Authentication and single sign-on authority

get the datasheet watch the video
what it does

Connect Everyone to Everything With Federated SSO

PingFederate is an enterprise federation server that enables user authentication and single sign-on. It serves as a global authentication authority that allows employees, customers and partners to securely access all the applications they need from any device. PingFederate easily integrates with applications across the enterprise, third-party authentication sources, diverse user directories and existing IAM systems, all while supporting current and past versions of identity standards like OAuth, OpenID Connect, SAML and WS-Federation. And it can be deployed on-premises or in the cloud, so you can support today’s needs and future-proof your business for tomorrow’s requirements.

Get the datasheet
what it does

Secure & Convenient

Authentication for Enterprise

In today’s complex enterprise environment, balancing security and convenience is tricky. To give users access to the resources they need, PingFederate helps you provide seamless access to data and applications without the hassle of multiple sign-ons and passwords, which boosts employee productivity and makes customer experiences more convenient. At the same time, you can do away with insecure password practices that put your business at risk of a data breach and cost you money on password-related support. With automated provisioning capabilities, MFA support, user self-service features and more, you can enhance both security and convenience at the same time.

what it does

Intuitive Customer Experiences

Customers interact with brands using a variety of channels and devices. They won’t tolerate friction or having to use separate sets of credentials to register or sign on to your digital properties. Unlike employees who are provisioned, customers must be able to self-register and sign on in a way that’s both convenient and secure. If they can’t, you risk losing their business to a competitor.

To provide more intuitive customer experiences, PingFederate provides consistent sign-on and registration experiences across channels, with out-of-the-box templates for user registration and profile management. There are also social and third-party sign-on features like account linking capabilities to help you augment your customers’ user profiles with information collected from the linked account. Authentication APIs also allow you to directly embed authentication identity services into your own apps. PingFederate ensures that users can always access your digital properties with customizable self-service password reset and account unlocking workflows.

get the white paper
how it does it

Authentication With Intelligence

In situations where passwords are not sufficient, such as providing access to high-risk transactions and sensitive applications and data, PingFederate can require MFA to further reduce risk. It analyzes user behavior using artificial intelligence and machine learning to achieve the level of confidence you need to give users access to resources. It also learns user behavior to calculate a risk score so you can apply the right level of authentication based on your defined policies.


Now you can optimize user experience and security by allowing lower-value transactions to occur without interruption while promoting MFA as needed to ensure trust for high-value transactions and sensitive apps and data.


how it does it

Orchestrate Authentication Workflows

PingFederate provides easy-to-use configuration options that help IAM administrators implement complex authentication requirements. Admins can configure PingFederate to evaluate the conditions of user requests and orchestrate authentication workflows. This is done by using our visual workflow editor in the PingFederate admin UI. There are many out-of-the-box options to evaluate request context like device posture, authentication method enrollment and target application to determine the required sequence of authentication methods. And even more customization is possible using the PingFederate SDK.

how it does it

Identity Federation 

Built for Enterprise

As an authentication authority, PingFederate provides policy-driven adaptive authentication by aggregating user and device context to centralize control over authentication and SSO. Enterprises with numerous sources of identity and multiple generations of applications and infrastructure need to orchestrate complex authentication flows. PingFederate can leverage multiple authentication sources simultaneously, using adapters and selectors that fulfill various policy requirements application by application depending on user and device context.


To further extend access to resources, PingFederate can also manipulate, mask and provision identity attributes to a diverse range of service providers. Extensive administrative APIs allow enterprises to develop self-service portals to accelerate the implementation of identity services in new applications. All of these capabilities allow PingFederate to operate as a versatile identity federation hub, providing secure access to any authorized resource for every trusted user, no matter where identities are stored or what authentication type is required.

learn about federation
how it does it

Self-service App Integration

Setting up a global authentication authority is a major undertaking, but IAM administrators don’t have to go it alone. You can improve speed and agility across your business with a self-service portal that allows application owners to integrate their own apps and consume IAM services. PingCentral is a converged operating portal that adds a self-service layer for PingFederate and solves common tasks across the Ping Intelligent Identity™ platform. 


Using simple workflows and standard templates for common authentication and SSO configurations, delegated administrators can onboard and manage their own apps without needing IAM expertise. PingCentral also provides orchestration automation, lifecycle management and central monitoring for all SSO clients and connections, as well as PingFederate environment tiers. Your internal business customers can leverage centralized IAM services to launch new apps and APIs with confidence.

how it does it

Extensibility That's Built on

Open Standards

With comprehensive support for modern identity standards, PingFederate can easily integrate with your existing infrastructure. From pre-built adapters and provisioners to a wide variety of integration kits, PingFederate makes it easy to provide authentication and secure SSO across your existing applications and resources. And you’ll have those connections in hours or days, not weeks or months—even including those hard-to-integrate internal applications. It integrates with thousands of applications, platforms and protocols, including:



  • All major web application servers and virtualization platforms.

  • Thousands of certified IAM integrations like Office 365 and Azure AD Connect.

  • Hundreds of commercial enterprise applications.

  • Legacy web access management solutions from CA, Oracle and IBM.

  • Directory servers from Microsoft and Oracle.

  • MDM providers like AirWatch, MobileIron and Microsoft InTune.

  • Multi-factor authentication services like PingID, Duo and more.


see all integrations
how it does it

Automation in a Hybrid IT World

You can deploy PingFederate in your own datacenter or in the cloud to support hybrid IT environments, and you can realize value faster by leveraging Docker images and cloud containerization. This provides flexibility to enterprises who prefer the control and customization possible from a single-tenant implementation of PingFederate in their private cloud, instead of a multi-tenant IDaaS approach. PingFederate also supports adaptive clustering, which can be orchestrated in cloud environments to provide auto-scaling, helping to accommodate fluctuating demand and minimize costs.

the proof

Equinix Boosts Employee Productivity With SSO


Equinix has a large diversity of applications, and the number of passwords and logins was getting in the way of mobile employee productivity. In addition, the time and cost to add new applications was much more than the company needed to remain competitive.



After implementing PingFederate, 56% of employees accessed applications through SSO on day one. And in just a few weeks, Equinix discovered that their employees were saving hundreds of hours in time by not dealing with logins and passwords. The flexible federation server allowed them to connect all of their mission-critical apps, even legacy apps.


Read Full Story more stories

Download the PingFederate datasheet or contact us to learn more. 

Take the Next Step

See how Ping can help you stay ahead of the curve in a rapidly evolving digital world.