Ping IdentityとForgeRockが合併

Welcome.
I'm Andre Duran, Founder and CEO of Ping Identity.
And I wanted to take an opportunity to share with all of you what we've shared around the globe over the course of the last month.
As we visited our customers in 24 cities around the globe.
Here, I want to talk a little bit about all the things that now become available, uh, to our Customers and to future customers as a result of two great companies coming together over the course of the last 7 months.
And I wanted to start with a commitment that is Very, very important, uh, to really all of our existing customers.
And that is no matter where you begin your journey with PayiD over the course of the last 5 to 20 years, or with ForgeRock and the Forge Rock platform over the course of the last 12 Years, I wanted you to know that you are safe with those investments.
And that really what we're building is a roadmap to the future, Where we are leveraging the strengths of both of these organizations to deliver more value to You as our enterprise.
Customers going forward.
We're super excited about this future, just incredible potential.
We look forward to working with all of you.
We want to hear your ideas.
We have many customers who have actually over the years on one side or the other, Leveraged ForgeRock or UM simultaneously Leveraged Ping, And now we're seeing all sorts of new opportunities to integrate and pre-integrate These capabilities deliver more value, more value to you faster.
Thank you.

Welcome.
I'm Andre Durand, founder and CEO of Ping Identity.
And I wanted to take an opportunity to share With all of you, what we've shared around the Globe over the course of the last month as we Visited our customers in 24 cities around the globe.
It's obviously very exciting times for Ping and for ForDrop combined.
And we've had a lot of questions, concerns, and excitement around the roadmap of Ping.
Uh, and the purpose of today is to share that roadmap with you.
Ping is a mission-driven company with a strong belief system.
And for the better part of the last 20 years, it has been our belief that identity is the Center of Security.
And really the first impression that many of your customers and employees will have of you As an organization.
Now, we know our world through COVID-19 has changed, and people are more distributed than Ever before.
Enabling security for this remote workforce, Applications going to the cloud has created certainly a very large set of challenges for Securing your employee base in your workforce.
And on the other end, we recognize that all things digital and digital channels, um, have Changed post-COVID.
And in the digital world, uh, you compete in keystrokes and milliseconds, Not miles and minutes.
So having a strong Identity foundation as the center of your security program, We think sets companies up for success in the future.
One of our other beliefs is that there is a strong connection between Um, Being secure and feeling secure.
And the freedom to explore our world.
Now, both physically and digitally, When we come across situations where the environment is not safe, Our world becomes small, and we lose the freedom to explore.
We're observing that happening globally, right now, physically.
But the same parallel exists in the digital world, the freedom to explore our digital world.
It is our belief that the integrity of identity.
And the security that we provide to end users as they engage with you in online transactions is paramount to keep our world uh open into the future.
We have the pleasure really and honor of partnering with over 22,400 customers globally.
We protect over 8 billion accounts.
This is across every vertical healthcare, financial services, Retail, manufacturing, governments.
We protect about 65% of our business is customer facing and about 45% of Our business is workforce or employee or B2B facing.
And about 25% of our customers have leveraged PingOne and our platform as a foundation for both The customer and the workforce use cases.
So we're deeply honored by that.
Here, I want to talk a little about all the things that now become available to us Customers and to future customers as a result of two great companies coming together over the Course of the last 7 months.
So, Ping and ForgeRock, I'm gonna highlight some of the details, um, of the decisions that We're making, so that you can make uh better decisions moving forward.
And I wanted to start with a commitment that is very, very important to really all of our Existing customers.
And that is no matter where you began your journey with paying over the course of last 5 to 20 years, or with ForgeRock and the Forge Rock platform over the course of the last 12 Years, I wanted you to know that you are safe with those investments, and that really what We're building is a roadmap to the future.
Where we are leveraging the strengths of both of these organizations to deliver more value to You as our enterprise customers going forward.
And I will share in a bit more detail what I mean by there is a commitment to support and to innovate going forward on all the core platforms that you've made, uh, an investment in.
So, here, I kinda want to highlight what the options are, uh, for new customers coming forward that are choosing Ping Uh as a foundation of their identity security, As well as for existing customers, and just start to differentiate why there hasn’t been One size fits all in the Global 2000 market.
So, I thought I would begin with PingOne and our multi-tenant SaaS offering.
Uh, and I'll discuss this in a little bit.
This is all about how do we deliver.
Um, enterprise-grade identity and access management, where speed and ease of use and Lower, lowest cost of ownership is a primary, um, desire by customers.
In addition to that, we have a rich, uh, really tradition of serving large Enterprises with world-class mission-critical software.
This is high-performance software that many of you have deployed in your data center.
Over the course of the last 5 years or so, you might have taken advantage of our DevOps Program and deployed our software into one or more of the public clouds, Or maybe you're running our software on-prem and in the public cloud.
There hasn't been one size fits all.
So, if you were on the Ping side, think Ping Directory, PingFederate, Ping Access, Ping Authorized, and on the ForgeRock side, ForgeRock Identity Management and Access Management and Governance.
We know that you've made substantial investments in that software and deployment Over the course of the last several years.
We know many of you are making decisions about partnerships well into the future.
Think ideally 5 to 10 years in the future that programs and security and user experience all Builds upon the decisions of a partner and a vendor that serves you with these critical Functions.
We recognize that the original design goals Of these different capabilities that we've delivered collectively between the two Companies, they really weren't all the same.
So, as we said, one of the design goals for PingOne, Our multi-tenant SaaS platform was how we deliver identity and access management in the Cloud, where the goal is maximum, you know, ease of use for administrators.
Um, I wanna get up and running, I wanna configure, I wanna consume, Um, modern Open standards.
I wanna get away from some of the um legacy and custom code that we've had in the past, And really use the shift to the cloud as an opportunity to modernize our approach.
Ping software, if you go back to 2003, 2004, kind of beginning with PingFederate.
Our design goal there was how do we deliver a best-of-breed capability for Authentication and Open standard single sign-on that we sell to IT where the goal is to set this Capability up, configure it, and run it, and forget about it.
So, it's really about config and forget, if you will.
Enterprise-scale performance and resiliency.
But sold to IT and Configuration and kind of quiet operation was the design goal.
And if you look at the 4Drop platform and the history coming from Sun.
The vision here was how do we deliver a complete end-to-end identity and access Management platform capability that is highly customizable, highly extensible, and gives maximum control for companies to operate this critical infrastructure in their own environments.
So, all of these are valid preferences in the market.
And companies as they evaluated what their choices are, Depending on what their preference is, what was most important to them, Many of you chose one of these UM platforms, if you will, To develop the core of your identity and access management program.
And they are all valid going into the future.
Also, I just wanted to say, uh, and to back up this comment that, That says, these all have a place in the global 2000 enterprise.
We are seeing, uh, um, really kind of a, the pendulum swing over the course of the last Couple of years, especially internationally.
The recognition that identity is critical infrastructure and the need to control that Critical infrastructure, especially as it deploys in the cloud, and especially internationally driven partly by sovereignty of data, Now being driven by a recognition that identity is critical infrastructure.
Where that critical infrastructure is running, uh, is coming under the scrutiny of regulators.
So there is a trend now globally that says, in certain industries, Highly regulated industries, or certain jurisdictions where identity is trending Towards critical infrastructure, a need to have full control over where that is deployed and Who runs it is driving, you know, I, I would say a diversity in deployment options.
And what I'm so excited about is that the combination of Ping and ForgeRock.
Now, if you play that trend forward, on the one end, we have, It's about modernize, get to the cloud, let's Get there as quickly as we can.
Let's outsource infrastructure management to a provider.
Let's get it at the lowest cost.
That's one extreme.
And on the other end, we have a push, Like I said, especially internationally driven by privacy regulation and critical Infrastructure mandates.
To, hey, we need to control this.
We need to know where this is deployed in the cloud.
And we want full control over this infrastructure.
Both extremely valid, they play out to the preferences of a global market.
If you look at the capabilities now that fall into these 3 buckets.
And I want you to hone in on the first icon on each.
You'll see Core Access Services, Directory, Authentication, Federated Single Sign-On.
You notice they're all the same.
When I make the comment about supporting all critical Core Services, I'm really referring to those.
We have UM at Ping now, and in combination with ForgeRock.
Three incredible capabilities in those buckets.
We recognize that there is some overlap, but I also want to say, Each one of these over the course years have become mature and, frankly, Um, very profitable as well.
So, when we make a comment that says, we are, you know, We are not looking to deprecate one of these in favor of another, We'll back that up by saying it's simply good business.
We know that enterprises have made significant investments.
In their choice and in the integration of these core Services, They want to build into the future on those core services.
It is simply good business for Ping to support those customers now globally.
Build a roadmap to the future that takes advantage of our unique capabilities here Two companies, but not, say, pull the rug out from underneath choices or decisions that You've made in the past.
For about the next um year or so.
One of our focuses is how do we unlock the potential for customers that might have come from um traditional Ping or traditional Forge Rock, who now see a growing set of Capabilities that are of interest to them with the Platform view, And how do we unlock the ability for those customers to consume those services.
So, we're spending a lot of time on integrations and pre-integrations, and solutioning.
Our capabilities so that our customers can take advantage of these new capabilities out-of-the Box with good documentation, well supported, you know, By our teams, by Customer Success, and by support.
And so I'll give you some examples of that.
So, for example, If you have been a, uh, a long-standing PingFederate customer, And you're using that as the core of your single sign-on program or federated Authentication, and we have, you know, 1,000+ large enterprises that are doing just that.
All of a sudden now, in the combination of these companies, There are some additional options to you that weren't available to you before.
So, one of those options is the ability to put orchestration, so that you can orchestrate your Authentication and registration journeys with P Fed.
Now you can deploy that orchestration as software on-premises or self-managed in one or more of your clouds of choice.
Prior to that, Ping had DaVinci, but DaVinci is SaaS only.
So the option now to own and control the orchestration engine is new and do that, uh in a Mission critical way, in a high-performance way where the orchestration and your authentication is being done in very close proximity, not making calls out to the cloud.
Another example of an opportunity here is in identity and access management, Governance, and on-prem MFA.
These are all capabilities now that ForgeRock Brings to Ping customers who are new.
If you've been with Ping, you've known, we followed the Authentication maturity journey.
We started with standards-based single sign-on, moved to MFA so everyone's strongly Authenticated, add risk signals to make the authentication disappear.
To, uh, eliminate MFA fatigue and frankly, provide better security and better user Experience.
Now, we're moving into the FTO2 Passkeys and Password list journey.
Beyond that, I'm sure we'll find new techniques.
In recognition through biometrics.
But we follow the authentication journey, and we largely haven't played in the identity Management, the life cycle management, all the work that goes into onboarding identities from Your HR system into a central IT hub place to manage all the things you Need to do, roles, permissions, Entitlements, the mapping of those, The provisioning of those applications within your environment.
And then extending that to the possibility, to also consume governance services on Top of your access control program and your identity management.
All these things are essentially new to Ping customers, and they are all very mature capabilities.
Likewise, if you've been a ForgeRock customer for years, and you're running Core Access Services of Access Management and Identity Management or Orchestration, you can now take advantage of some of the universal services that we have in PingOne.
You can layer our risk and fraud signals, Referred to as Protect into your authentication policies to do adaptive authentication.
Step up, step down, just let the user in.
You can leverage our new identity verification services.
So you could, uh, in essence, verify a person's real identity prior to enrolling them in strong Authentication.
Our new services, such as Credentials and Fine-grained authorization are all capabilities that Ping has invested in over the course of The last, you know, really 5 years or so that are unique to the uh ForgeRock customer base.
Rolling forward here a little bit, there has been a pattern that Ping has developed that's been immensely successful with our customers, and we want to extend that now to the ForgeRock Customer base.
And that is the notion of these universal SaaS Services that can layer into the use cases and solutions of our software Deployed wherever our customers want to deploy that.
Uh, and you'll notice one of these, if you kind of move between these 21 of the things we will be doing is moving some of the Identity Management capabilities of the ForgeRock platform and bringing them up natively into our multi-tenant SaaS, Uh, PingOne.
So, the ability to consume those services.
On top of software, no matter where our software is running, On-prem, in the cloud, in multiple clouds, in hybrid, that is a pattern that we have 1,000+ customers using, we will extend that to 4 Dr.
All right.
Now, let me get a little more specific About some of the changes and the portfolio is both broad and deep at Ping.
Uh, I'm gonna cover several of maybe some of the most important areas.
And I wanted to start with orchestration.
And make the comment that both DaVinci, which is offered on Penguin Assass, and trees, which is a part of Access-Management-AM, both are strategic to the company Long term, for really two reasons.
One is that Trees provides an on-prem or a software version of Orchestration.
And to many of our large customers, that are Running Authentication as Mission Critical Infrastructure, They Want Full Control Over the Journeys that they're creating on top of authentication.
Full control is in control of the infrastructure.
So, point number 1 is having an orchestration engine that can run where customers want to run It fully in their control is highly strategic, again, to the Global 2000 market.
The second point is that the two orchestration engines were focused really on Different different tiers, if you will, of the problem.
So, DaVinci has always been focused on ecosystem level or universal orchestration.
Think end-to-end Zero Trust flows, where it's verification and authentication, and authorization in the intersection of authentication with identity management.
Um, really, workflows that incorporate a large swath of third-party technologies as you weave those technologies into identity.
Trees has been very, very focused on the authentication and registration journey of the ForgeRock platform.
Also extremely critical because for identities, those are, Those are a few of the most critical journeys.
So, how do we deliver high performance, Fully in your control, orchestrated authentication policies and registration Policies.
So, they operate at different levels, And they're actually very complementary.
And one of the first things we've done is we've unlocked the ability for Trees, The orchestration engine, a node to call a Da Vinci flow.
So, if there is a larger, uh, integration that you're looking for, Where PingOne DaVinci, which has thousands of connectors and pre-integrations, If you want to leverage those pre-integrations, you can call out from one orchestration engine To the other, and they operate at different levels.
The second place that we want to provide some clarity, and this falls into the category of um Core services, if you will.
Think Authentication and SSO.
Many of our customers who have been with us for a while have leveraged PingFederate for this Capability.
On the ForgeRock side, it's referred to as Access-Management-AM.
And Ping Identity over the last years has Developed a SaaS multi-tenant version we call PingOne SSO.
All three of these are mature, they're very profitable.
They all have a long-lived roadmap into the future.
Furthermore, we have really not changed any of the underlying resource, Resourcing, uh, behind these three products.
So, anything that you have experienced, Really over the course of the last several years, by way of new features and innovation of These core capabilities, um, you should expect well into the future.
So, they all have a place with our customer base.
We recognize that they are deeply embedded core services for your enterprise and centralizing Authentication.
And, uh, and we're just deeply committed to all of them going forward.
And frankly, as I said, it's just good business.
They're all mature and, and, and very profitable capabilities for us.
Another area is the Directory.
Uh, and as we said, When we, uh, first announced the acquisition.
We have between the PingDirectory and the ForgeRock directory.
Both of those Directories originated from the same code base.
This was Sun open source a dozen years ago.
The schemas have evolved over that period of time to serve the world's largest enterprises.
We have many customers.
Uh, both with traditional ForgeRock, traditional Ping, who are running this directory for Hundreds of millions of users, um, in absolutely mission-critical, Uh, use cases.
So, we've been around that on both sides of the fence.
We've experienced what it means to be a partner that services this critical capability.
We recognize that going forward, the world needs a resilient, High performance, high scale.
Uh, data store for identities.
One that our largest regulated customers can Own and control and operate.
So, for those reasons, the plan is to unify these over time.
This is gonna take us a while.
This is a complex project, as you would Imagine.
Um, but the teams have now combined, And the mandate and mission for the teams is, How do we build the world's best data Repository for the future of Identity.
And we will succeed in that, and we are starting from the two strongest products in the Market today.
I want to talk a little bit about multi-factor Authentication, and I will split this conversation into 21 is the server-side, And one is the client side or the application side that end users see.
So, let me talk first about the server side.
Both PingOne MFA, which is our SaaS multi-factor authentication service, and uh PingID, as well as ForgeRock MFA.
Both of those are strategic long-term.
Um, similar to the conversation around orchestration, ForgeRock MFA is offered as software.
So, the ability to do 2FA, email, and SMS OTP and other passwordless techniques.
If a company wants to own and control that critical service and not outsource that to a cloud vendor or to a SaaS vendor, having that deployment model is very, Very strategic and really advantageous to the certain customers who need or must own and Control that capability.
So, the plan is to continue with both of these.
Services, PingOne as SaaS only, uh, for Drock MFA as software that can be Deployed.
And now that brings us forward to the Mobile App, the MFA app.
This is the application that employees or Workforce would download from the App Store or from Android Play to do MFA.
Our plan here is over time to unify our efforts behind the PingID app.
And so, we will take the ForgeRock MFA capabilities um from the app uh Perspective, and over time, we will begin to unify that with Ping Identity.
So, effectively, there will be one application Uh for the workforce that allows them to Connect to their MFA service.
This one app, um, our, our goal really is to have that one app talk to both back ends.
So you can choose to have a backend that you run on-prem or you self-manage.
You can choose to just consume the server side, uh, as fast, And it will work with both.
We obviously want to simplify things for end Users.
Two other things just as FYIs, uh, that are Important.
One is that we have, as of this most recent Release of PingID.
We have put Verify into PingID.
So, the ability to verify a user's real Identity prior to enrolling the user in MFA, You can now do that out of the box.
In the second half of this year, we will be embedding the NOWallet, The Credential Wallet, also in the MFA app.
So that customers who want an out-of-the-box experience.
To uh exchange Verifiable Credentials, to send Those Credentials to an end user to store in a Wallet will have a place to do so.
So, one MFA app now has the ability to verify users' real identity, Enroll them into strong authentication, and take advantage of all the new and emerging Capabilities of Decentralized Identity as a single app.
Talking about risk and fraud services, uh, services.
On the Ping side, we have aggregated all of our risk and fraud signals into a service we Call PingOne Protect.
That is a growing number of signals that customers can consume for us to incorporate into their authentication policies, uh, to do adaptive authentication or contextual or Risk-based authentication.
We've had customers on the workforce side that have eliminated as much as 96% of their MFA prompts to the employees by setting their policy thresholds at appropriate levels.
And then on the customer consumer side, We've had retailers who have been able to, in essence, allow their end users to stay logged in and do a form of continuous behind the scenes authentication using our risk signals to Ensure that sessions haven't been hijacked or that the account hasn't been taken over.
And drastically improve the top line by taking advantage of what today is UM CART Abandonment.
So, the ability basically to have a long-lived Session in the retail channel improves the top line, reduces fraud, and improves the customer experience.
Now, on the ForgeRock side, there was a set of signals that ForgeRock had been working on called Autonomous IAM.
Our intent is to take those signals, Fold those signals into PingOne Protect, so that there is one signal service called PingOne One Protect for our customers for both ForgeRock and for Ping.
ForgeRock identity and access management.
This is the identity lifecycle management.
Onboarding, offboarding, provisioning, all the uh sophisticated relationship Management that exists in many of the B2B use cases, um, or supply supply chain or demand chain.
Um, this is all unique.
Ping had no capability here.
The four-draw capabilities are exceptional.
They're serving some of the most complex and many times underserved use cases of B2B, Um, where hierarchies and the relationship of B2B2C or B2B2E exist.
Uh, the four-draw capability is just outstanding.
So, our plan is strategic long-term.
Um, we will just continue with that as is.
Uh, and we will look for opportunities to bring that function natively into PingOne, So the customers who are starting their journey in the cloud with PingOne can enjoy rich, Full Identity-Management as part of their solution for the workforce side as well.
When it comes to the edge, and I'll talk about this here in just a moment, So think, think the new network edge is uh the place that is closest to the applications you're looking to protect.
So I think your API gateways, all things gateways or API, Uh, Agents, um, anything that is essentially enforcing your identity controls On applications.
Uh, including all the legacy Web Access management.
The goal here is to take the best capabilities between the two companies, Come up with a unified strategy for how companies essentially extend their identity Controls and their policies extend those applications.
Or those capabilities to their applications.
So, to summarize here, orchestration, DaVinci, trees, no change.
Uh, with the exception that there will be interoperability between the two, And that's actually rolling out right now.
The ability to call a journey or a flow from Either product and run it, so that you can take full advantage, For example, of all the, the thousands of Da Vinci connectors that we've developed from trees, or the ability to run orchestration on-prem right next to PingFed, It's gonna be no change there.
On single sign-on and authentication, whether you started the journey with PingFederate, PingOne SSO or ForgeRock Access Management, there'll be no change.
That is a solid footing from which to um begin your journey with these combined companies.
The Directory long term is to create the world's best, highly performing, Highly scalable data store for identities.
Um, we recognize that's a, that's a long mission.
You should feel comfortable on either one of these directories.
We will build an upgrade path to a better unified Directory at some point in the future.
MFA, whether you're running ForgeRock MFA or you're consuming MFA from PingOne, That will continue.
Uh, the MobileIron app over time will converge around the Ping Identity mobile app.
Risk and fraud signals will converge and unify.
Those signals will be consumable from PingOne Protect.
ForgeRock identity management, uh, as is, over time will become available in our multi-tenant SAS.
And the edge or the gateway PingAccess and the Other legacy web access management capabilities over time will become one comprehensive set of Gateway and agent capabilities to, in essence, connect applications into your IAM program.
Now, if you step back and look at the big picture, um, So those were the details now of the roadmap, you know, Kind of moving forward in a lot of critical areas.
You step back and say, the role of identity and access management is to centralize our security Controls, but get our experience and security on one end into the applications that you're, that you're rolling out to your end users.
So I think your web apps or your mobile apps.
And on the other end, it is to um ensure that your policies get enforced in a Highly performing way as close to the applications as possible.
So our strategy here is on the user side to, in essence, create a unified SDK.
Uh, a unified SDK that gets your experiences and your security, your identity security controls in Applications with developers Needing to know as little as possible.
So, no need to have a PhD.
Uh, through the APIs in order to get your experiences and identity security into apps.
And on the other end, as I said, to unify the application, uh, Gateways and agents that will get your controls into applications.
Now when you blow up the center.
Ping now has one of the most comprehensive enterprise set of capabilities from Identity life cycle management, through authentication, authorization, All the way to the governance of your identities and your access control programs.
Our platform is designed to leverage orchestration at its core.
So this notion of orchestrating user journeys and integration through orchestration is An architecture that enables future agility.
So, it doesn't just enable how quickly you can Get time to value, you know, taking 6 months of otherwise proprietary engineering and turning it into two weeks of effort.
So, it's incredibly powerful in shortening the Time to production and time to value.
But it also represents an architecture that lets you change your mind and change how Flows work and how experiences work without actually having to go back and re-customize Something.
So, it's just incredibly important.
It's architecting agility into the user journeys and experiences, And it is, um, speeding up the original integration time.
Another part of our strategy is to leverage risk and fraud signals to ensure the integrity of our Identity Control Plane.
So, to ensure the integrity of authentication, We will leverage risk and fraud signals to make sure that our trust in the identity through the Authentication is as secure as we can get it, but also as frictionless as we can get it.
If the risk signals are low, just let the user in.
If the risk signals are high, maybe a little bit more friction is warranted.
Same thing with authorization, same thing with registration, same thing with identity Verification.
So, leveraging signals to inform how the Identity Control Plane behaves to lower friction and raise security is.
Uh, is strategic to the platform.
And the last piece of this.
Is that the number of signals that are becoming available to our decisioning of this identity Control Plane is obviously growing exponential.
And the ability now to leverage not just traditional AI, The pattern recognition and machine learning on big data to see abnormalities.
But to leverage generative AI to recommend things that we might not have thought about.
Hey, we see, uh, we see an abnormality that we think could be abuse.
It could be an account takeover, rather than just alert us to that.
Uh, and then let us go, uh, discover the truth and fix it.
It can actually make recommendations.
It can say, Well, we suggest that you change your flow a certain way.
Or maybe you need to modify your policy to, to catch what's occurring here.
So, it's just a tremendous number of things that we can do with AI going forward.
Collectively, now, this is the Ping platform.
Identity and access management, access management, governance, orchestrated into beautiful Experiences, protected by a set of risk and fraud signals, Leveraging AI to make the entire platform more intelligent, more seamless, and to basically multiply the impact that our identity and access management teams can have On the security of their end users by recommending things that speed time to value.
Now, the capabilities that fall into these buckets are listed here, And I venture to say no other company serving the global organizations Offers more breadth and more depth at true enterprise scale than what you're seeing here From Ping.
And there really is something for all of us Customers looking forward.
So, if you were a traditional ForgeRock customer, All of a sudden, you can begin to leverage our identity verification for MFA enrollment, For password resets, for account takeover, you can leverage our threat signals to eliminate MFA fatigue.
Uh, or to keep sessions live in retail to reduce the cost or impact to cart abandonment.
You can leverage our Digital Credentials for a whole suite of new use cases.
I'll cover that in a minute.
You can leverage our fine-grained authorization, which is the next gen of authorization, Where we're going to centralize policy around complex decisioning and then take it out of our Applications.
We're making our, you know, Changing things gets so difficult.
Or if there's a need for more universal orchestration, where you take advantage of Thousands of different connectors that we've made to the entire ecosystems of technologies that you want to get signals from.
CrowdStrike, Chrome, Cloudflare, the new Cloud Edge, and integrate those into your Zero Trust Journeys.
You have this universal orchestration engine to Do that.
And for Ping customers, now all of a sudden, The ability to manage the entire life cycle of identities, to do rich relationship management In the B2B use case, to have on-prem MFA and password list capabilities, Um, to do on-premises orchestration.
So your orchestration of your critical Authentication flows can be highly performing and sitting right next to your single sign-on and federation capabilities, or all of the Urging, uh, Governance capabilities, taking full advantage of AI to basically see and make recommendations Where all of these manual processes and rubber stamping and certification is, Uh, taken place over the years.
We really have kind of a next-gen view of leveraging AI and all of the other intelligence and signals that we see in the real-time identity and access control site feed that into our Governance programs for better security.
Now, the technology is not the only place we're making significant investments.
We recognize that there is a wide range of success that we’ve observed, Uh, in our customer base, ranging from, uh, cloud migrations with 400,000 employees and 2,000 applications done in one year.
Uh, and maybe on the other side of the equation, You know, 5 APPs, uh, onboarded in 5 years.
And so what's the difference?
Because clearly the technology is the same.
And what we've come to appreciate is the soft skills, the support, and all the programs Around the technology are as important, if not more important than the technology itself.
Obviously, our goal is to always reduce costs, make the technology as easy to install, Deploy, integrate as possible, but these are still in the Global 2000 sophisticated programs.
So, we've made significant investments across the board.
We are investing in new support tiers because we recognize critical infrastructure, A sub-1 incidents.
It's kind of like, how do you get the person who wrote this line of code that we seem to be Having some issue with, you know, why aren't they on the phone on Saturday in 22 seconds?
And so, responding to the level of criticality now of this infrastructure has, uh, has really kind of forced us to look at what we are offering customers and say, OK, we need to up that.
Um, Customer Success, we're investing in the technical acumen of our CS organization so that We can answer more questions, get into the health checks, the reviews, and the best Practice, and do that a little bit faster than we have in the past.
Professional services, we're making a lot of investments in our Pro, Pro-Serve organization to support our partners.
Cause we're right now in the Global 2000.
It is, uh, it's a team sport.
And winning is going to take all of us, Including our partners.
So, as a partner-first organization that wants To go to market and succeed in the market with our partners, And you, we're making a lot of investments in ProServe, and how we then train, Certify, and support our partners.
Another area that, uh, that we believe is just hugely exciting and probably, You know, one of the areas of low-hanging fruit, certainly for generative AI.
Is the ability to use natural language, uh, in the questions that you have against all of the Other knowledge and other written repositories that we have, Kind of between the two companies now come together, um, With the same, uh, goal of how do we deliver great content to you for self-service.
Generative AI sitting over the top of all the knowledge that we have available, We think is gonna unlock a lot of self-service potential.
Another area where we're investing is this notion of a common repository or library of resources that every customer reuses and repeats.
And these are sorts of things that, frankly, don't need to be unique at the end of the day.
So, what is the best practice for a Zero Trust flow that verifies, You know, endpoint security in some, you know, say, Authentication journey, Where Conditional Access is the goal.
Like, what’s the flow look like?
What signals do you use?
Where do you set the thresholds for risk predictors to allow the user in or not?
This is the sort of stuff.
Which doesn't need to get recreated by every company.
So, we're investing in a library, library.Ping identity.com, where we are starting to put the Best of the Best.
These are flows, journeys, subflows, um, connectors, Scripts, UI templates, anything that we think helps speed the Delivery of a solution for workforce identity or customer identity.
That gets recreated over and over to varying degrees of success.
We want to take the best of the best, put it in the library, Make it available to all of you.
Another area that we're investing.
Is how do we get to solutions faster, end to end.
And one of the things we're doing is we're investing in a library of, of, uh, orchestration templates.
So, really, for every use case for passwordless registration, For password-less authentication, for advanced authentication through MFA.
We know and see the journeys that all of you are deploying, Where you’re putting the risk signals, which services you’re calling in what sequence.
And so, we're investing in a library of these real use cases, If you will.
And you can think of solutions basically as Being a collection of use cases.
So, so, Template, uh, journeys and flows, we're making big investments.
The other place we've made investments is in the automation of configuration management.
So, the entire Ping platform now has Terraform providers, and you can essentially Automate all the config management that wires together a solution across multiple Capabilities, and with, you know, one command, basically pre-configure an entire use Case, you know, in a few seconds with a single command.
So, that level of automation to get to solutions along with templated journeys is an area of, how do we get to time-to-value faster.
Another area of investment is around unified administration.
So, this is a journey we've already been on.
How do you have one PingOne account that gives you access to the Support Portal?
All your Entitlements, Support Resources, Knowledge Bases, Uh, and then also helps you administer your various Ping infrastructure.
And so, we are expanding this vision to include all of ForgeRock now as well.
So, over time, the Administrator experience, like the Developer experience, Like the end-user experience, is going to become better and more unified over time.
For developers, it's all about SDKs.
For administrators, It's all about the unified Admin-UI experience.
And for end users, it's all about eliminating any need to do anything.
It would be frictionless or invisible authentication through password lists or Biometrics.
Speaking of the developer experience and Speeding that, one of the investments we're making is in a unified framework that all of Our SDKs can plug into.
We recognize not every company wants to Leverage all of our SDKs.
But we want a common way in which all those SDKs are secured.
Um, and so, kind of thinking of our SDKs as modular, sharing an underlying security Framework, so that you can get your identity experiences into your APPs, Again, as quickly as possible, so that your developer tier can focus on what they wanna Focus on, leave the security and identity to you.
And allow you to make changes on the back end that dynamically render without recompiling or Issuing new APPs on the front end.
That's the goal.
Another area that we've made a tremendous number of investments, In addition to Open standards, is the notion of integration.
So, whether it's single sign-on integration, provisioners to SaaS applications, Integration with Office 365, integration with Signals.
Say, Intune signals or uh one of your MDM providers to do conditional access.
Or now a whole host of third-party signals around risk coming from the edge, Coming from endpoints, incorporating those.
Nobody has invested in more integrations than Ping.
So, Open Standards first, and then pre-integrations second.
It's been an area of significant investment.
We're gonna continue that.
We have a whole team dedicated to that.
I wanted to talk about two things that kind of fall into the category of, Uh, Futures Now, AI and decentralized identity.
And both in different ways are gonna, I think, materially impact how we think about security, How we think about identity, how fast we can respond, what the role of the individual is, Then to ensure the integrity and safety of their own identity, Uh, through decentralized.
So, I just wanted to walk through some of our ideas here.
Um, start by saying, Ping has invested in AI pretty significantly over the course of the last several years.
Now, while the generative AI is relatively new With Chat GPT about a year ago, PingOne MFA, Autonomous Access, Autonomous Identity, and our documentation.
There's been a number of things that we deliver Today, by the way, you know, by way of leveraging data, Um, that, you know, that we've put through the Gonolator, if you will, of privacy to make sure that nothing in the, by, by way of our collection of data is gonna violate, um, or in some way expose you to a privacy concern.
But we've been doing that for a while.
Our strategy here is that Data and signals.
Need to be leveraged to inform the identity control plane in a virtuous feedback loop.
So, we need to leverage all the data of what is being used in Identity, Behavioral and otherwise.
Leverage those as signals, again, to inform how we behave either in the moment or on the next Transaction.
Because the number of signals is growing, We now have an opportunity to leverage AI, uh, to abstract out additional layers of value of that data and allow us to become more proactive in seeing the threats or dealing with them Threats as they happen in real-time.
So, we break AI into three categories, starting with maybe the easiest thing to do, And then over time, moving towards the level of automation, which will definitely make us more Secure in real-time.
So the easiest thing to do is to simply augment the decisioning.
That we make around access.
By surfacing the data that is available to us to help us make more data-informed decisions.
So, if I'm on an Admin-UI screen, and, uh, and I'm going to grant certain Privileges or access rights to applications or other things like that, With the confidence that I'm not over-accessing or over-privileging individuals.
This would be a great example of where Autonomous Identity leverages AI.
To look at all the Entitlements, Roles, and Permissions granted to similar type users and Throw up a score, a confidence score, saying, Hey, we're 75% confident that this entitlement To this individual with this role is probably an, an, An appropriate entitlement, if that makes sense.
So, it's not making the decision; it's assisting the decision by bringing data in Moment, uh, that matters where action is taken by individuals.
The second step on that is to actually make a recommendation.
So, it's not, hey, we're 65 or 75% confident that this, um, Entitlement you're Giving a user this access right is the right thing.
Um, instead, hey, we recommend you give access to this type of user for X, Y, Z.
So, it goes beyond just leveraging data to make Decisions, to actually make recommendations.
And one step beyond that, Is when we have enough confidence in the uh integrity of the AI algorithms themselves.
Why not just block a transaction that you know to be fraudulent?
So it's rather than just see an abnormality and flag it an alert and say, Hey, you need to go investigate X, Y, and Z.
This looks unusual.
And then you figure out how to fix it.
It will say, hey, we see something going on, and we blocked it.
Here's why we blocked it.
And now, if you choose to come back around and enable access, That's your choice.
But I think that's ultimately where we get to in this real-time identity control play.
So, if you look at the Assistant side, I described documentation, How do I sync data between ForgeRock Identity Cloud, um, And PingDirectory?
Right?
There hasn't been a specific document written around that specific use case, But leveraging generative AI to summarize all available data and present it in a format that is probably consumable to you.
Um, and give it to you in different views, and show you where all the source documents are.
I mean, that is just incredibly powerful.
So, we’re super excited about that.
You're actually looking at a live POC of our documentation and some of the new search Capabilities which leverage generative AI in the summary of, of your questions.
And, like, historically for docs, The challenge has always been, if you didn't ask the exact right question, If we didn't tag the data exactly right, you just weren't gonna find it.
And so, I think generative AI is gonna bridge the gap between our questions and our tagging.
Because no longer is it the tagging that's being used, It's the actual content, and having an understanding of that content should make it Easier for us to surface the data you need in a timely manner.
Um, this notion of recommendation.
So, you know, Did we forget we typically see spikes this time of year.
Um, when we look at our policies, how confident are we that our policies are capturing The most recent threats against identity?
This notion of Zero Trust privilege, right?
Or um least privilege by default, How do we get there if we can’t leverage the data signals about what people actually use, What people in similar roles actually use.
Uh, and so I just think the entire opportunity to leverage data.
And AI to assist humans in making decisions around access control is, Is a 10x.
It's gonna be a 10x in terms of how efficient.
Uh, we can take a few people that are helping manage thousands.
If not Tens of Thousands of Individuals.
I am not Morgan Freeman, and what you see is not real.
Well, at least in contemporary terms, it is not.
What if I were to tell you that I'm not even a human being?
Would you believe me?
What is your perception of reality?
Is it the ability to capture, process, and make sense of the information our senses receive?
If you can see, hear, taste, or smell it, does that make it real?
Or is it simply the ability to feel?
I would like to welcome you to the Era of synthetic reality.
All right, that would have fooled me.
So look AI generative AI, especially around imaging.
It is now a full-on onslaught to the human sense of sight and sound.
The ability, in essence, to recreate the likeness of somebody digitally and do it in Real time.
With voice is a level of threat we've Never seen before as humans.
Right?
And so, we are programmed to recognize Authentic, for the most part, with our eyes and with our ears.
And now in digital channels, that is effectively compromised.
So, how do we reinsert a level of security, of knowing, not hoping that we're Actually interacting with the person that we think we're interacting with?
Um, we definitely are gonna have to leverage AI for good, To help see the AI that is being used for bad.
That'll be one layer of defense.
It is not the only layer of defense, and clearly, that's gonna be a cat-and-mouse game.
It's gonna be the speed with which we can recognize new levels of deep fake, And, uh, and leverage those AI signals to surface those deep fakes.
Hopefully, to protect users before they succumb to their own senses, Um.
You know, essentially not being able to Recognize authenticity of users in all our digital interactions.
But there's a second layer of defense that we now have going for us, You know, not a moment too soon.
How do we protect people's digital identities from being compromised?
Right?
Now, in the history of identity, all of us, In essence, have relied upon companies to manage our digital identity.
So, I, I would, I would argue that our digital identity today is nothing but the aggregate of All the data sitting in all the directories and all the databases with all the companies we Interact with.
And those repositories basically store a History of our interaction with them.
It's the collection of all of that that makes up our current digital identity.
And none of it or very little of it do we have much or any control over.
Data is collected on our interactions and shared, hopefully through regulation with us Consent.
That's been kind of the most recent band-aid.
That we've put on a reality that our data and our identity is sitting outside of a place that We can control the sharing of it.
So we show up to all of these companies really as unnamed individuals, And we have to go through a journey of Collecting my email address, Verifying my email address, collect my phone number, check my phone number, Maybe go back to a source of truth to say, does this identity actually associate with that?
Email address and that phone number.
So it doesn't just prove access to those two.
Things, but it proves ownership of those two things.
And so, we progressively profile and progressively verify, going from unknown to Recognized to known and trusted.
So that we can essentially grant access, high-risk asset access with a level of Assurance.
And that is an arduous process that we have to Go through.
Re-establishing trust in every relationship.
We have no ability to piggyback upon prior interactions and parlay those prior Interactions into future relationships or future trust.
Because all of this stuff is distributed.
Maybe with the exception of, say, credit scores as a mechanism to take our historical Preponderance to pay our bills on time, and, you know, Extend that to future companies that have to determine, do they loan, Do they loan us something?
What's the risk of loaning us something?
That concept doesn't exist really anywhere else in our identity.
So, that is going to change.
Um, you might as well say we have only one physical you, but we have hundreds, if not thousands of fragments of you that exists in the identity and access management systems with all the companies that we interact With, both as employees, as partners and customers.
And all of that now is going to change going forward because for the first time, You and I as users, we have compute.
And with compute, we can store verifiable digital credentials in a secure enclave called a Wallet.
We can unlock that with our biometrics.
Only we can use it, and the credentials are bound to our biometric, But those credentials are verifiable proofs of something about us.
That matter in society.
Proof of real ID, proof that I'm an employee, proof that I'm a customer, Proof that I'm a loyalty member, proof that I'm insured, proof that I graduated from this College with this degree, with that grade, proof that I worked at a certain company from This period to this period, and I had a certain title.
Today, there is no way for you and me.
To establish a new relationship with someone who we don't know.
And prove anything about ourselves digitally.
And so we go through this discovery process, this dance, From the unknown to the recognized, to the authenticated, through progressive profiling, Just so that we can interact with a high level of trust.
That's going to change going forward.
We now have the ability.
To collect digital credentials from third parties who are authoritative, Meaning my saying I'm a million-miler doesn't matter; my airline saying that I'm a million Miler matters.
So, what third parties say about us matters.
Now we have the ability to collect those proofs.
Put them into a secure enclave called the wallet.
Lock them with our biometrics, so only we can use them.
And in new relationships, we can go from low trust to high trust very, Very quickly.
So that's a game changer.
The other thing that is subtle but profound.
In the ability to prove something about ourselves in digital transactions in a Millisecond.
Is this notion through Decentralized Identity?
And wallets and credentials.
We cannot only identify our real identity.
Prove that we're the ones doing the transaction through strong authentication and authorize Either the sharing of data or authorize some transaction.
We could do all three of those.
With a single push, a single click, and a single biometric, All three in one, at the same time.
That's a game changer.
So when I said that we have a new tool in the arsenal of ensuring authenticity in a digital World.
Once we get to a ubiquity of wallets, And in those wallets, we have credentials from third parties who rightfully can vouch.
For something about ourselves.
It means individuals can ask us to prove that I am interacting with you, Prove that you're Andre, and authorize this transaction, and do that as simply as a push Notification, similar experience to MFA today.
That's a game changer.
So all of that is now doable.
This is technology that we've been investing in for the last 6 years.
And this notion that you are an individual, not a user.
You're gonna show up as a named individual if you choose, Obviously, to share your name, to share a proof of your real identity.
You are going to be able to prove things about yourself.
In new transactions in milliseconds, what otherwise would have taken months, if not years.
So our ability to navigate our digital environment and do so where we're in control of The dissemination of our identity data, where we are the collectors of that information.
And where we can prove things about ourselves in digital transactions is just incredible.
So, this is NO.
NO is, uh, not a product.
It's our platform that enables the issuance of digital credentials, I think MobileIron driver's licenses, for example, proof of employment, Um, entitlement credentials, sky's the limit on the one end, and the ability to verify those credentials on the other.
And we are layering this on top of and into the way in which companies do business today.
So, the ability to issue a credential into your PingOne MFA clients, So that if you choose part of the authentication experience can be just shared Back a credential that you're an employee.
Like if you're an employee, you should be able to authenticate to us.
All of a sudden, the Authentication experience shifts from the old world, which was MFA to the new world where credentials are being shared in, uh, Verified and validated.
That's just one of many examples where this new technology and new approach is going to change The way we've done things historically.
So, if you summarize all of this, you should viewing as the most comprehensive provider Serving the global 2,000+ market.
These are enterprises that absolutely Need mission-critical Identity capabilities that are both broad and deep.
Cover all use cases, cover all identity types, workforce, partner, Contractor, retiree, in some cases, service accounts, customers.
Allows you the flexibility to deploy this critical infrastructure where you want on-prem, In the cloud, in your cloud of choice, in multiple clouds, or even hybrid, or consume it all as SaaS, consume it as dedicated tenant SaaS, Where your data is isolated, and you have no shared infrastructure and no noisy neighbor Problems, or you're going for speed, just consume this as multi-tenant SaaS.
Its lowest cost, ease of use is your primary preference.
The ability to orchestrate beautiful user journeys through very sophisticated use cases, Zero Trust on the one side for workforce, frictionless customer experiences on the Customer-consumer side, and to leverage the same underlying platform, Constructs, and architecture to deliver for both of those identity types and do so without Hard coding.
So, the need to go back, when you do inevitably Need to go back and change an experience, Change out a technology, You can do so rapidly, without having to pull the entire project back open.
All right.
So, I wanna thank you guys all for taking the Time to listen.
Um, we're super excited about this future.
It's just incredible potential.
We look forward to working with all of you.
We want to hear your ideas.
We have many customers who have actually over the years on one side or the other, Leveraged ForgeRock or UM simultaneously Leveraged Ping, And now we're seeing all sorts of new opportunities to integrate and pre-integrate These capabilities to deliver more valuable, more value to you faster.
Thank you.

Hi there, I'm Peter Barker, Chief Product Officer here at Ping Identity.
I'm pleased to share with you the next steps of how we are combining two great companies, Ping and ForgeRock, into a truly extraordinary one under the Ping Identity brand.
At Ping, we know you rely on us as a trusted partner to provide mission-critical solutions.
We take that role very seriously and are dedicated to ensuring that our customers’ best Interests are at the heart of every decision we make.
One question we often get is whether the combination means that customers of either Ping or ForgeRock will be required to migrate off their current platform.
The answer to that is no.
Both platforms are healthy businesses supporting thousands of enterprises.
We plan to develop and support the core platforms for Ping and ForgeRock indefinitely Into the future.
This means the time and money you've invested To deploy and integrate either platform is safe and secure.
Our strategy is to harness the collective power of both companies to benefit you.
This won't be a slow, drawn-out integration.
We now have 2 times the number of developers than we had previously.
That means more innovation delivered to you faster.
You get access to more new products and services almost instantly as we make the entire Combined portfolio available to all of our customers like you.
For example, if you are a Ping Cloud or software customer, We will make ForgeRock's life-cycle management and identity governance available to you.
If you're a ForgeRock Cloud or software customer, we will make Ping's fraud detection, Identity verification, authorization, and decentralized identity solutions available to You.
This opens up a world of possibilities for you.
The combination has also helped us become a more global company with more local identity Experts and resources to help service and support you no matter where you do business.
With our combined product portfolio, you will get even more flexibility.
We can now offer you Identity solutions to cover virtually any Identity type, Any business need, and any deployment model.
Whether you're looking to improve and secure your customer omni-channel experience or Looking to empower your workforce with Zero Trust, look no further.
We've got you covered with rich solutions that can be delivered via Cloud or self-managed software or a hybrid of the two.
All of this means more value to you, all from a single trusted partner who cares deeply about Your success.
This is our promise to you as we support you in Meeting your business goals and objectives with identity.
Thank you for being our customers.
Thank you for your trust in us, and here’s to an incredible 2024.