1

SOLUTION BRIEF

Connecting Users with Identity as a ServiceWhen investigating identity and access management (IAM) solutions for workforce, partners

and customers, there are many options available. Existing on-premises IAM solutions typically

work well for providing single sign-on (SSO) to employees, but open up a set of challenges

when organizations want to provide access to their customers and partners. Organizations with

traditional IAM are therefore faced with complexity and a choice—add customers and partners to

existing user directories, such as Microsoft® Active Directory (AD), and take on the licensing and

user administration costs, or look to alternatives.

Unfortunately, with the first option’s complexity, partners and customers must settle for less and

IT with forced cost and compromises for implementation—not ideal. Fortunately, there is an

alternative to the complexity, cost and comprises. Identity as a Service (IDaaS) is growing as a

common deployment model for organizations. An IDaaS solution provides a cloud-based option to

give all of your users the same easy access to all of the applications they need.

“By the end of 2017, 20% of IAM purchases will use the IDaaS delivery model, up from less

than 10% in 2014.” – Gregg Kreizman, Gartner2

“Ping Identity has demonstrated

support for multiple workforce and

external identity use cases, as well as

strong service provider support.”

Gregg KreizmanGartner1

2

SOLUTION BRIEF

Solution Benefits

■ Single sign-on to all your applications for all of your users

■ Centralized control for IT—with convenience for end users

■ Integration with your existing security investments

Introducing PingOne, Identity as a ServicePingOne®, an Identity as a Service (IDaaS) solution, delivers a centralized solution to provide single

sign-on to all of the applications your employees, customers and partners need, while keeping it

under your control.

Deliver the Applications Users NeedMultiple usernames and passwords simply no longer work as a primary security practice. Still,

end users need access to a variety of applications—including SaaS, custom and packaged

applications. With PingOne, you can give centralized access to all of the applications end

users need. PingOne provides a number of ways to access your SaaS, web, custom and legacy

applications. It also offers a customizable user portal that is available via a web browser, as well as

via mobile applications for Apple and Android™.

Users access all of their applications via the PingOne web-portal or mobile app. This user interface

can be customized to match your branding for your users, customer and partners.

Already have a portal? Not a problem. PingOne can integrate with your existing portal to provide

SSO access to all of your applications. Users will only be shown the applications they have been

granted access to via their role or group membership.

3

SOLUTION BRIEF

Give Access to Applications Through an Application CatalogPingOne offers flexibility on how to provide applications to your end users. It includes an

application catalog with thousands of pre-configured applications and allows you to define new

applications yourself.

Basic or Federated Single Sign-OnConnections are made to applications using basic or federated SSO. With basic SSO, a web-

browser extension is used to securely relay passwords to web applications. The user is prompted

to sign on to their application as they normally would the first time. PingOne will then use those

credentials to sign on to those applications in the future. The credentials are encrypted locally on

the end-user’s device and stored in PingOne. PingOne never has access to those credentials.

With federated SSO, sign-on to SaaS applications is done via Security Assertion Markup Language

(SAML), an open standard used to exchange authentication and authorization data between an

identity provider (PingOne) and a service provider (your SaaS application). With SAML, a single

connection is made to your SaaS application and PingOne.

Ping Identity solutions work with:

■ Web Servers: Apache, Microsoft® IIS

■ Application Servers: Oracle® WebLogic, IBM® Websphere

■ Web Access Management: CA SiteMinder®, Oracle Access Manager,

RSA® Access Manager

■ Commercial Applications: PeopleSoft, ADP®, SharePoint

■ Virtualization Technologies: Citrix® XenApp, Amazon Web Services™

■ Custom Applications: Java, .NET, PHP, Perl, Python

For more information, visit our Applications Integration page.

PingOne has been consistently

named a leader by independent

research firms Gartner, Forrester®,

IDC and KuppingerCole.

4

SOLUTION BRIEF

Managing UsersIf you are like most organizations, you need to provide applications to your workforce, customers

and partners. With PingOne, you get unmatched flexibility to work with your existing identity

stores, while providing options for the future.

Bridging Existing Identity StoresThe challenge with existing on-premises identity systems that leverage Kerberos and LDAP is that

they cannot make the leap to SaaS applications. Without coding or extensive customization,

external identities (partners or customers) won’t be able to readily connect from their

environments to on-premises resources.

Unlike legacy on-premises systems, PingOne can work with your existing identity stores by

providing an identity bridge to your existing investments. The identity bridge is important for both

‘to the cloud’ and ‘from the cloud’ application access.

PingOne offers a number of identity bridge options to work with your existing stores. If you

are using Microsoft Active Directory, Ping Identity offers AD Connect, a lightweight agent that

connects to Active Directory and provides a single, outbound federation identity provider and

provisioning connection to PingOne. From there, PingOne takes care of SSO to your applications.

PingOne gives you the flexibility to work with multiple identity stores. If you have more complex

needs, such as a legacy WAM or LDAP, PingOne provides an enterprise identity bridge that can be

used with PingOne.

Manage Your Users in PingOne

In addition to working with your existing directories, PingOne includes a cloud-based directory. It

is a user directory as a service in the cloud—allowing your organization to move those identities

to a service, and therefore streamline operations and reduce costs all at the same time.

5

SOLUTION BRIEF

One Directory for Customers, Partners and Occasional UsersYour user population consists of more than just your employees. Today, you have a network of

users, including demand chain partner users, supply chain partner users, customers, contractors,

retirees and more. Why add the expense and hassle of managing these users in your existing on-

premises directory? With the PingOne directory, you can provide access to your applications for

occasional users with simplicity.

The PingOne directory includes:

■ Cloud User Management. Gain easy user management with the ability to customize the

attribute schema for your needs.

■ User Groups. Define and assign users to groups for simple management of users to

applications and directory access entitlements.

■ Directory Access Entitlements. Assign administrative rights for groups of users to

manage other users in the directory.

■ User Provisioning Via SCIM. Utilize automated on-boarding and off-boarding of users

to applications using the SCIM standard. Give users access to apps when they need

them and take away access when they don’t. This provides a standards based approach

to provisioning and eliminates proprietary APIs for provisioning.

■ User Registration. Deliver quick and efficient access to applications for your end-users

via a self-registration or anonymous registration process. This eliminates the need to

create users and gets your users into your applications faster.

■ API Support for Custom Applications. Leverage separate identity management and

storage from your custom application by maintaining user data in PingOne directory

through standards-based APIs.

6

SOLUTION BRIEF

Strong AuthenticationWhen your policies require strong authentication, PingOne offers an easy way to quickly add

multi-factor authentication. As an optional component to PingOne, PingID™ provides a simple,

yet elegantly secure way to provide additional factors of authentication to your applications.

Deployed as an application on a users phone, end-users are prompted to respond to a challenge

on their phone as a second factor. PingID can be used on individual applications, based upon IP

address or a number of other factors to meet your policy needs.

7

© 2014 Ping Identity Corporation. All rights

reserved. Ping Identity, PingFederate, PingOne,

PingEnable, the Ping Identity logo, and Cloud

Identity Summit are registered trademarks, or

servicemarks of Ping Identity Corporation. All

other product and service names mentioned

are the trademarks of their respective

companies.

SOLUTION BRIEF

1/15.11, 2 Gartner Magic Quadrant for Identity and Access Management as a Service, Gregg Kreizman, 2 June 2014

About Ping Identity | The Identity Security CompanyPing Identity is The Identity Security Company. Ping Identity believes secure professional and personal identities underlie human progress in a connected world. Our identity and access management platform gives enterprise customers and employees one-click access to any application from any device. Over 1,200 companies, including half of the Fortune 100, rely on our award-winning products to make the digital world a better experience for hundreds of millions of people. Visit pingidentity.com for more information.

What You Get: PingOne as an IDaaS Solution Highlights ■ SSO for all of your users. Give employees, customers and partners the same, secure

one-click access.

■ Integration with all of your applications. Provide one-click access to all of your SaaS,

web, custom and legacy applications.

■ Support for your existing user directories. Use an identity bridge to connect to your

existing investments while providing SSO to all of your applications.

■ Cloud user management. With the PingOne directory, easily manage users in the cloud

and provide easy access to your applications with no on-premises requirements.

■ Multi-factor authentication. With the optional PingID MFA solution, provide easy-to-use

and secure strong authentication to meet your policies.

Start using PingOne todaySign up today for a free trial of PingOne!

Standards SupportPing Identity supports a complete portfolio of standards, including SAML, OAuth and OpenID®

Connect. In addition to supporting standards, Ping Identity actively participates in the standards

development for critical new capabilities, like native mobile SSO (NAPPS).

Customer SupportPing Identity has customers across North America, EMEA and APJ, and provides 24/7 support in

multiple languages. Ping Identity is ranked among the top software companies in the world with

a Net Promoter Score (NPS) of 58.

Ping Identity has been consistently

named a leader across multiple,

independent industry evaluation and

analyst reports:

■ Gartner Magic Quadrant: Identity and Access Management as a Service, June, 2014

■ The IDC MarketScape: Federated Identity Management and Single Sign-On Market, March, 2014

■ The Forrester Wave™: Identity And Access Management Suites, Q3 2013

■ KuppingerCole™: Leadership Compass for Cloud User and Identity Access, Q3 2014