a good thing!
PingOne for Customers
PingOne for Customers now supports integration with other IdPs as “authoritative identity providers.” This enables admins to automatically provision identities and register users who sign in with another IdP without requiring additional registration. This also enables admins to leverage policies from other IdPs, as an example using PingFederate for advanced authentication policy requirements when desired.
PingOne for Customers now supports group based access control to simplify access management for customer facing applications. Groups can be static with manual additions and removals, or dynamic leveraging a SCIM filter to determine which users should be included in each group. Additionally, PingOne for Customers has added out of the box integrations for single sign-on and provisioning to over 300 newly added SaaS applications.
You can now provide customers with the ability to login with third-party authenticator applications, such as Google Authenticator or Microsoft Authenticator. These authenticator apps provide secure access through time-based one-time passcodes (TOTP), which can be used for passwordless login or multi-factor authentication. Separately, to prevent privilege escalation, admins can no longer change or reset passwords for users with higher level access rights.
PingOne for Customers now supports registration, account linking and login with GitHub, Microsoft, PayPal, and Yahoo as external identity providers. Admins also now have more control over self service profile management, with the ability to determine fields that should be read-only such as loyalty card numbers and entitlements, and which should be editable by customers such as name and address.
The new unified PingOne solution home page provides a birds-eye view not just of PingOne for Customers, but all your deployed Ping products including PingID and cloud software products like PingFederate or PingDirectory. This cross-environment, cross-product view, launches each administrative console with a single click and features relevant documentation to help set up and use the products you've selected. Now admins can accomplish common IAM tasks across multiple Ping products more efficiently and effectively.
PingOne for Customers now supports transaction approvals within your customer facing mobile application. Push notifications can be customized with relevant transaction details, which end user customers can view before approving or denying transactions. Support has also been added for using your organization's Twilio account for SMS notifications, in addition to Ping Identity’s Twilio account.
PingOne for Customers now provides an interface for third-party SIEM systems to subscribe to PingOne audit activity events. Administrators can use this feature to oversee user and administrator activity and integrate with other monitoring tools. When an event of interest occurs in PingOne, the event can be pushed to SIEM systems such as Splunk, New Relic, and more.
Administrators can now prompt customers for an identifier, such as a username, without requiring additional information prior to routing them to the most appropriate Identity Provider for authentication. This "identifier first" capability creates a more frictionless experience as IdP discovery rules determine whether users should authenticate locally with PingOne for Customers or if authentication should be delegated to a trusted external identity provider.
The IP reputation rule uses intelligent identity to categorize IP addresses as low, medium or high risk, while allowing administrators to create specific authentication outcomes based on the level of risk. Additionally, the Impossible Travel Velocity rule evaluates the time and distance from a user's login attempt against subsequent login attempts in a different location to detect and block fraudulent activity. For example, if a user logs in from New York and then attempts to log in from Moscow 30 minutes later, the fraudulent login attempt would be detected and the user could be denied access.
PingOne now supports LinkedIn as an external identity provider (IdP). Your users can now register, link, and sign on using their LinkedIn accounts. Also, custom domain names are supported which allow customers to use their organization’s name in the web-based user interface which can further promote your brand.
Enterprises located in Australia and Asia Pacific can now take advantage of improved performance, reduced latency and regional compliance benefits with a newly added Ping datacenter instance. The ability to deploy to different regions can enable a range of data sovereignty and other regulatory requirements.
PingOne for Customers now supports a bring-your-own SMTP server, enabling administrators to customize the From/From Name and Reply-To/Reply-To Name elements seen by customers receiving email notifications. This customization reinforces trust that emails sent from your organization are legitimate, while ensuring those emails pass through verification processes such as SPF and DKIM.
The integration contains data store and password credential validator allowing PingFederate to retrieve user attributes from PingOne for Customers and validate user credentials when a user signs on. Additionally, Provisioning Connector allowing PingFederate to manage users between your on-premises user directory and PingOne for Customers (Outbound Provisioning).
Strong authentication in the form of push notifications can now be embedded right into your custom mobile applications to allow for a more user friendly and secure login option. Rather than depending upon your end users to download a third-party authentication app or using SMS and email one time passcodes. You can make authentication both easier and more secure via push notifications to a trusted device.
The solution now provides easier ways to access your applications including social login via Facebook. Inbound SAML federation is also now supported, allowing customers, business partners, and employees to use existing credentials for login.
PingOne for Customers has added a dedicated data center in Frankfurt, Germany. Enterprises can ensure that users added to that EU data center will be isolated from other parts of the world to help ensure compliance with data sovereignty and regulations such as GDPR.
PingOne for Customers has added new Python sample apps to help you get up and running even faster. By signing up for a trial and pasting in a few variables from your admin console, you can be live with a custom Python login and registration form in minutes.
With two new sample applications for React, additional end user self-service UIs, and an authentication heat map built right into the admin console, PingOne for Customers continues to take steps to make developer experiences even easier.
Ping Identity is excited to announce the availability of passwordless authentication flows in PingOne for Customers. Now you can bypass the password entirely, instead relying solely on other authentication factors, such as SMS or email OTPs. In addition, attribute-driven MFA policies, custom attributes in SAML assertions, and much more are all packed into the latest release. All SaaS-delivered via developer-friendly APIs.
PingOne for Customers is making it easier to integrate with PingFederate and PingDirectory. These integrations include a PingFederate integration kit that allows PingFederate to use PingOne for Customers as an IdP. In PingOne for Customers, we also added bidirectional synchronization capabilities with PingDirectory. Now you can facilitate your transition to the cloud while ensuring coexistence with you on-premises identity infrastructure.
In December, Ping announced general availability of our new IDaaS platform, PingOne for Customers. This brings identity as a service (IDaaS) to a host of use cases for development teams building mobile and web applications for their customers where they need identity security at a fraction of the time and cost of building it themselves. Key features include an authentication API, extensible user store, OIDC and SAML support, additional security with Email and SMS OTP, and integrations with Ping software to enable hybrid architectures.
We are pleased to announce PingOne for Customers, an Identity as a Service offering built for developers, that provides API-based identity services for customer-facing apps. It helps large enterprises launch apps faster, replace custom identity services that are difficult to maintain, and facilitate the transition from on-premises deployments to cloud-hosted services.
This early access release includes a new way to create end user registration experiences. Admins can now use a drag-and-drop, low-code interface to build registration policies and use logic to branch experiences. For example, admins can now create visual policies that include an option for users to register an MFA device during account creation.