers includes added support for custom proxy settings and the ability to customize authentication error messages.
The PingFederate 9.3 beta release includes many new authentication features to improve the end user experience and policy administration. The Identifier First Adapter prompts for a username to analyze the type of user and the credentials with which they've enrolled before challenging them to authenticate in the best way. Extended Properties and a corresponding selector improve policy administration by enabling authentication requirement changes.
We updated the PingFederate and PingOne for Enterprise SCIM Connector 1.2 to add a configuration option for the unique identifier that enables the provisioner to uniquely identify and synchronize users between the data store and target application. In addition the IIS Integration Kit was updated to add support for IIS 8.5 (Windows Server 2012 R2) and 10 (Windows Server 2016).
PingFederate 9.2.2 is a cumulative maintenance release for PingFederate 9.2, which introduced many new features, such as OAuth 2.0 Device Flow support, external consent user interface, dynamic scopes, persistent authentication sessions, password spraying prevention, and more.
PingFederate 9.2 improves user and administration experiences. The introduction of OAuth Device Flow makes it simple for users to authorize input-constrained devices—such as smart televisions—to access resources on the user’s behalf. Persistent authentication sessions add new policy options to reduce password prompts and eliminates session disruption across server maintenance. Support for multiple SSL server certificates along with TLS Server Name Indication makes it easy for admins to add new domain names, possibly for new brands, to an existing PingFederate deployment. We also updated the PingFederate Agentless Integration Kit 1.5, Java Integration Kit 2.5.7 and OAuth Playground 4.1.
PingFederate 9.1.4 is a cumulative maintenance release for PingFederate 9.1, which introduced many new features, such as authentication policy improvements, regional support for adaptive clustering, and OpenID Connect enhancements.
PingFederate 9.1.3 is a cumulative maintenance release for PingFederate 9.1, which introduced many new features, such as authentication policy improvements, regional support for adaptive clustering, and OpenID Connect enhancements. The 9.1.3 release enhances security for auditor accounts and includes fixes to new and existing functionality.
The latest release of the PingFederate App for Splunk includes new dashboards for Customer Identity and Access Management events, OAuth events, and improved organization and representation of PingFederate end user transactions for authentication and single sign-on.
On December 2017, the Apache HTTP Server Version 2.2 reached EOL. As a result, we can no longer maintain the PingFederate Apache Windows Integration Kit.
After October 31, 2018, technical support will no longer be offered for the PingFederate Apache Windows Integration Kit. We encourage you to reach out to your Ping rep at your earliest convenience to discuss a migration plan.
PingFederate® 9.1.1 is a cumulative maintenance release for PingFederate 9.1, which introduced many new features, such as authentication policy improvements, regional support for adaptive clustering, and OpenID Connect enhancements. For a full summary of the 9.1 release, see PingFederate 9.1 - June 2018. Ping recommends that all customers who are running PingFederate 9.1.0 or looking to upgrade from earlier versions upgrade to this release.
The PingFederate Internet Information Services (IIS) Kit 3.3.1 is a maintenance release and addresses an an issue with 32 bit application pool compatibility. The kit includes an IIS agent that works in conjunction with the PingFederate OpenToken to allow an SP enterprise to accept SAML assertions and provide single sign-on (SSO) to IIS Web applications.
PingFederate 9.1.0 follows the pattern established by the 9.0 release and continues to deliver significant feature enhancements, including major advancements in authentication policy and improved support for global deployments. 9.1.0 includes a vastly simpler authentication policy administration experience to make even the most sophisticated policies easy to manage. Many new capabilities are also available to authentication policy, including the ability to group authentication sources by security level, which when used with authentication sessions reduces end user credential challenges. Adaptive Clustering has been enhanced to optimize how runtime state is shared between regions, making it very easy to deploy clusters across the globe.
The PingFederate Twitter Cloud Identity Connector (CIC) 1.3 release is a maintenance release that includes bug fixes. The Twitter CIC allows a Software-as-a-Service (SaaS) provider to leverage Twitter to provide customers direct SSO access to its applications.
The new PingFederate Connector for Zscaler enables enterprises to set up SSO and reduce administrative efforts by offering a quick connection template for provisioning users and groups.
The PingFederate 9.0.4 release is a cumulative maintenance release for PingFederate 9.0, which enhances many existing features. These include consumer authentication, registration, profile management, adaptive clustering and more. Ping Identity recommends customers upgrade to 9.0.4 to best take advantage of these features.
PingFederate now integrates with Active Directory Connect to enable seamless SSO federation across a wide range of on-premises applications, Microsoft Azure AD, Office 365, and much more, providing a powerful joint solution for enterprise hybrid IT environments. Customers can more easily manage their transition to the cloud, and support a hybrid IT environment consisting of a broad range of Microsoft, as well as non-Microsoft, based applications and services.
The PingFederate 9.0.3 release is a cumulative maintenance release for PingFederate 9.0, which introduced many new features, such as adaptive clustering, OAuth dynamic client registration, LDAP directory for OAuth client storage, cross-origin resource sharing (CORS) for OAuth endpoints, consumer authentication, registration and profile management. It's strongly recommended that all customers considering an upgrade to version 9 leverage this release to benefit from the latest updates.
PingFederate’s MobileIron Integration Kit 1.0 enables customers to fine-tune policy decisions based on a mobile device profile retrieved from MobileIron, mitigating risks from personal device use and BYOD initiatives in the workplace. Profile information includes device context around corporate ownership, device platform details and device compliance with corporate policies.
The PingFederate 9.1 beta release is available and packed with new features. Highlights include new customer identity and access management features for email ownership verification, self-service forgotten username recovery, storing connected identity attributes from 3rd party identity providers and more. Also included is improved support for geographically distributed clusters.
Contact email@example.com to join our beta user program.
This maintenance release includes several fixes to new and existing functionality. It's strongly recommended that all customers considering an upgrade to version 9 leverage this release to benefit from the latest updates.
Enterprises leveraging the Symantec VIP platform in conjunction with PingFederate can now enable delivery of a one-time passcode over SMS or voice. This allows customers to provide their workforce with more flexibility in the authentication methods offered to users on the Symantec VIP platform.
PingFederate® 9.0.1 is a cumulative maintenance release for PingFederate 9.0, which introduced many new features, such as adaptive clustering, OAuth dynamic client registration, LDAP directory for OAuth client storage, cross-origin resource sharing (CORS) for OAuth endpoints, consumer authentication, registration and profile management. It's recommended that all customers upgrade to this release who are running PingFederate 9.0 or looking to upgrade from previous versions.
PingFederate customers are now able to fine-tune policy decisions based on mobile device posture retrieved from Intune, mitigating risks from personal device use and BYOD initiatives in the workplace. Posture information includes context around corporate ownership and policy compliance.
The updated administrative console provides admins with a more user friendly experience including the ability to reach menu items faster. It includes new shortcuts to common configurations, a search bar and helpful links that guide you and your PingFederate administrators to many tasks much easier. In addition, you can now enable single sign-on into the console by configuring PingFederate itself as the OpenID Provider.
Newly registered end user customers can now be directly logged in with an authentication session, allowing them to access all desired applications without a login event. Additionally, the authentication API now allows existing end user customers to login entirely within your web and mobile applications without the need for HTTP redirects. For employees, the new Atlassian Cloud Connector enables an enterprise to easily provision users and groups to Atlassian Access.
PingFederate 10.0.4 is a maintenance release of version 10.0; this maintenance release includes several fixes to existing functionality. For customers who want to stay with version 10.0, it is recommended that they upgrade to this maintenance release.
Includes adding localization support for end user facing pages, SMS messages and Push notifications. In addition, the admin now has the ability to select a default authentication method or give end-users an option to select their preference. In use cases where the end user already has a one-time passcode from outside the adapter flow, the adapter skips the UI prompt and authenticates the user seamlessly.
Several following products have been published as certified integrations with Citrix. Citrix Virtual Desktops (XenDesktop), Citrix ADC (NetScaler ADC), Citrix Workspace, Citrix Virtual Apps (XenApp), Citrix Content Collaboration, Citrix Gateway (NetScaler Gateway).
The updated provisioning connector includes added support for the Orlando version of ServiceNow and added the ServiceNow URL field and removed the ServiceNow Instance Name field. This kit allows PingFederate or PingOne to integrate with ServiceNow for user provisioning and single sign-on.
This kit allows PingFederate to provide a lightweight MFA solution for customers that have PII or FedRAMP Moderate / AAL2 requirements and are unable to use our preferred PingID MFA solution due to their specific requirements.
The updated integration kit now supports retrieving either the security posture for the authenticating user’s current device or all devices associated with that user. This is now configurable within the adapter setup.
To improve data quality and ensure seamless customer communications, administrators can now make email verification a requirement before enabling access for a customer. Additionally, organizations with multiple brands can eliminate the need for separate environments by adding multiple virtual issuers for OpenID Connect. Lastly, when you need to monitor and enforce logout for a suspicious user due to changes in employment or compromised credentials, the Session Management API allows OAuth apps to query and revoke all sessions associated with a given user. It also allows an app to delete its own session without revoking the entire authentication session, which minimizes attack vectors for would-be session hijackers.
PingFederate now offers support for Microsoft's risk service, Azure AD Identity Protection. The integration queries Azure AD with a Microsoft user ID to obtain a security risk level based on the user's history. Admins can use this score to dynamically adjust authentication requirements. Additionally, the Azure AD PCV integration kit was updated to use Microsoft's Graph API from the Azure AD API, set to be deprecated on June 30, 2022. Any customers currently using this integration kit should upgrade to the latest version before the deprecation event.
Easily migrate PingFederate to the cloud and connect to on-premise directory servers through the PingOne LDAP Gateway. Additionally, provide a certified implementation of various Financial-Grade APIs (FAPI 1) Advanced Final profiles, including all profiles under Australia CDR and UK Open Banking. Also, this release introduces Secret Managers support and new management tools for Configuration Encryption Keys, helping customers comply with internal IT policies and secure sensitive configuration data.