Identity Security for the Global Enterprise

Cloud Multi-Factor Authentication

PingID is a cloud-based, Multi-Factor Authentication (MFA) solution that drastically improves your security posture in minutes. With adaptive authentication policies, you can rest assured that security is stepped up in high-risk scenarios and streamlined for low-risk users and applications. PingID protects applications accessed via single sign-on (SSO), integrates seamlessly with Microsoft Azure AD, Active Directory Federation Services (AD FS), and windows login, and allows you to embed branded MFA functionality directly into your own mobile application.

Stop Breaches. Protect Data

The threat is real. From phishing and SSH attacks to account takeovers, it’s no surprise that 81% of data breaches are due to compromised credentials. That’s why it’s imperative to confirm the identity of your users with PingID, you can quickly increase security with cloud-delivered MFA, without sacrificing user experience for your employees, partners, and customers who need access.

Authentication Methods

Easily add and select from multiple authentication methods and devices on the fly. Mobile push authentication methods such as swipe, tap, fingerprint, and facial recognition can be used from mobile devices, along with SMS One-Time Passcodes (OTP). But when users leave their mobile devices at home they can still securely sign on using a range of alternative second factors such as FIDO-compliant authenticators, voice and email OTPs, a PIN-protected desktop application, Yubikeys, Apple Watches, Nymi Bands, and more.

Broad Enterprise Use Cases

PingID makes MFA easy while supporting all of your enterprise use cases, apps, and APIs. It’s simple to deploy for common initiatives like MFA for Office 365 and VPN access. It’s also easy to integrate with on-premises or cloud-hosted web apps through SSO and web access management systems via the PingID authentication API or authentication and authorization policies. You can even embed MFA functionality directly into your own customer-facing mobile app with the PingID SDK. Plus, an offline MFA mode allows users to authenticate locally without an Internet connection.

User Self-service

Improve productivity and lower helpdesk costs with a comprehensive set of user self-service capabilities. PingID allows your users to add new mobile devices and select from multiple secondary authentication methods if their primary method or device is unavailable. Self-service can also be provided for registration and enrollment, updating and unpairing the PingID mobile application, pairing to new organizations and sending event logs when troubleshooting is required.


PingID offers opportunities to brand and customize multiple steps in the user journey. The native mobile application, desktop application, user notifications and registration, and enrollment screens are all customizable to your organization’s brand and can be localized to your organization’s geographic footprint.

Rapid Deployment

You can easily implement cloud-delivered MFA in minutes for many common use cases like MFA for Office 365 and VPN access. No more time spent setting up a local, on-premises MFA footprint or issuing hard tokens. You can also integrate PingID with Azure AD, AD FS, VPN, or PingFederate, our authentication authority, in just minutes. And centralized administration for MFA within PingID means that managing MFA to these various integrations will be easy with PingID, you can quickly add strong authentication while maintaining a streamlined user experience.

IDaaS That’s Fast to Implement and Easy to Use

PingOne is a best-in-class Identity-as-a-Service (IDaaS) offering for organizations that prefer a more hands-free approach to identity and access management (IAM) for their customers and workforce.

PingOne for Customers

Your developers can rapidly embed identity services into their customer-facing applications, reducing your application launch times with seamless registration, login, multi-factor authentication, self-service features, and more. This easy-to-use, API-first cloud identity service helps your application teams build amazing experiences and takes security off their plates.

PingOne for Enterprise

Our workforce IDaaS solution is easy for IT to implement, simple for users to adopt, and designed to fit within your IT budget. It helps resource-constrained IT leaders securely connect employees and partners to all the applications they need to do their work, improving both security and productivity.


Advanced cloud identity solution

Advanced Cloud Identity Solution

Enterprises need to provide a consistent way for customers, employees, and partners to sign on to their diverse applications and resources. But you may need to support multiple standards, different authentication flows, and a wide range of identity providers (IdPs), service providers (SPs), and directories.

PingCloud provides a highly configurable global authentication authority and versatile SSO federation hub with practically limitless configuration options. Regardless of where applications, resources, SPs, and IdPs reside, you can leverage PingCloud’s extensibility for your diverse user populations and identity types.

Architected for Enterprise Hybrid IT

PingCloud is secure and extensible, so it reaches every corner of your hybrid IT or multi-cloud environment without needing to install, update and manage separate on-premises proxies and agents. Our investment in enterprise extensibility spans over 15 years and has resulted in comprehensive standards support and market-leading adaptors, connectors, and integration kits that can be leveraged in PingCloud, all delivered as a cloud service.

Accelerate Time to Value

Enable your team to respond more rapidly and easily to global demand for IAM services by reducing geographical deployment complexity and simplifying IAM operations. Configure and deploy a solution that provides the operational scale and performance your organization needs with just a few clicks. PingCloud  allows you to create different environments for development, test, and production as needed, with regional configuration options to comply with geographic or regulatory constraints

Comply with Regulations

PingCloud allows you to deploy individual tenants for separate and secure data stores, including the ability to manage and delete data as needed. You can even deploy to different regions to support data sovereignty and other regulatory requirements. PingCloud also provides multiple options to secure your private tenant and connect to on-premises resources.

Ping Federate

Authentication and single sign-on authority

Connect Everyone to Everything With Federated SSO

PingFederate is an enterprise federation server that enables user authentication and single sign-on. It serves as a global authentication authority that allows employees, customers, and partners to securely access all the applications they need from any device. Ping Federate easily integrates with applications across the enterprise, third-party authentication sources, diverse user directories, and existing IAM systems, all while supporting current and past versions of identity standards like OAuth, OpenID Connect, SAML, and WS-Federation. And it can be deployed on-premises or in the cloud, so you can support today’s needs and future-proof your business for tomorrow’s requirements.

Authentication With Intelligence

In situations where passwords are not sufficient, such as providing access to high-risk transactions and sensitive applications and data, Ping Federate can require MFA to further reduce risk. It analyzes user behavior using artificial intelligence and machine learning to achieve the level of confidence you need to give users access to resources. It also learns user behavior to calculate a risk score so you can apply the right level of authentication based on your defined policies.

Now you can optimize user experience and security by allowing lower-value transactions to occur without interruption while promoting MFA as needed to ensure trust for high-value transactions and sensitive apps and data.

Extensibility That's Built on Open Standards

With comprehensive support for modern identity standards, Ping Federate can easily integrate with your existing infrastructure. From pre-built adapters and provisioners to a wide variety of integration kits, PingFederate makes it easy to provide authentication and secure SSO across your existing applications and resources. And you’ll have those connections in hours or days, not weeks or months—even including those hard-to-integrate internal applications. It integrates with thousands of applications, platforms, and protocols, including:

  • All major web application servers and virtualization platforms.
  • Thousands of certified IAM integrations like Office 365 and Azure AD Connect.
  • Hundreds of commercial enterprise applications.
  • Legacy web access management solutions from CA, Oracle, and IBM.
  • Directory servers from Microsoft and Oracle.
  • MDM providers like AirWatch, MobileIron, and Microsoft InTune.
  • Multi-factor authentication services like PingID, Duo, and more.

Ping Access

Access security for apps and APIs

Secure Authorization

Ping Access provides the comfort of knowing that only the right users can access sensitive resources. A comprehensive policy engine ensures that those requesting access have the appropriate permissions, user context, and device posture to access applications, down to the URL level. For APIs, policies can be applied to disallow certain HTTP transactions to users in untrusted contexts, such as administrators using delete outside the corporate network.

Contextual Policies

By applying policies in context, Ping Access can verify user identity across specific resources, evaluating a diverse range of methods and circumstances in which the user is requesting access. ABAC, RBAC, authentication levels, IP address, web session attributes, and OAuth attributes and scopes can be used to approve or deny access to sensitive resources. Ping Access also integrates with third-party threat intelligence providers to augment contextual data included in authorization policies.

Centralized Administration

Ensure consistent enforcement of security policies by centralizing access control across diverse enterprise application portfolios in hybrid IT environments. From a single console, policies for web applications, APIs, and single-page applications hosted in any domain can be written, managed, and updated.

Centralized Session Management

Ping Access abstracts sessions from applications and APIs, removing the risk of errors and inconsistent session security parameters. It also reduces the risk of man-in-the-middle attacks like session hijacking with encrypted session tokens scoped for specific applications.

Continuous Authorization

Ping Access continuously validates authentication tokens with Ping Federate in predetermined time intervals. If there’s a change in user context—or if a single logout process terminates a user’s authentication session—all application sessions will immediately be terminated.

Centralized Session Management

Ping Access abstracts sessions from applications and APIs, removing the risk of errors and inconsistent session security parameters. It also reduces the risk of man-in-the-middle attacks like session hijacking with encrypted session tokens scoped for specific applications.

Deploy Anywhere. Protect Everything.

You can deploy Ping Access on-premises or in the cloud using agents, a proxy, or a combination of both, and it integrates easily with your web applications with agents for Apache, NGNIX, IIS, and more. For cloud deployments, we include customizable AWS automation templates that enable you to rapidly deploy advanced clustering, replication capabilities, and more with minimal effort. Wherever your resources are hosted, Ping Access can also extend standards based, federated SSO to all applications using HTTP header injection, JWT tokens, and token mediation. You can even secure access and extend SSO to on-premises web applications through third-party cloud identity stores like Azure AD. To learn more about the Ping Access for Azure AD partnership, read our white paper.

Easy Migration From Legacy WAM

With the cloud, API, and mobile-first mandates, it’s easy to see how significantly limiting legacy Web Access Management (WAM) systems are. Ping Access provides a modern, lightweight solution that includes the tools and expertise to coexist or migrate from your legacy WAM. Token translators and policy migration tools help to enable coexistence and avoid downtime disruption. You can automatically migrate your legacy WAM policies for use in Ping Access, which helps automate the creation, testing, and promotion of policies between development environments.

Ping Directory

High performance data store for all users

Unmatched Security, Performance and Flexibility at Scale

Ping Directory is a high-performance, extensible data store for customer, partner, and employee identity data. It helps enterprises build a unified profile from multiple data sources with the ability to manage hundreds of millions of entries at high performance during peak usage. And to protect valuable and highly targeted identity data, Ping Directory includes end-to-end security that doesn’t sacrifice performance.

Unify Disparate Customer Profiles

With Ping Directory, you can synchronize your disparate data silos into one secure, high-performance data store. No matter if you perform a one-time data migration or utilize ongoing, real-time, bidirectional data synchronizations, you can create a single source of truth about your customers, partners, and employees. Ping Directory can be easily deployed both on-premises and in the cloud, allowing you to create unified profiles from disparate identity silos in hybrid IT scenarios. And all of your applications can access the unified profile through developer-friendly SCIM APIs, or even through LDAPv3.

Get Serious About Data Security

Ping Directory has met some of the most demanding security requirements from the world’s largest enterprises. It enforces data encryption at rest, in use, and in motion. You can limit data access privileges for admin accounts, store tamper-evident logs, enable active or passive alerts, and much more. Enterprises can meet stringent security requirements with ease, and the risk of brand-damaging security breaches is all but gone.

Ping Data Governance

Data access security and governance

Fine-grained Data Access Governance

Ping Data Governance provides policy-based, fine-grained access controls for attribute-by-attribute data protection and filtering for regulatory compliance and consent management. It has a graphical user interface for business users to collaboratively build, test, and enforce access control policies to data across user directories and APIs. It provides a centralized solution to authorize and filter API calls in real-time—a huge benefit to managing and enforcing customer data privacy.

Delegated Data Access

Ping Data Governance provides a centralized management solution that enables users to delegate access control of their data to customer service reps, trusted individuals, family members, third parties, and others. For example, you can limit user search results to only those users a delegated administrator has the right to view. You can also enforce which specific attributes delegated administrators can view, or specific actions delegated administrators can take.

Graphical Policy Designer

Ping Data Governance gives non-technical users a drag-and-drop interface for designing policies by layering attributes in a visual policy decision tree. This easy to use, the graphical interface can extend policy design to multiple stakeholders to make it a more collaborative effort. This includes allowing non-technical users to visually test a policy implementation based on multiple inputs like user roles, client locations, the data itself, consents, and more.

Powerful Resource and Attribute Filtering

Ping Data Governance policies can be configured to allow an API call, but then filter, obfuscate or remove specific data attributes in the response. This gives you tremendous flexibility in managing fine-grained data authorization and control. Ping Data Governance also allows users to set up dynamic authorization policies that evaluate attributes of the resource itself, information about the requester, or attributes gathered from multiple external systems in real-time.

PingIntelligence for APIs

API visibility and attack detection with AI

AI-powered API Security

Ping Intelligence for APIs is an API security solution done right. It provides a unified view of API activity across the entire enterprise for centralized monitoring and reporting. It uses artificial intelligence to learn traffic behaviors to automatically detect and block threats to enhance your organization’s security posture.

Making API Security Smarter

The adoption of APIs in the enterprise is showing no signs of slowing down. And each API represents a potential vulnerability to corporate data, applications, and critical business systems. Finely tuned attacks on APIs are bypassing traditional security measures provided by CDNs, WAFs, and API Gateways to breach APIs and get to the digital assets they connect.

A robust API security practice requires going beyond OWASP API security’s top 10 vulnerabilities. APIs need to be monitored for unusual behavior so that you can act immediately on atypical events, such as unusual sequences of API access. PingIntelligence for APIs is making API security smarter.


Detect All Forms of API Attack

Today’s API security solutions aren’t enough to stop a new generation of attacks on APIs, specifically designed to exploit vulnerabilities unique to each API. Ping Intelligence for APIs can detect, block and report on attacks that compromise your APIs, which include:

  • Authentication System Attacks: Bad actors use credential stuffing and other brute force attacks to breach API infrastructures using valid credentials. Hackers can use stolen credentials like tokens and cookies to penetrate and take over accounts.
  • Data and Application Attacks: Hackers can reverse-engineer an API with a valid account to extract, delete, modify or inject data into service with the intent to steal information, disrupt a system, or compromise data—or even take over an account.
  • Targeted API DoS/DDoS Attacks: Hackers tune attacks to stay below rate limits, which can disable services provided by the API or damage the user experience. They can also generate calls that require unusually high system resources, which can affect server response time.


Deployment Flexibility

With both inline and sideband deployment options available, your IT team can deploy PingIntelligence for APIs however it fits best in your enterprise architecture. To provide AI-powered attack detection and monitoring without requiring network or infrastructure modifications, you can integrate with PingIntelligence for APIs in sideband deployment with PingAccess or your API gateway from Akana, Axway, Apigee, CA, AWS, Azure, IBM, Kong, MuleSoft, WS02 and more. Or, use inline deployment to have PingIntelligence for APIs as a high-performance reverse proxy to protect APIs deployed on API gateways, PingAccess or APIs deployed directly on application servers.

Ping Central

Self-service IAM application integration portal

Centralize Your IAM Operations

PingCentral is a converged operating portal for Ping software, and it allows resource-constrained IAM teams to do more with less. It enables self-service, delegated administration for business users to integrate their own applications and APIs and consume centralized identity services. It also automates promotions across application environment tiers while maintaining configuration, and gives administrators visibility to all clients and connections and an audit trail that lets you see who promoted what and when. PingCentral gives your business the visibility, speed, and agility necessary for rapid digital transformation.

Empower Business Teams with Self-Service App Integration

PingCentral gives IAM administrators a flexible interface to build a set of authentication and single sign-on templates so that application administrators can confidently select from these standard templates to streamline integration. The simple, step-by-step workflow guides business users who don’t have IAM expertise to be able to onboard a new app or API, update certificates for SAML connections, rotate client secrets, and other self-service IAM tasks.

Automate Promotions Across Environment Tiers

Configuration changes don’t just need to be made in one environment—they often need to be propagated across an entire application development and deployment pipeline. PingCentral has an orchestration engine that automates promotions across application environment tiers. This means when you promote a client or connection from dev to staging, you don’t have to rekey in the new environment—the configuration carries over automatically.

Visibility into All Apps and Environments

PingCentral gives IAM and application administrators a snapshot of their managed OAuth and OIDC clients and SAML connections across all environments on a single screen. This allows IAM admins to assign and update resource ownership across the entire SSO infrastructure without switching between different instances of Ping software or authentication type screens. When a delegated administrator signs on, they see and manage only the applications they’ve added or that they’ve been assigned.
Identity solutions for your every need
Request Demo