PingOne for Enterprise
You can now set entire admin SSO groups to "read-only" instead of setting administrators to be read-only one by one. A new admin role for PingID is also available, with reduced permissions for end users who don’t need access to sensitive information. Additionally, if your organization disables third-party cookies for enhanced privacy, you can use the new redirect-based SLO flow to ensure compatibility with your cookie settings.
PingOne for Enterprise's identity bridge to Active Directory, AD Connect 4.0.1, now supports non-string data types sent during single sign-on.
Global Administrators can now delegate the administration of their applications to specific individuals to allow them to manage application configuration, access policy and run application specific transaction reports. These capabilities increase enterprise agility by removing identity as a bottleneck and enabling application self service capabilities for application owners.
PingOne for Enterprise eases administration with improved OIDC support. When the default OIDC scopes and claims are insufficient, admins can now define custom scopes and claims (attributes) for their apps.
PingOne for Enterprise administrators can now select from two subscription options to receive audit events surrounding end users and their respective authentication events. “Push” subscriptions allow audit events to be continuously streamed to an external service such as Splunk. “Poll” subscriptions allow clients to retrieve event data through an API on an as-needed basis in configurable blocks of records.
Administrators can now leverage any SAML identity provider (IdP) to sign into the PingOne SSO for SaaS Apps Admin Portal. Instead of managing local administrator accounts, admins can sign in through their organization's identity provider with roles determined by group membership. Additionally, administrators in both PingOne for Enterprise and PingOne SSO for SaaS Apps can manage email notification settings for certificate alerts.
From the PingOne admin portal, PingOne for Enterprise administrators now can access and manage their subscriptions for audit streaming, which increases administrator visibility into transactional audit events.
With OAuth client access now supported, PingOne for Enterprise admins can provide security teams with greater visibility into event data without adding additional admins. Dedicated OAuth clients can be created to retrieve subscription events such as actions, resources, clients and authentication results from the PingOne for Enterprise reporting API.
The Salesforce Connector 7.0 allows PingOne for Enterprise customers to build on existing integrations to Salesforce with new support for provisioning to the Salesforce Community Cloud as well as the ability to create connections to custom Salesforce Domains. The release also reduces administrative efforts with the ability to create multiple Salesforce connections in a single PingOne for Enterprise instance and by adding support for the latest version of the Salesforce REST API (v46).
Ping Identity is pleased to announce the PingOne for Enterprise Free Trial program. Now you can try our cloud-based IDaaS SSO and directory solution free for 30 days. With PingOne for Enterprise customers can quickly and easily provide secure access to SaaS and cloud applications.
PingOne for Enterprise now supports the OpenID Connect (OIDC) protocol for application integration via code, implicit and hybrid flows. With this integration, OIDC standard-based applications are now treated identically to SAML applications and can be made available on the PingOne dock and selectable in access and authentication policies.
If you have an authentication policy in place for your PingOne account, when you add an application to PingOne, you now have the option to require that each time a user accesses the application, they must use multi-factor authentication (MFA).
PingOne SSO for SaaS Applications now provides administrators better visibility into their customers’ SSO transactional activity with new summary reports and the ability to filter transactional SSO events by customer tenant or application name.
PingOne for Enterprise administrators can now create custom application categories to be displayed on the dock. Categorize applications in a way that makes the most sense for your organization, such as grouping apps for new hires under an "Onboarding" category or grouping apps that require a VPN under a custom "VPN-only" category. Administrators can also configure localization for new categories in all supported languages.
The PingOne for Enterprise directory now supports the use of all user attributes in SSO attribute mappings, allowing for additional user information to be sent to service providers during SSO. Also, admins can now set a signing certificate as the default for new connections. This streamlines the configuration process for new connections by automatically selecting the default certificate during the setup process.
Administrators using PingOne Directory or AD connect as their IdP can now customize the branding for login and password reset screens, while those leveraging PingOne Directory can customize branding for self service registration. In addition, administrators can also leverage new SSO reports, which include the ability to filter transactional events by application name instead of viewing all transactions in aggregate. Finally, administrators can now assign multiple groups to administrative roles for the purpose of SSO to the PingOne admin portal from the PingOne dock.
PingOne for Enterprise (P14E) administrators can now specify optional parameters for the authentication request PingOne sends to an OpenID Provider. Admins can streamline session management and configuration now that the P14E dock shares the same session lifetime as the PingOne SSO session, which can be set to as low as 15 minutes. We also added Turkish language support to the end-user interface.
When you add an application to PingOne for Enterprise and use advanced attribute mapping to map your identity provider attributes to service provider attributes, you'll now find settings for random and hash functions. The hash function takes a literal string or attribute value. The random function generates a random string of a specified length. Both functions optionally hash the string using the selected algorithm (MD5, SHA-1, SHA-256) and encode the string using the selected encoder (hex, base64).
PingOne SSO for SaaS Apps admins can now use the Customer Connections API to automate the creation of new connections to applications without the need for manual steps, accelerating onboarding and preventing configuration errors. All functionality is now available through the API, including features that were previously limited to the admin console such as multiplexing and single logout (SLO) settings.
The new PingOne GitHub and Lucid Chart Connectors enable enterprises to set up SSO and reduce administrative efforts by offering quick connection templates for provisioning users and groups.
PingOne for Enterprise administrators can now authenticate end users through OpenID Connect identity repositories. In addition, PingOne SSO for SaaS Apps administrators can now manage partner identity repositories, provide access to applications from a private catalog, enable access to a partner PingOne dock and apply MFA policies to sensitive applications.
We eased integration with Azure and ADFS by adding them as new identity provider options. Admins also now have the ability to do attribute mapping as a part of any identity provider setup. For Azure AD, you can also synchronize groups for SSO access control.
We are pleased to announce PingOne for Customers, an Identity as a Service offering built for developers, that provides API-based identity services for customer-facing apps. It helps large enterprises launch apps faster, replace custom identity services that are difficult to maintain, and facilitate the transition from on-premises deployments to cloud-hosted services.
Adding applications leveraging the OIDC protocol just got easier, with a setup wizard providing guidance for administrators during configuration. Once admins select the specific OIDC application type to configure, subsequent steps are then tailored to that application type (e.g. web, native, single page). Additionally, OIDC applications registered in PingOne for Enterprise can now be configured with a single logout (SLO) option which enables PingOne to trigger a logout action in the application.
PingOne for Enterprise introduces significant features to ease administration and improve user experience. The latest release expands the administrative auditing features to now support both partner and PingID use cases, in addition to workforce. We improved administrative ease of use of PingOne as an OIDC relying party by changing the way user attributes are mapped and updating the OIDC application wizard and summary screen. Also, PingOne for Enterprise now provides a more convenient, secure user experience by supporting OIDC Identity Provider single logout (SLO).
For product updates prior to 2018, please use the button below.
PingOne SSO for SaaS Apps administrators are now able to update and manage certificates. They now have access to several tools to visualize and manage certificates used by their applications and connected customer identity providers. It allows for more flexibility and control with the ability to create new signing certificates, rotate existing certificates and see which applications and customers are using certificates that are expiring or have expired.
PingOne for Enterprise now supports additional branding and customization options to present a more seamless user experience. All aspects of a user journey can be customized with an organization’s logo and theme. This includes dock, hosted login & password reset, identity provider (IdP) discovery, logout and error screens.
PingOne for Enterprise now supports additional user attributes within the Workplace by FacebookTM provisioner. In order to take advantage of the new provisioner features, you will need to edit the SaaS provisioning connector.
For more information, see the PingFederate Workplace by Facebook Connector Guide 1.7.
PingOne for Enterprise eases administration with improved OIDC support. When the default OIDC scopes and claims are insufficient, admins can now define custom scopes and attributes for their apps.
For added security, PingOne for Enterprise adds an option when configuring SAML applications to enable encryption of the SAML response sent from PingOne to the service providers.
The PingOne for Enterprise AWS provisioner has been updated to support the AWS 2.0 API, including the provisioning of the Password and PasswordResetRequired attributes, as well as for updating the UserName attribute.
PingOne SSO for SaaS Apps administrators can now view a report that summarizes the total active user counts for each of their customers. Combined with the existing per-application summaries, this provides a complete picture of each IdP customer's usage and allows for flexibility in how PingOne SSO for SaaS Apps administrators measure that usage. The new "SSO User Count" summary can be found in the admin portal alongside the existing reports, under Dashboard > Reporting.