The Zscaler Internet Access (ZIA) Connector added enhancements for group synchronization and updates, as well as support for updating certain attributes in ZScaler. Additionally, the SCIM provisioning connector now accommodates new HTTP header types and the ability to configure group retrieval limits. Finally, an update to the LinkedIn Cloud Identity Connector enables  the retrieval of user attributes and email addresses using the same instance of the connector.

Several additions in PingFederate 10.0.1 allow you to reduce network traffic and improve response times which are accomplished by updates made to the configuration replication process. Additionally, a new tool has been added to collect PingFederate configuration and log file data to enable support teams.

The PingFederate Workplace by Facebook Connector now includes support for additional user profile attributes. Additionally, Java, Apache Linux and IIS integration kits have also been updated to include SameSite Cookie configurations to support the SameSite cookie flag in web browsers enhancing user security. The SameSite attribute dictates to the browser how a cookie should be treated in scenarios where the user is navigating between sites (or domains).

Customers can now easily leverage PingFederate as their global authentication authority for web applications that are accessed through a web browser like mail and retail services. The JavaScript Widget integrates PingFederate’s authentication policy directly into the web application to allow for a branded and a seamless user experience.

This release enhances login security through an integration with ID DataWeb’s ongoing global identity verification service. ID DataWeb leverages human identity, environmental context and relationships to build a confidence score, which can be used by PingFederate for risk based, adaptive authentication.

Now supports an additional core contract that includes the serial number of the client certificate. A new adapter configuration has also been added to support the ability to use the client certificate for acceptable issuer validation.

Now supports an additional core contract that includes the serial number of the client certificate. A new adapter configuration has also been added to support the ability to use the client certificate for acceptable issuer validation.

Administrative APIs allow administrators to make one request to bulk export configuration objects in JSON which simplifies the movement of configuration from one environment to another. Additionally, now administrators can apply an in-place patch to update PingFederate to the latest maintenance release which reduces the effort required to keep the current PingFederate up-to-date.

This kit allows PingFederate or PingOne to integrate with ServiceNow for user provisioning and single sign-on. The release adds support for London, Madrid and New York versions of ServiceNow.

PingFederate now enables users to SSO into applications using Apple credentials. The Apple Cloud Identity Connector 1.0 allows a Service Provider (SP) to leverage Apple as an Identity Provider (IdP) for access to applications in the SP domain. It works with the Apple API to deliver a seamless login experience for Apple users.

PingFederate 9.3.3 is a cumulative maintenance release which introduced many new features, such as authentication API, Identifier First Adapter, notification publishers, CIBA support, Amazon CloudHSM support, a streamlined setup experience for PingID VPN use case, and more.

PingFederate customers can more easily take advantage of the latest in device reputation technology by integrating with iovation’s FraudForce solution. During the authentication process, iovation FraudForce recognizes the device requesting access and delivers a risk score by evaluating associated accounts, past history and suspicious behaviors tied to that device. PingFederate can then leverage this risk score when making authentication decisions, such as adaptive policies to enforce MFA with PingID.

PingFederate 9.3.2 is a cumulative maintenance release which introduced many new features, such as authentication API, Identifier First Adapter, notification publishers, CIBA support, Amazon CloudHSM support, a streamlined setup experience for PingID VPN use case, and more.

The recently released Amazon and Github Cloud Identity Connectors work with the Amazon and GitHub APIs to allow PingFederate users to login to applications with credentials from both online services. The general availability release provides support for login, the retrieval of Amazon and GitHub user information and much more to deliver increased user convenience during login.

   

See Amazon release notes here, and GitHub release notes here

This beta release continues to build on support for cloud and modernization initiatives, with the inclusion of better support for DevOps and elastic scaling. The effort to upgrade from a previous release or update to the latest 10.0 maintenance release has also been greatly reduced as customers can now upgrade without using the Upgrade Utility.

The Salesforce Connector 7.0 allows PingFederate and PingOne for Enterprise customers to build on existing integrations to SalesForce with new support for provisioning to the Salesforce Community Cloud as well as the ability to create connections to custom Salesforce Domains. The release also reduces administrative efforts with the ability to create multiple Salesforce connections in a single PingFederate instance and by adding support for the latest version of the Salesforce REST API (v46).

The OAuth playground demonstrates the OAuth and OpenID Connect flows and capabilities of PingFederate. The latest release adds support for Client Initiated Backchannel Authentication (CIBA) where user consent can be requested through an out-of-band workflow without redirects through the browser for a greatly improved authentication experience. This includes an updated setup wizard for CIBA configuration and is bundled with a sample email out-of-band authenticator.

.NET Integration Kit 2.5.3 includes an updated OpenToken Agent to improve the way token timestamps are handled.

The PingFederate Integration Kit for RSA SecurID® allows customers to leverage RSA’s MFA capabilities with PingFederate as the identity provider. The update supports the new RSA SecurID authentication API and can now be used with Java 11. Additional features include the ability to configure failover servers, override user identifiers sent to the authentication API, override default proxy connections and configure API connection timeout settings.

The updated integration kit includes a new configuration option, URL Encode Cookie Values, which will be enabled by default to align with recent PingFederate versions that have RFC 6265 enforcement. In addition, we have added support for the ability to configure single logout (SLO) without requiring an external logout service. If the web application does not have an SLO service configured, the adapter will now redirect back to PingFederate.

This release fixes an issue that prevented the synchronization of groups with certain special characters in the name.

The PingFederate AzureAD password credential validator (PCV) now includes support for passwords with special characters, overriding default proxy connections and configuring connection read and timeout settings when using the API. The WebEx provisioner has also been updated to allow administrators to individually disable provisioning functions, which are turned on by default.

 

See AzureAD PCV release notes

Google Cloud Identity Connector 1.4.1 adds support for retrieving group memberships in the adapter configuration and extended contract.  Atlassian Integration Kit 2.1 includes support for the latest versions of JIRA and Confluence.

The PingFederate 9.3 release includes many new authentication features to improve the end user experience and policy administration. For example, the authentication API now separates the presentation layer from authentication orchestration, allowing front end developers to maintain end-user UI in an external application. Another new capability is Client-Initiated Backchannel Authentication (CIBA) that prompts users for authentication and authorization in a secondary device, avoiding the need to direct the user’s browser to PingFederate for consent

PingFederate 9.2.3 is a cumulative maintenance release for PingFederate 9.2.

PingFederate Amazon Web Services (AWS) Connector 2.0 includes updates to support additional attributes, group capabilities and version 2.0 of AWS API. The PingFederate Integration Kit 1.2 for PingOne for Customers includes added support for custom proxy settings and the ability to customize authentication error messages.

 

Integration Kits

The PingFederate 9.3 beta release includes many new authentication features to improve the end user experience and policy administration. The Identifier First Adapter prompts for a username to analyze the type of user and the credentials with which they've enrolled before challenging them to authenticate in the best way. Extended Properties and a corresponding selector improve policy administration by enabling authentication requirement changes.

We updated the PingFederate and PingOne for Enterprise SCIM Connector 1.2 to add a configuration option for the unique identifier that enables the provisioner to uniquely identify and synchronize users between the data store and target application. In addition the IIS Integration Kit was updated to add support for IIS 8.5 (Windows Server 2012 R2) and 10 (Windows Server 2016).

PingFederate 9.2.2 is a cumulative maintenance release for PingFederate 9.2, which introduced many new features, such as OAuth 2.0 Device Flow support, external consent user interface, dynamic scopes, persistent authentication sessions, password spraying prevention, and more.

The new PingFederate PingOne for Customers Integration Kit 1.1 includes a data store and password credential validator that allows PingFederate to retrieve user attributes from PingOne for Customers and validate user credentials when a user signs on. Additionally, we released the PingFederate Agentless Integration Kit 1.5.1, which includes a redesigned sample application with source code available on GitHub.

PingFederate LinkedIn Cloud Identity Connector 2.0 includes updates to conform to OAuth 2.0 standards and version 2.0 of LinkedIn's API. PingFederate SharePoint People Picker Integration Kit 1.3 includes added support for SharePoint 2019. PingFederate Google Cloud Identity Connector 1.3 includes updates so that customers can use a different user data source in preparation for the upcoming shutdown of the Google+ API.

PingFederate 9.2.1 is a cumulative maintenance release for PingFederate 9.2, which introduced many new features, such as OAuth 2.0 Device Flow support, external consent user interface, dynamic scopes, persistent authentication sessions, password spraying prevention, and more.

PingFederate 9.2 improves user and administration experiences. The introduction of OAuth Device Flow makes it simple for users to authorize input-constrained devices—such as smart televisions—to access resources on the user’s behalf. Persistent authentication sessions add new policy options to reduce password prompts and eliminates session disruption across server maintenance. Support for multiple SSL server certificates along with TLS Server Name Indication makes it easy for admins to add new domain names, possibly for new brands, to an existing PingFederate deployment. We also updated the PingFederate Agentless Integration Kit 1.5, Java Integration Kit 2.5.7 and OAuth Playground 4.1.

PingFederate 9.1.4 is a cumulative maintenance release for PingFederate 9.1, which introduced many new features, such as authentication policy improvements, regional support for adaptive clustering, and OpenID Connect enhancements.

The PingFederate Facebook Cloud Identity Connector 2.0.1 is a maintenance release that includes improved HTTP client package names to avoid class-loading collisions with other add-ons, such as the CoreBlox Integration Kit.

The PingFederate CoreBlox Integration Kit 2.6.1 release is a maintenance release that improved PingFederate node reliability and added an option to ignore session cookies. The CoreBlox Integration Kit provides SSO capabilities to legacy web access management systems (WAM) such as CA SiteMinder.

The release of PingFederate PingID SDK Connector 1.1 improves administrative user management by adding support for primary device authentication configuration, expanding the list of available user attributes to include three voice phone numbers, and improving error handling and reporting.

PingFederate 9.1.3 is a cumulative maintenance release for PingFederate 9.1, which introduced many new features, such as authentication policy improvements, regional support for adaptive clustering, and OpenID Connect enhancements. The 9.1.3 release enhances security for auditor accounts and includes fixes to new and existing functionality.

We are pleased to announce the availability of the PingFederate 9.2 Beta, which improves the end-user and administration experiences. The introduction of OAuth Device Flow makes it simple for end-users to authorize input-constrained devices, such as smart televisions, to access resources on the user’s behalf. The addition of HTTP parameter tracking enables PingFederate to leverage data throughout an authentication policy. Lastly, a new admin API makes it easier for admins to make frequent configuration changes.

PingFederate Agentless Integration Kit 1.4 improves the handling of incoming request attributes.The PingFederate Agentless Integration Kit includes the ReferenceID Adapter, which allows developers to integrate applications with a PingFederate server acting as either an Identity Provider (IdP) or a Service Provider (SP). The ReferenceID Adapter passes user attributes via direct HTTP calls between the application and PingFederate without the need for an agent.

The PingFederate LinkedIn Cloud Identity Connector has been updated to simplify logout handling. The LinkedIn CIC allows a Software as a Service (SaaS) provider to leverage LinkedIn to provide customers direct SSO access to its applications.

PingFederate Google Cloud Identity Connector 1.2 is a maintenance release that includes improved logging of errors, a resolved iframe issue with single logout (SLO), and added support to periodically retry a failed request.

The latest release of the PingFederate App for Splunk includes new dashboards for Customer Identity and Access Management events, OAuth events, and improved organization and representation of PingFederate end user transactions for authentication and single sign-on.

The PingFederate Agentless Integration Kit 1.3.3 Integration Kit improves functionality by addressing a defect that could lead to incorrectly overriding parameters.

PingFederate 9.1.2 is a cumulative maintenance release for PingFederate 9.1, which introduced many new features, such as authentication policy improvements, regional support for adaptive clustering, and OpenID Connect enhancements. The 9.1.2 release includes several fixes to new and existing functionality, such as enhanced session management, audit logs, and more.

The recently announced PingFederate Integration to Microsoft Azure Active Directory Connect is generally available and now ships with the latest version of the AAD Connect tool. PingFederate’s integration with this tool enables seamless SSO federation across a wide range of on-premises applications, Microsoft Azure AD, Office 365 and much more; enabling customers to more easily manage their hybrid IT environments.

The latest version of PingFederate Kerberos Token Translator 2.0.2 is a minor release that addresses a security issue described in Security Advisory SECADV017.

On December 2017, the Apache HTTP Server Version 2.2 reached EOL. As a result, we can no longer maintain the PingFederate Apache Windows Integration Kit.

 

After October 31, 2018, technical support will no longer be offered for the PingFederate Apache Windows Integration Kit. We encourage you to reach out to your Ping rep at your earliest convenience to discuss a migration plan.

 

The PingFederate Evernote SaaS Connector 2.0 is a major update that includes updated support for user lifecycle management, added configuration options for workflow capabilities, support of additional user attributes, and support for the Evernote SCIM 2.0 API. This connector enables enterprises to easily set up SSO and reduce administrative efforts by offering a quickly connection template for provisioning users to Evernote.

The PingFederate SCIM SaaS Connector Guide is a maintenance release that enhances group provisioning and overall functionality. This kit enables enterprises to set up SSO and reduce administrative efforts by offering a quick connection template for provisioning users and groups to SCIM-based applications such as Huddle, Slack, Workplace by Facebook, LucidChart and GitHub.

The PingFederate Apache Linux Integration Kit 3.3.2 is a maintenance release that addresses an issue with case sensitivity of header names. This kit provides single sign-on (SSO) capabilities to Apache Web applications.

The new PingFederate GitHub Connector 1.0 enables enterprises to set up SSO and reduce administrative efforts by offering quick connection templates for provisioning users and groups.

The PingFederate SharePoint People Picker 1.2.1 release is a maintenance release that addresses feature activation failures due to logging. This extension integration kit contains a custom claims provider that can connect to LDAP user stores or domains to fulfill search and name resolution queries for valid users and groups.

The PingFederate RSA SecurID Integration Kit 2.1 release updates our qualification to include RSA Authentication Manager 8.3 as well as introduces several minor features and bug fixes. The kit continues to enable RSA multi-factor authentication in PingFederate login flows.

The new PingFederate LucidChart Connector 1.0 enables enterprises to set up SSO and reduce administrative efforts by offering a quick connection template for provisioning users and groups.

The PingFederate Atlassian Integration Kit 2.0.1 is a maintenance release that addresses a defect when used in conjunction with the AutoAddGroups functionality. The kit enables SSO capabilities for Jira and Confluence.

PingFederate® 9.1.1 is a cumulative maintenance release for PingFederate 9.1, which introduced many new features, such as authentication policy improvements, regional support for adaptive clustering, and OpenID Connect enhancements. For a full summary of the 9.1 release, see PingFederate 9.1 - June 2018. Ping recommends that all customers who are running PingFederate 9.1.0 or looking to upgrade from earlier versions upgrade to this release.

The PingFederate Internet Information Services (IIS) Kit 3.3.1 is a maintenance release and addresses an an issue with 32 bit application pool compatibility. The kit includes an IIS agent that works in conjunction with the PingFederate OpenToken to allow an SP enterprise to accept SAML assertions and provide single sign-on (SSO) to IIS Web applications.

The PingFederate Office 365 Connector 2.2 improves user management for administrators with added enhancements to lifecycle management configuration and the option to hard delete accounts during the de-provisioning workflow.

PingFederate 9.1.0 follows the pattern established by the 9.0 release and continues to deliver significant feature enhancements, including major advancements in authentication policy and improved support for global deployments. 9.1.0 includes a vastly simpler authentication policy administration experience to make even the most sophisticated policies easy to manage. Many new capabilities are also available to authentication policy, including the ability to group authentication sources by security level, which when used with authentication sessions reduces end user credential challenges. Adaptive Clustering has been enhanced to optimize how runtime state is shared between regions, making it very easy to deploy clusters across the globe.

The PingFederate Twitter Cloud Identity Connector (CIC) 1.3 release is a maintenance release that includes bug fixes. The Twitter CIC allows a Software-as-a-Service (SaaS) provider to leverage Twitter to provide customers direct SSO access to its applications.

The new PingFederate Connector for Zscaler enables enterprises to set up SSO and reduce administrative efforts by offering a quick connection template for provisioning users and groups.

The PingFederate 9.0.4 release is a cumulative maintenance release for PingFederate 9.0, which enhances many existing features. These include consumer authentication, registration, profile management, adaptive clustering and more. Ping Identity recommends customers upgrade to 9.0.4 to best take advantage of these features.

PingFederate now integrates with Active Directory Connect to enable seamless SSO federation across a wide range of on-premises applications, Microsoft Azure AD, Office 365, and much more, providing a powerful joint solution for enterprise hybrid IT environments. Customers can more easily manage their transition to the cloud, and support a hybrid IT environment consisting of a broad range of Microsoft, as well as non-Microsoft, based applications and services.

PingFederate added support for ServiceNow’s updated API, which includes capabilities to protect API traffic. The ServiceNow 2.0 SaaS connector enables enterprises to continue setting up SSO connections with quick templates and provision user attributes, including a user’s status in active directory and current lockout status.

The Box Connector 2.5 reduces administrative efforts and errors by automating personal folder creation during the provisioning of a new user to the Box service. By automating this process, organizations can immediately provide a location for users to store content—and also help ensure that personal folders adhere to company policies such as access levels, naming conventions and folder locations.

The PingFederate Agentless Integration Kit 1.3.2 is a maintenance release to 1.3 and includes bug fixes. The PingFederate Agentless Integration Kit includes the ReferenceID Adapter, which allows developers to integrate applications with a PingFederate server acting as either an Identity Provider (IdP) or a Service Provider (SP). The ReferenceID Adapter passes user attributes via direct HTTP calls between the application and PingFederate without the need for an agent

The CoreBlox Integration Kit allows PingFederate to act as either an Identity Provider (IdP) or a Service Provider (SP) when integrating with legacy web access management systems (WAM). Version 2.5 of the Coreblox Integration Kit adds a ‘send session attributes’ field to the SP adapter to send additional attributes to be included within a newly created session in the legacy WAM system.

Insight into employee device posture is crucial to making sound authentication and authorization decisions. The Airwatch Integration Kit 1.0.1 enables enterprises to leverage attributes—such as device ownership and compliance status in access security-related decisions—using the recently updated Airwatch API.

The PingFederate Oracle Access Manager (OAM) Integration Kit allows a service-provider (SP) enterprise to accept SAML or WS-Federation assertions and provide SSO to OAM-protected applications. Version 3.1 of this integration kit supports the inclusion of dynamic target resources, allowing OAM to use information contained within an assertion to determine where a user should be redirected after successful SSO.

The PingFederate 9.0.3 release is a cumulative maintenance release for PingFederate 9.0, which introduced many new features, such as adaptive clustering, OAuth dynamic client registration, LDAP directory for OAuth client storage, cross-origin resource sharing (CORS) for OAuth endpoints, consumer authentication, registration and profile management. It's strongly recommended that all customers considering an upgrade to version 9 leverage this release to benefit from the latest updates.

PingFederate’s MobileIron Integration Kit 1.0 enables customers to fine-tune policy decisions based on a mobile device profile retrieved from MobileIron, mitigating risks from personal device use and BYOD initiatives in the workplace. Profile information includes device context around corporate ownership, device platform details and device compliance with corporate policies.

The PingFederate 9.1 beta release is available and packed with new features. Highlights include new customer identity and access management features for email ownership verification, self-service forgotten username recovery, storing connected identity attributes from 3rd party identity providers and more. Also included is improved support for geographically distributed clusters. 

 

Contact customersuccess@pingidentity.com to join our beta user program.

This maintenance release includes several fixes to new and existing functionality. It's strongly recommended that all customers considering an upgrade to version 9 leverage this release to benefit from the latest updates.

The update to this cloud identity connector allows service providers to easily capture default user profile attributes, including ones using scope permissions together with multivalued attributes. The update also includes improved error handling, support for SLO using PingFederate 9.0 and bug fixes.

The integration kit now supports SharePoint 2016, in addition to its previous support for SharePoint 2013—with no adapter upgrade required. Enterprises using SharePoint People Picker can leverage this integration kit to query one or more LDAP user stores, when granting permissions to SharePoint applications.

Enterprises leveraging the Symantec VIP platform in conjunction with PingFederate can now enable delivery of a one-time passcode over SMS or voice. This allows customers to provide their workforce with more flexibility in the authentication methods offered to users on the Symantec VIP platform.

PingFederate® 9.0.1 is a cumulative maintenance release for PingFederate 9.0, which introduced many new features, such as adaptive clustering, OAuth dynamic client registration, LDAP directory for OAuth client storage, cross-origin resource sharing (CORS) for OAuth endpoints, consumer authentication, registration and profile management. It's recommended that all customers upgrade to this release who are running PingFederate 9.0 or looking to upgrade from previous versions.

PingFederate customers are now able to fine-tune policy decisions based on mobile device posture retrieved from Intune, mitigating risks from personal device use and BYOD initiatives in the workplace. Posture information includes context around corporate ownership and policy compliance.

For product updates prior to 2018, please visit our PingFederate Release Notes.

The PingFederate Atlassian Integration Kit 2.0 provides compatibility updates for the latest Atlassian platforms. The integration kit is a Jira and Confluence plugin that offers an administrative console for configuring single sign-on (SSO) properties that uses Atlassian’s Seraph authentication API to authorize SSO transactions.

This integration helps streamline the adoption of zero trust security models including strongly authenticating users, checking for updates to their group memberships, and enforcing security policies at both the network and application. Leveraging this integration with PingFederate and PingOne for Enterprise, organizations can now automatically terminate user sessions leveraging real time user and group provisioning to Zscaler’s Private Access solution.

PingFederate and PingOne for Enterprise now support rapid integration to Code42's data security solutions through the use of a SCIM connector.  This connector enables administrators to automate the create, update and disable user functions, and also support single sign on initiated at the service provider.

The updated administrative console provides admins with a more user friendly experience including the ability to reach menu items faster. It includes new shortcuts to common configurations, a search bar and helpful links that guide you and your PingFederate administrators to many tasks much easier. In addition, you can now enable single sign-on into the console by configuring PingFederate itself as the OpenID Provider.

Newly registered end user customers can now be directly logged in with an authentication session, allowing them to access all desired applications without a login event. Additionally, the authentication API now allows existing end user customers to login entirely within your web and mobile applications without the need for HTTP redirects. For employees, the new Atlassian Cloud Connector enables an enterprise to easily provision users and groups to Atlassian Access.

PingFederate 10.0.4 is a maintenance release of version 10.0; this maintenance release includes several fixes to existing functionality. For customers who want to stay with version 10.0, it is recommended that they upgrade to this maintenance release.

Includes adding localization support for end user facing pages, SMS messages and Push notifications. In addition, the admin now has the ability to select a default authentication method or give end-users an option to select their preference. In use cases where the end user already has a one-time passcode from outside the adapter flow, the adapter skips the UI prompt and authenticates the user seamlessly.

Several following products have been published as certified integrations with Citrix. Citrix Virtual Desktops (XenDesktop), Citrix ADC (NetScaler ADC), Citrix Workspace, Citrix Virtual Apps (XenApp), Citrix Content Collaboration, Citrix Gateway (NetScaler Gateway).

The updated provisioning connector includes added support for the Orlando version of ServiceNow and added the ServiceNow URL field and removed the ServiceNow Instance Name field. This kit allows PingFederate or PingOne to integrate with ServiceNow for user provisioning and single sign-on.

This kit allows PingFederate to provide a lightweight MFA solution for customers that have PII or FedRAMP Moderate / AAL2 requirements and are unable to use our preferred PingID MFA solution due to their specific requirements.

The updated integration kit now supports retrieving either the security posture for the authenticating user’s current device or all devices associated with that user. This is now configurable within the adapter setup.