Adds support for the PATCH method for group updates which is important for performance optimizations when adding a large number of users to groups.

The ServiceNow Provisioning Connector has added support for the Paris version of ServiceNow.

Allow enterprises to use Ping Identity products for attribute-based access control (ABAC) in the AWS Identity and Access Management (IAM) and AWS Single Sign-On (SSO) services.

PingFederate admins can now personalize user registration with a combination of conditional tasks based on user input, and required tasks such as completing a terms of service agreement. Additionally, you can now provide customers logging in with Apple, GitHub, Amazon, LinkedIn and Twitter with a simpler login experience through a pop-up window instead of redirecting them to their social identity provider.

PingFederate now provides a “once and done” integration with PingOne, enabling admins to add PingOne MFA, PingOne Risk Management and upcoming additional PingOne services in the future with a single connection. This month, PingFederate also added out of the box integrations for single sign-on, provisioning and deprovisioning to over 300 newly added SaaS applications.

The ThreatMetrix Integration Kit 1.1 makes it easier to retrieve individual risk and device profile attributes from Threatmetrix for auditing and logging. In addition, the kit includes an updated UI for device profiling and support for the PingFederate JavaScript Widget. The updated PingOne Integration Kit 2.1 includes support for provisioning users to any PingOne-supported region (NA, EU or Asia-Pacific).

Duo Security’s Universal Prompt is a redesign of their authentication experience, which includes a migration of their authentication prompt from an embedded iframe within a customer’s application to a Duo hosted page. The Duo Security Integration Kit 3.0 supports this update and more, including Duo’s updated Web SDK as well as the PingFederate Authentication API.

Provides the ability to customize the ciphers used in outbound HTTP requests to RSA for granular security controls. Additionally, it enables improved error handling when the username and passcode fields are left blank.

Admins can now leverage PingFederate’s authentication API to improve end user experiences for single page applications. Within the authentication API, the JavaScript Widget 1.1 is a customizable JavaScript library that provides support for user login, password reset, risk-based authentication and more. Organizations can use the widget to provide a range of IAM capabilities without requiring single page applications to redirect users to a separate page.

The PingFederate AWS Single Sign-On Connector enables enterprises to provision users and groups to Amazon Web Services. You can assign user permissions based on common job functions and customize these permissions to meet your specific security requirements. Additionally, the PingOne MFA Integration Kit 1.0 allows PingFederate to integrate with the cloud-based PingOne MFA service for customer MFA.

Our beta release of PAR support enables your applications to send authorization requests, which can include sensitive customer data, directly to PingFederate instead of exposing this data to a browser. PAR is critical to complying with privacy regulations, such as Open Banking in the UK and Consumer Data Right in Australia.

Customers can now sign in to your applications without being redirected to another page using our Facebook and Google cloud identity connectors, or with our Agentless Integration Kit’s added support for the PingFederate authentication API. We’ve also automated the provisioning of leads and contacts with the new Salesforce Contacts integration.

PingFederate 10.0.5 is a maintenance release of version 10.0. This maintenance release includes several fixes to existing functionality. For customers who want to stay with version 10.0, it is recommended that they upgrade to this maintenance release.

PingFederate 10.1.1 is a maintenance release of version 10.1. This maintenance release includes several fixes to existing functionality. For customers who want to stay current with version 10.1 or upgrade to the most current version of PingFederate, it is recommended that they upgrade to PingFederate 10.1.1.

This integration allows PingFederate to leverage a risk score from ThreatMetrix during authentication. ThreatMetrix recognizes devices requesting access and delivers a risk score by evaluating user attributes, past history and suspicious behaviors tied to that device. In turn, PingFederate uses this score to allow, deny or enforce MFA to optimize the balance of user experience and security.

The new Zoom Connector 1.0 allows PingFederate and PingOne to rapidly integrate with Zoom for user provisioning, authentication and single sign-on. It offers user profile attribute support, and allows users to be easily created, updated, disabled or deleted. Further security comes from removing users from Zoom when they leave the organization. The Zoom Connector can be used with or in place of just-in-time-based SAML provisioning. Additionally, Slack, Workplace by Facebook and Salesforce connectors have been updated.

PingFederate 10.0.2 is a cumulative maintenance release for PingFederate 10.0.

The Zscaler Internet Access (ZIA) Connector added enhancements for group synchronization and updates, as well as support for updating certain attributes in ZScaler. Additionally, the SCIM provisioning connector now accommodates new HTTP header types and the ability to configure group retrieval limits. Finally, an update to the LinkedIn Cloud Identity Connector enables  the retrieval of user attributes and email addresses using the same instance of the connector.

Several additions in PingFederate 10.0.1 allow you to reduce network traffic and improve response times which are accomplished by updates made to the configuration replication process. Additionally, a new tool has been added to collect PingFederate configuration and log file data to enable support teams.

The PingFederate Workplace by Facebook Connector now includes support for additional user profile attributes. Additionally, Java, Apache Linux and IIS integration kits have also been updated to include SameSite Cookie configurations to support the SameSite cookie flag in web browsers enhancing user security. The SameSite attribute dictates to the browser how a cookie should be treated in scenarios where the user is navigating between sites (or domains).

Customers can now easily leverage PingFederate as their global authentication authority for web applications that are accessed through a web browser like mail and retail services. The JavaScript Widget integrates PingFederate’s authentication policy directly into the web application to allow for a branded and a seamless user experience.

This release enhances login security through an integration with ID DataWeb’s ongoing global identity verification service. ID DataWeb leverages human identity, environmental context and relationships to build a confidence score, which can be used by PingFederate for risk based, adaptive authentication.

Now supports an additional core contract that includes the serial number of the client certificate. A new adapter configuration has also been added to support the ability to use the client certificate for acceptable issuer validation.

Now supports an additional core contract that includes the serial number of the client certificate. A new adapter configuration has also been added to support the ability to use the client certificate for acceptable issuer validation.

Administrative APIs allow administrators to make one request to bulk export configuration objects in JSON which simplifies the movement of configuration from one environment to another. Additionally, now administrators can apply an in-place patch to update PingFederate to the latest maintenance release which reduces the effort required to keep the current PingFederate up-to-date.

This kit allows PingFederate or PingOne to integrate with ServiceNow for user provisioning and single sign-on. The release adds support for London, Madrid and New York versions of ServiceNow.

PingFederate now enables users to SSO into applications using Apple credentials. The Apple Cloud Identity Connector 1.0 allows a Service Provider (SP) to leverage Apple as an Identity Provider (IdP) for access to applications in the SP domain. It works with the Apple API to deliver a seamless login experience for Apple users.

PingFederate 9.3.3 is a cumulative maintenance release which introduced many new features, such as authentication API, Identifier First Adapter, notification publishers, CIBA support, Amazon CloudHSM support, a streamlined setup experience for PingID VPN use case, and more.

PingFederate customers can more easily take advantage of the latest in device reputation technology by integrating with iovation’s FraudForce solution. During the authentication process, iovation FraudForce recognizes the device requesting access and delivers a risk score by evaluating associated accounts, past history and suspicious behaviors tied to that device. PingFederate can then leverage this risk score when making authentication decisions, such as adaptive policies to enforce MFA with PingID.

PingFederate 9.3.2 is a cumulative maintenance release which introduced many new features, such as authentication API, Identifier First Adapter, notification publishers, CIBA support, Amazon CloudHSM support, a streamlined setup experience for PingID VPN use case, and more.

The recently released Amazon and Github Cloud Identity Connectors work with the Amazon and GitHub APIs to allow PingFederate users to login to applications with credentials from both online services. The general availability release provides support for login, the retrieval of Amazon and GitHub user information and much more to deliver increased user convenience during login.

   

See Amazon release notes here, and GitHub release notes here

This beta release continues to build on support for cloud and modernization initiatives, with the inclusion of better support for DevOps and elastic scaling. The effort to upgrade from a previous release or update to the latest 10.0 maintenance release has also been greatly reduced as customers can now upgrade without using the Upgrade Utility.

The Salesforce Connector 7.0 allows PingFederate and PingOne for Enterprise customers to build on existing integrations to SalesForce with new support for provisioning to the Salesforce Community Cloud as well as the ability to create connections to custom Salesforce Domains. The release also reduces administrative efforts with the ability to create multiple Salesforce connections in a single PingFederate instance and by adding support for the latest version of the Salesforce REST API (v46).

The OAuth playground demonstrates the OAuth and OpenID Connect flows and capabilities of PingFederate. The latest release adds support for Client Initiated Backchannel Authentication (CIBA) where user consent can be requested through an out-of-band workflow without redirects through the browser for a greatly improved authentication experience. This includes an updated setup wizard for CIBA configuration and is bundled with a sample email out-of-band authenticator.

.NET Integration Kit 2.5.3 includes an updated OpenToken Agent to improve the way token timestamps are handled.

The PingFederate Integration Kit for RSA SecurID® allows customers to leverage RSA’s MFA capabilities with PingFederate as the identity provider. The update supports the new RSA SecurID authentication API and can now be used with Java 11. Additional features include the ability to configure failover servers, override user identifiers sent to the authentication API, override default proxy connections and configure API connection timeout settings.

The updated integration kit includes a new configuration option, URL Encode Cookie Values, which will be enabled by default to align with recent PingFederate versions that have RFC 6265 enforcement. In addition, we have added support for the ability to configure single logout (SLO) without requiring an external logout service. If the web application does not have an SLO service configured, the adapter will now redirect back to PingFederate.

This release fixes an issue that prevented the synchronization of groups with certain special characters in the name.

The PingFederate AzureAD password credential validator (PCV) now includes support for passwords with special characters, overriding default proxy connections and configuring connection read and timeout settings when using the API. The WebEx provisioner has also been updated to allow administrators to individually disable provisioning functions, which are turned on by default.

 

See AzureAD PCV release notes

Google Cloud Identity Connector 1.4.1 adds support for retrieving group memberships in the adapter configuration and extended contract.  Atlassian Integration Kit 2.1 includes support for the latest versions of JIRA and Confluence.

The PingFederate 9.3 release includes many new authentication features to improve the end user experience and policy administration. For example, the authentication API now separates the presentation layer from authentication orchestration, allowing front end developers to maintain end-user UI in an external application. Another new capability is Client-Initiated Backchannel Authentication (CIBA) that prompts users for authentication and authorization in a secondary device, avoiding the need to direct the user’s browser to PingFederate for consent

PingFederate 9.2.3 is a cumulative maintenance release for PingFederate 9.2.

PingFederate Amazon Web Services (AWS) Connector 2.0 includes updates to support additional attributes, group capabilities and version 2.0 of AWS API. The PingFederate Integration Kit 1.2 for PingOne for Customers includes added support for custom proxy settings and the ability to customize authentication error messages.

 

Integration Kits

The PingFederate 9.3 beta release includes many new authentication features to improve the end user experience and policy administration. The Identifier First Adapter prompts for a username to analyze the type of user and the credentials with which they've enrolled before challenging them to authenticate in the best way. Extended Properties and a corresponding selector improve policy administration by enabling authentication requirement changes.

We updated the PingFederate and PingOne for Enterprise SCIM Connector 1.2 to add a configuration option for the unique identifier that enables the provisioner to uniquely identify and synchronize users between the data store and target application. In addition the IIS Integration Kit was updated to add support for IIS 8.5 (Windows Server 2012 R2) and 10 (Windows Server 2016).

PingFederate 9.2.2 is a cumulative maintenance release for PingFederate 9.2, which introduced many new features, such as OAuth 2.0 Device Flow support, external consent user interface, dynamic scopes, persistent authentication sessions, password spraying prevention, and more.

The new PingFederate PingOne for Customers Integration Kit 1.1 includes a data store and password credential validator that allows PingFederate to retrieve user attributes from PingOne for Customers and validate user credentials when a user signs on. Additionally, we released the PingFederate Agentless Integration Kit 1.5.1, which includes a redesigned sample application with source code available on GitHub.

PingFederate LinkedIn Cloud Identity Connector 2.0 includes updates to conform to OAuth 2.0 standards and version 2.0 of LinkedIn's API. PingFederate SharePoint People Picker Integration Kit 1.3 includes added support for SharePoint 2019. PingFederate Google Cloud Identity Connector 1.3 includes updates so that customers can use a different user data source in preparation for the upcoming shutdown of the Google+ API.

PingFederate 9.2.1 is a cumulative maintenance release for PingFederate 9.2, which introduced many new features, such as OAuth 2.0 Device Flow support, external consent user interface, dynamic scopes, persistent authentication sessions, password spraying prevention, and more.

PingFederate 9.2 improves user and administration experiences. The introduction of OAuth Device Flow makes it simple for users to authorize input-constrained devices—such as smart televisions—to access resources on the user’s behalf. Persistent authentication sessions add new policy options to reduce password prompts and eliminates session disruption across server maintenance. Support for multiple SSL server certificates along with TLS Server Name Indication makes it easy for admins to add new domain names, possibly for new brands, to an existing PingFederate deployment. We also updated the PingFederate Agentless Integration Kit 1.5, Java Integration Kit 2.5.7 and OAuth Playground 4.1.

PingFederate 9.1.4 is a cumulative maintenance release for PingFederate 9.1, which introduced many new features, such as authentication policy improvements, regional support for adaptive clustering, and OpenID Connect enhancements.

PingFederate 9.1.3 is a cumulative maintenance release for PingFederate 9.1, which introduced many new features, such as authentication policy improvements, regional support for adaptive clustering, and OpenID Connect enhancements. The 9.1.3 release enhances security for auditor accounts and includes fixes to new and existing functionality.

The latest release of the PingFederate App for Splunk includes new dashboards for Customer Identity and Access Management events, OAuth events, and improved organization and representation of PingFederate end user transactions for authentication and single sign-on.

PingFederate® 9.1.1 is a cumulative maintenance release for PingFederate 9.1, which introduced many new features, such as authentication policy improvements, regional support for adaptive clustering, and OpenID Connect enhancements. For a full summary of the 9.1 release, see PingFederate 9.1 - June 2018. Ping recommends that all customers who are running PingFederate 9.1.0 or looking to upgrade from earlier versions upgrade to this release.

The PingFederate Internet Information Services (IIS) Kit 3.3.1 is a maintenance release and addresses an an issue with 32 bit application pool compatibility. The kit includes an IIS agent that works in conjunction with the PingFederate OpenToken to allow an SP enterprise to accept SAML assertions and provide single sign-on (SSO) to IIS Web applications.

The PingFederate Office 365 Connector 2.2 improves user management for administrators with added enhancements to lifecycle management configuration and the option to hard delete accounts during the de-provisioning workflow.

PingFederate 9.1.0 follows the pattern established by the 9.0 release and continues to deliver significant feature enhancements, including major advancements in authentication policy and improved support for global deployments. 9.1.0 includes a vastly simpler authentication policy administration experience to make even the most sophisticated policies easy to manage. Many new capabilities are also available to authentication policy, including the ability to group authentication sources by security level, which when used with authentication sessions reduces end user credential challenges. Adaptive Clustering has been enhanced to optimize how runtime state is shared between regions, making it very easy to deploy clusters across the globe.

The PingFederate 9.0.4 release is a cumulative maintenance release for PingFederate 9.0, which enhances many existing features. These include consumer authentication, registration, profile management, adaptive clustering and more. Ping Identity recommends customers upgrade to 9.0.4 to best take advantage of these features.

PingFederate now integrates with Active Directory Connect to enable seamless SSO federation across a wide range of on-premises applications, Microsoft Azure AD, Office 365, and much more, providing a powerful joint solution for enterprise hybrid IT environments. Customers can more easily manage their transition to the cloud, and support a hybrid IT environment consisting of a broad range of Microsoft, as well as non-Microsoft, based applications and services.

PingFederate added support for ServiceNow’s updated API, which includes capabilities to protect API traffic. The ServiceNow 2.0 SaaS connector enables enterprises to continue setting up SSO connections with quick templates and provision user attributes, including a user’s status in active directory and current lockout status.

The Box Connector 2.5 reduces administrative efforts and errors by automating personal folder creation during the provisioning of a new user to the Box service. By automating this process, organizations can immediately provide a location for users to store content—and also help ensure that personal folders adhere to company policies such as access levels, naming conventions and folder locations.

The PingFederate Agentless Integration Kit 1.3.2 is a maintenance release to 1.3 and includes bug fixes. The PingFederate Agentless Integration Kit includes the ReferenceID Adapter, which allows developers to integrate applications with a PingFederate server acting as either an Identity Provider (IdP) or a Service Provider (SP). The ReferenceID Adapter passes user attributes via direct HTTP calls between the application and PingFederate without the need for an agent

The CoreBlox Integration Kit allows PingFederate to act as either an Identity Provider (IdP) or a Service Provider (SP) when integrating with legacy web access management systems (WAM). Version 2.5 of the Coreblox Integration Kit adds a ‘send session attributes’ field to the SP adapter to send additional attributes to be included within a newly created session in the legacy WAM system.

Insight into employee device posture is crucial to making sound authentication and authorization decisions. The Airwatch Integration Kit 1.0.1 enables enterprises to leverage attributes—such as device ownership and compliance status in access security-related decisions—using the recently updated Airwatch API.

The PingFederate Oracle Access Manager (OAM) Integration Kit allows a service-provider (SP) enterprise to accept SAML or WS-Federation assertions and provide SSO to OAM-protected applications. Version 3.1 of this integration kit supports the inclusion of dynamic target resources, allowing OAM to use information contained within an assertion to determine where a user should be redirected after successful SSO.

The PingFederate 9.0.3 release is a cumulative maintenance release for PingFederate 9.0, which introduced many new features, such as adaptive clustering, OAuth dynamic client registration, LDAP directory for OAuth client storage, cross-origin resource sharing (CORS) for OAuth endpoints, consumer authentication, registration and profile management. It's strongly recommended that all customers considering an upgrade to version 9 leverage this release to benefit from the latest updates.

PingFederate’s MobileIron Integration Kit 1.0 enables customers to fine-tune policy decisions based on a mobile device profile retrieved from MobileIron, mitigating risks from personal device use and BYOD initiatives in the workplace. Profile information includes device context around corporate ownership, device platform details and device compliance with corporate policies.

The PingFederate 9.1 beta release is available and packed with new features. Highlights include new customer identity and access management features for email ownership verification, self-service forgotten username recovery, storing connected identity attributes from 3rd party identity providers and more. Also included is improved support for geographically distributed clusters. 

 

Contact customersuccess@pingidentity.com to join our beta user program.

This maintenance release includes several fixes to new and existing functionality. It's strongly recommended that all customers considering an upgrade to version 9 leverage this release to benefit from the latest updates.

The update to this cloud identity connector allows service providers to easily capture default user profile attributes, including ones using scope permissions together with multivalued attributes. The update also includes improved error handling, support for SLO using PingFederate 9.0 and bug fixes.

The integration kit now supports SharePoint 2016, in addition to its previous support for SharePoint 2013—with no adapter upgrade required. Enterprises using SharePoint People Picker can leverage this integration kit to query one or more LDAP user stores, when granting permissions to SharePoint applications.

Enterprises leveraging the Symantec VIP platform in conjunction with PingFederate can now enable delivery of a one-time passcode over SMS or voice. This allows customers to provide their workforce with more flexibility in the authentication methods offered to users on the Symantec VIP platform.

PingFederate® 9.0.1 is a cumulative maintenance release for PingFederate 9.0, which introduced many new features, such as adaptive clustering, OAuth dynamic client registration, LDAP directory for OAuth client storage, cross-origin resource sharing (CORS) for OAuth endpoints, consumer authentication, registration and profile management. It's recommended that all customers upgrade to this release who are running PingFederate 9.0 or looking to upgrade from previous versions.

PingFederate customers are now able to fine-tune policy decisions based on mobile device posture retrieved from Intune, mitigating risks from personal device use and BYOD initiatives in the workplace. Posture information includes context around corporate ownership and policy compliance.

For product updates prior to 2018, please visit our PingFederate Release Notes.

The PingFederate Atlassian Integration Kit 2.0 provides compatibility updates for the latest Atlassian platforms. The integration kit is a Jira and Confluence plugin that offers an administrative console for configuring single sign-on (SSO) properties that uses Atlassian’s Seraph authentication API to authorize SSO transactions.

This integration helps streamline the adoption of zero trust security models including strongly authenticating users, checking for updates to their group memberships, and enforcing security policies at both the network and application. Leveraging this integration with PingFederate and PingOne for Enterprise, organizations can now automatically terminate user sessions leveraging real time user and group provisioning to Zscaler’s Private Access solution.

PingFederate and PingOne for Enterprise now support rapid integration to Code42's data security solutions through the use of a SCIM connector.  This connector enables administrators to automate the create, update and disable user functions, and also support single sign on initiated at the service provider.

The updated administrative console provides admins with a more user friendly experience including the ability to reach menu items faster. It includes new shortcuts to common configurations, a search bar and helpful links that guide you and your PingFederate administrators to many tasks much easier. In addition, you can now enable single sign-on into the console by configuring PingFederate itself as the OpenID Provider.

Newly registered end user customers can now be directly logged in with an authentication session, allowing them to access all desired applications without a login event. Additionally, the authentication API now allows existing end user customers to login entirely within your web and mobile applications without the need for HTTP redirects. For employees, the new Atlassian Cloud Connector enables an enterprise to easily provision users and groups to Atlassian Access.

PingFederate 10.0.4 is a maintenance release of version 10.0; this maintenance release includes several fixes to existing functionality. For customers who want to stay with version 10.0, it is recommended that they upgrade to this maintenance release.

Includes adding localization support for end user facing pages, SMS messages and Push notifications. In addition, the admin now has the ability to select a default authentication method or give end-users an option to select their preference. In use cases where the end user already has a one-time passcode from outside the adapter flow, the adapter skips the UI prompt and authenticates the user seamlessly.

Several following products have been published as certified integrations with Citrix. Citrix Virtual Desktops (XenDesktop), Citrix ADC (NetScaler ADC), Citrix Workspace, Citrix Virtual Apps (XenApp), Citrix Content Collaboration, Citrix Gateway (NetScaler Gateway).

The updated provisioning connector includes added support for the Orlando version of ServiceNow and added the ServiceNow URL field and removed the ServiceNow Instance Name field. This kit allows PingFederate or PingOne to integrate with ServiceNow for user provisioning and single sign-on.

This kit allows PingFederate to provide a lightweight MFA solution for customers that have PII or FedRAMP Moderate / AAL2 requirements and are unable to use our preferred PingID MFA solution due to their specific requirements.

The updated integration kit now supports retrieving either the security posture for the authenticating user’s current device or all devices associated with that user. This is now configurable within the adapter setup.

The updated integration kit enhances user experience with improved UI templates and localization support for user-facing pages. This release also includes support for the JavaScript Widget and PingFederate Authentication API. In addition, a verified and documented SAML integration between PingFederate and the RSA SecurID Cloud Authentication Service for multi-factor authentication is now available.

To improve data quality and ensure seamless customer communications, administrators can now make email verification a requirement before enabling access for a customer. Additionally, organizations with multiple brands can eliminate the need for separate environments by adding multiple virtual issuers for OpenID Connect. Lastly, when you need to monitor and enforce logout for a suspicious user due to changes in employment or compromised credentials, the Session Management API allows OAuth apps to query and revoke all sessions associated with a given user. It also allows an app to delete its own session without revoking the entire authentication session, which minimizes attack vectors for would-be session hijackers.

Easily migrate PingFederate to the cloud and connect to on-premise directory servers through the PingOne LDAP Gateway. Additionally, provide a certified implementation of various Financial-Grade APIs (FAPI 1) Advanced Final profiles, including all profiles under Australia CDR and UK Open Banking. Also, this release introduces Secret Managers support and new management tools for Configuration Encryption Keys, helping customers comply with internal IT policies and secure sensitive configuration data.

PingFederate now offers support for Microsoft's risk service, Azure AD Identity Protection. The integration queries Azure AD with a Microsoft user ID to obtain a security risk level based on the user's history. Admins can use this score to dynamically adjust authentication requirements. Additionally, the Azure AD PCV integration kit was updated to use Microsoft's Graph API from the Azure AD API, set to be deprecated on June 30, 2022. Any customers currently using this integration kit should upgrade to the latest version before the deprecation event.