Identity Security for the Global Enterprise
Cloud multi-factor authentication
PingID is a cloud-based, multi-factor authentication (MFA) solution that drastically improves your security posture in minutes. With adaptive authentication policies, you can rest assured that security is stepped up in high-risk scenarios and streamlined for low-risk users and applications. PingID protects applications accessed via single sign-on (SSO), integrates seamlessly with Microsoft Azure AD, Active Directory Federation Services (AD FS) and Windows Login, and allows you to embed branded MFA functionality directly into your own mobile application.
Stop Breaches. Protect Data
The threat is real. From phishing and SSH attacks to account takeovers, it’s no surprise that 81% of data breaches are due to compromised credentials. That’s why it’s imperative to confirm the identity of your users. With PingID, you can quickly increase security with cloud-delivered MFA, without sacrificing user experience for your employees, partners and customers who need access.
Authentication Methods
Easily add and select from multiple authentication methods and devices on the fly. Mobile push authentication methods such as swipe, tap, fingerprint and facial recognition can be used from mobile devices, along with SMS one-time passcodes (OTP). But when users leave their mobile devices at home they can still securely sign on using a range of alternative second factors such as FIDO-compliant authenticators, voice and email OTPs, a PIN-protected desktop application, Yubikeys, Apple Watches, Nymi Bands and more.
Broad Enterprise Use Cases
PingID makes MFA easy while supporting all of your enterprise use cases, apps and APIs. It’s simple to deploy for common initiatives like MFA for Office 365 and VPN access. It’s also easy to integrate with on-premises or cloud-hosted web apps through SSO and web access management systems via the PingID authentication API or authentication and authorization policies. You can even embed MFA functionality directly into your own customer-facing mobile app with the PingID SDK. Plus, an offline MFA mode allows users to authenticate locally without an Internet connection.
User Self-service
Improve productivity and lower helpdesk costs with a comprehensive set of user self-service capabilities. PingID allows your users to add new mobile devices and select from multiple secondary authentication methods if their primary method or device is unavailable. Self-service can also be provided for registration and enrollment, updating and unpairing the PingID mobile application, pairing to new organizations and sending event logs when troubleshooting is required.
Branding
PingID offers opportunities to brand and customize multiple steps in the user journey. The native mobile application, desktop application, user notifications and registration, and enrollment screens are all customizable to your organization’s brand and can be localized to your organization’s geographic footprint.
Rapid Deployment
You can easily implement cloud-delivered MFA in minutes for many common use cases like MFA for Office 365 and VPN access. No more time spent setting up a local, on-premises MFA footprint or issuing hard tokens. You can also integrate PingID with Azure AD, AD FS, VPN or PingFederate, our authentication authority, in just minutes. And centralized administration for MFA within PingID means that managing MFA to these various integrations will be easy. With PingID, you can quickly add strong authentication while maintaining a streamlined user experience.
IDaaS That’s Fast to Implement and Easy to Use
PingOne is a best-in-class Identity-as-a-Service (IDaaS) offering for organizations that prefer a more hands-free approach to identity and access management (IAM) for their customers and workforce.
PingOne for Customers
Your developers can rapidly embed identity services into their customer-facing applications, reducing your application launch times with seamless registration, login, multi-factor authentication, self-service features and more. This easy-to-use, API-first cloud identity service helps your application teams build amazing experiences and takes security off their plates.
PingOne for Enterprise
Our workforce IDaaS solution is easy for IT to implement, simple for users to adopt and designed to fit within your IT budget. It helps resource-constrained IT leaders securely connect employees and partners to all the applications they need to do their work, improving both security and productivity.
PingCloud
Advanced cloud identity solution
Advanced Cloud Identity Solution
Enterprises need to provide a consistent way for customers, employees and partners to sign on to their diverse applications and resources. But you may need to support multiple standards, different authentication flows and a wide range of identity providers (IdPs), service providers (SPs) and directories.
PingCloud provides a highly configurable global authentication authority and versatile SSO federation hub with practically limitless configuration options. Regardless of where applications, resources, SPs and IdPs reside, you can leverage PingCloud’s extensibility for your diverse user populations and identity types.
Architected for Enterprise Hybrid IT
PingCloud is secure and extensible, so it reaches every corner of your hybrid IT or multi-cloud environment without needing to install, update and manage separate on-premises proxies and agents. Our investment in enterprise extensibility spans over 15 years, and has resulted in comprehensive standards support and market-leading adaptors, connectors and integration kits that can be leveraged in PingCloud, all delivered as a cloud service.
Accelerate Time to Value
Enable your team to respond more rapidly and easily to global demand for IAM services by reducing geographical deployment complexity and simplifying IAM operations. Configure and deploy a solution that provides the operational scale and performance your organization needs with just a few clicks. PingCloud allows you to create different environments for development, test and production as needed, with regional configuration options to comply with geographic or regulatory constraints
Comply with Regulations
PingCloud allows you to deploy individual tenants for separate and secure data stores, including the ability to manage and delete data as needed. You can even deploy to different regions to support data sovereignty and other regulatory requirements. PingCloud also provides multiple options to secure your private tenant and connect to on-premises resources.
Ping Federate
Authentication and single sign-on authority
Connect Everyone to Everything With Federated SSO
PingFederate is an enterprise federation server that enables user authentication and single sign-on. It serves as a global authentication authority that allows employees, customers and partners to securely access all the applications they need from any device. PingFederate easily integrates with applications across the enterprise, third-party authentication sources, diverse user directories and existing IAM systems, all while supporting current and past versions of identity standards like OAuth, OpenID Connect, SAML and WS-Federation. And it can be deployed on-premises or in the cloud, so you can support today’s needs and future-proof your business for tomorrow’s requirements.
Authentication With Intelligence
In situations where passwords are not sufficient, such as providing access to high-risk transactions and sensitive applications and data, PingFederate can require MFA to further reduce risk. It analyzes user behavior using artificial intelligence and machine learning to achieve the level of confidence you need to give users access to resources. It also learns user behavior to calculate a risk score so you can apply the right level of authentication based on your defined policies.
Now you can optimize user experience and security by allowing lower-value transactions to occur without interruption while promoting MFA as needed to ensure trust for high-value transactions and sensitive apps and data.
Extensibility That's Built on Open Standards
With comprehensive support for modern identity standards, PingFederate can easily integrate with your existing infrastructure. From pre-built adapters and provisioners to a wide variety of integration kits, PingFederate makes it easy to provide authentication and secure SSO across your existing applications and resources. And you’ll have those connections in hours or days, not weeks or months—even including those hard-to-integrate internal applications. It integrates with thousands of applications, platforms and protocols, including:
- All major web application servers and virtualization platforms.
- Thousands of certified IAM integrations like Office 365 and Azure AD Connect.
- Hundreds of commercial enterprise applications.
- Legacy web access management solutions from CA, Oracle and IBM.
- Directory servers from Microsoft and Oracle.
- MDM providers like AirWatch, MobileIron and Microsoft InTune.
- Multi-factor authentication services like PingID, Duo and more.
Ping Access
Access security for apps and APIs
Secure Authorization
PingAccess provides the comfort of knowing that only the right users can access sensitive resources. A comprehensive policy engine ensures that those requesting access have the appropriate permissions, user context and device posture to access applications, down to the URL level. For APIs, policies can be applied to disallow certain HTTP transactions to users in untrusted contexts, such as administrators using DELETE outside the corporate network.
Contextual Policies
By applying policies in context, PingAccess can verify user identity across specific resources, evaluating a diverse range of methods and circumstances in which the user is requesting access. ABAC, RBAC, authentication levels, IP address, web session attributes and OAuth attributes and scopes can be used to approve or deny access to sensitive resources. PingAccess also integrates with third-party threat intelligence providers to augment contextual data included in authorization policies.
Centralized Administration
Ensure consistent enforcement of security policies by centralizing access control across diverse enterprise application portfolios in hybrid IT environments. From a single console, policies for web applications, APIs and single page applications hosted in any domain can be written, managed and updated.
Centralized Session Management
PingAccess abstracts sessions from applications and APIs, removing the risk of errors and inconsistent session security parameters. It also reduces the risk of man-in-the-middle attacks like session hijacking with encrypted session tokens scoped for specific applications.
Continuous Authorization
PingAccess continuously validates authentication tokens with PingFederate in predetermined time intervals. If there’s a change in user context—or if a single logout process terminates a user’s authentication session—all application sessions will immediately be terminated.
Centralized Session Management
PingAccess abstracts sessions from applications and APIs, removing the risk of errors and inconsistent session security parameters. It also reduces the risk of man-in-the-middle attacks like session hijacking with encrypted session tokens scoped for specific applications.
Deploy Anywhere. Protect Everything.
You can deploy PingAccess on premises or in the cloud using agents, proxy or a combination of both, and it integrates easily with your web applications with agents for Apache, NGNIX, IIS and more. For cloud deployments, we include customizable AWS automation templates that enable you to rapidly deploy advanced clustering, replication capabilities and more with minimal effort. Wherever your resources are hosted, PingAccess can also extend standards based, federated SSO to all applications using HTTP header injection, JWT tokens and token mediation. You can even secure access and extend SSO to on-premises web applications through third-party cloud identity stores like Azure AD. To learn more about the PingAccess for Azure AD partnership, read our white paper.
Easy Migration From Legacy WAM
With cloud, API and mobile-first mandates, it’s easy to see how significantly limiting legacy web access management (WAM) systems are. PingAccess provides a modern, lightweight solution that includes the tools and expertise to coexist or migrate from your legacy WAM. Token translators and policy migration tools help to enable coexistence and avoid downtime disruption. You can automatically migrate your legacy WAM policies for use in PingAccess, which helps automate the creation, testing and promotion of policies between development environments.
Ping Directory
High performance data store for all users
Unmatched Security, Performance and Flexibility at Scale
PingDirectory is a high-performance, extensible data store for customer, partner and employee identity data. It helps enterprises build a unified profile from multiple data sources with the ability to manage hundreds of millions of entries at high performance during peak usage. And to protect valuable and highly targeted identity data, PingDirectory includes end-to-end security that doesn’t sacrifice performance.
Unify Disparate Customer Profiles
With PingDirectory, you can synchronize your disparate data silos into one secure, high-performance data store. No matter if you perform a one-time data migration or utilize ongoing, real-time, bidirectional data synchronizations, you can create a single source of truth about your customers, partners and employees. PingDirectory can be easily deployed both on-premises and in the cloud, allowing you to create unified profiles from disparate identity silos in hybrid IT scenarios. And all of your applications can access the unified profile through developer-friendly SCIM APIs, or even through LDAPv3.
Get Serious About Data Security
PingDirectory has met some of the most demanding security requirements from the world’s largest enterprises. It enforces data encryption at rest, in use and in motion. You can limit data access privileges for admin accounts, store tamper-evident logs, enable active or passive alerts and much more. Enterprises can meet stringent security requirements with ease, and the risk of brand-damaging security breaches is all but gone.
Ping Data Governance
Data access security and governance
Fine-grained Data Access Governance
PingDataGovernance provides policy-based, fine-grained access controls for attribute-by-attribute data protection and filtering for regulatory compliance and consent management. It has a graphical user interface for business users to collaboratively build, test and enforce access control policies to data across user directories and APIs. It provides a centralized solution to authorize and filter API calls in real time—a huge benefit to managing and enforcing customer data privacy.
Delegated Data Access
PingDataGovernance provides a centralized management solution that enables users to delegate access control of their data to customer service reps, trusted individuals, family members, third parties and others. For example, you can limit user search results to only those users a delegated administrator has the right to view. You can also enforce which specific attributes delegated administrators can view, or specific actions delegated administrators can take.
Graphical Policy Designer
PingDataGovernance gives non-technical users a drag-and-drop interface for designing policies by layering attributes in a visual policy decision tree. This easy to use, graphical interface can extend policy design to multiple stakeholders to make it a more collaborative effort. This includes allowing non-technical users to visually test a policy implementation based on multiple inputs like user roles, client locations, the data itself, consents and more.
Powerful Resource and Attribute Filtering
PingDataGovernance policies can be configured to allow an API call, but then filter, obfuscate, or remove specific data attributes in the response. This gives you tremendous flexibility in managing fine-grained data authorization and control. PingDataGovernance also allows users to set up dynamic authorization policies that evaluate attributes of the resource itself, information about the requester, or attributes gathered from multiple external systems in real time.
PingIntelligence for APIs
API visibility and attack detection with AI
AI-powered API Security
PingIntelligence for APIs is an API security solution done right. It provides a unified view of API activity across the entire enterprise for centralized monitoring and reporting. It uses artificial intelligence to learn traffic behaviours to automatically detect and block threats to enhance your organization’s security posture.
Making API Security Smarter
The adoption of APIs in the enterprise is showing no signs of slowing down. And each API represents a potential vulnerability to corporate data, applications and critical business systems. Finely tuned attacks on APIs are bypassing traditional security measures provided by CDNs, WAFs and API Gateways to breach APIs and get to the digital assets they connect.
A robust API security practice requires going beyond OWASP API Security top 10 vulnerabilities. APIs need to be monitored for unusual behavior so that you can act immediately on atypical events, such as unusual sequences of API access. PingIntelligence for APIs is making API security smarter.
Detect All Forms of API Attack
Today’s API security solutions aren’t enough to stop a new generation of attacks on APIs, specifically designed to exploit vulnerabilities unique to each API. PingIntelligence for APIs can detect, block and report on attacks that compromise your APIs, which include:
- Authentication System Attacks: Bad actors use credential stuffing and other brute force attacks to breach API infrastructures using valid credentials. Hackers can use stolen credentials like tokens and cookies to penetrate and take over accounts.
- Data and Application Attacks: Hackers can reverse-engineer an API with a valid account to extract, delete, modify or inject data into a service with the intent to steal information, disrupt a system or compromise data—or even take over an account.
- Targeted API DoS/DDoS Attacks: Hackers tune attacks to stay below rate limits, which can disable services provided by the API or damage the user experience. They can also generate calls that require unusually high system resources, which can affect server response time.
Deployment Flexibility
With both inline and sideband deployment options available, your IT team can deploy PingIntelligence for APIs however it fits best in your enterprise architecture. To provide AI-powered attack detection and monitoring without requiring network or infrastructure modifications, you can integrate with PingIntelligence for APIs in sideband deployment with PingAccess or your API gateway from Akana, Axway, Apigee, CA, AWS, Azure, IBM, Kong, MuleSoft, WS02 and more. Or, use inline deployment to have PingIntelligence for APIs as a high-performance reverse proxy to protect APIs deployed on API gateways, PingAccess or APIs deployed directly on application servers.
Ping Central
Self-service IAM application integration portal
Centralize Your IAM Operations
PingCentral is a converged operating portal for Ping software, and it allows resource-constrained IAM teams to do more with less. It enables self-service, delegated administration for business users to integrate their own applications and APIs and consume centralized identity services. It also automates promotions across application environment tiers while maintaining configuration, and gives administrators visibility to all clients and connections and an audit trail that lets you see who promoted what and when. PingCentral gives your business the visibility, speed and agility necessary for rapid digital transformation.
Empower Business Teams with Self-Service App Integration
PingCentral gives IAM administrators a flexible interface to build a set of authentication and single sign-on templates, so that application administrators can confidently select from these standard templates to streamline integration. The simple, step-by-step workflow guides business users who don’t have IAM expertise to be able to onboard a new app or API, update certificates for SAML connections, rotate client secrets and other self-service IAM tasks.
Automate Promotions Across Environment Tiers
Configuration changes don’t just need to be made in one environment—they often need to be propagated across an entire application development and deployment pipeline. PingCentral has an orchestration engine that automates promotions across application environment tiers. This means when you promote a client or connection from dev to staging, you don’t have to rekey in the new environment—the configuration carries over automatically.
Visibility into All Apps and Environments
PingCentral gives IAM and application administrators a snapshot of their managed OAuth and OIDC clients and SAML connections across all environments on a single screen. This allows IAM admins to assign and update resource ownership across the entire SSO infrastructure without switching between different instances of Ping software or authentication type screens. When a delegated administrator signs on, they see and manage only the applications they’ve added or that they’ve been assigned.
Identity Solutions for Your Every Need
Ping Identity
Close