Ping Identity Platform Reviews

I use the solution to protect the application and enable the single sign-on.

Setting up the infrastructure with Ping Identity Platform is very easy compared to other IAM products. You just have to unzip the folder, and your Ping infrastructure is ready. With very limited changes, you can prepare your infrastructure with Ping Identity Platform.

PingAccess can only have one token provider, and you cannot enable two different token providers simultaneously. Nowadays, people are migrating from on-premises to the cloud and may want to run the on-premises and cloud versions simultaneously. In other words, they may want to enable two token providers at the same time. That feature is not available in PingAccess.

PingFederate has limitations with cookie size, and it does not support larger cookie sizes. We also have some concerns about the cookie size.

I have been using Ping Identity Platform for five years.

Ping Identity Platform is a stable solution.

We had a good experience with the solution's technical support team.

It is very easy to set up the infrastructure with Ping Identity Platform compared to other on-premises solutions.

I would recommend the solution to other users. Compared to other IAM products, Ping Identity Platform is a stable and easy-to-maintain product with many features that can be enabled. It is easy for a beginner to learn to use the solution if he has a basic understanding of technical skills and networking.

Overall, I rate the solution an eight out of ten.

We use PingFederate to provide SSO (Single Sign-On) solutions to enterprise applications. We support protocols like SAML (Security Assertion Markup Language), OAuth, and OpenID Connect. For example, an organization wants to enable SSO for their applications. We use PingFederate to integrate those applications and onboard them with their IdP (Identity Provider).

PingFederate's scalability features supported our organization's growth. 

We use PingFederate as an identity provider (IdP). At the back end, we have Active Directory and Ping Directory as user stores for authentication. For our company, where we have around one million users and a thousand applications, PingFederate enables single sign-on (SSO) using the SAML protocol.

People have different email IDs and applications. Instead of users needing to remember a thousand different credentials, they can authenticate with a centralized system and use a single set of credentials to log in to all authorized applications. This provides a seamless user experience.

PingFederate is very flexible. We can do many customizations, and it also provides an SDK to tailor it to our specific requirements. There are also numerous plugins available. I've worked with tools like ForgeRock and Okta, but I find PingFederate to be the most customizable.

It provides basic SSO functionality, but we can easily extend it. For instance, if a client requires multi-factor authentication (MFA) beyond username and password, such as OTPs or knowledge-based answers, we can integrate those. 

Ultimately, we tailor the solution based on client needs. In fact, I've also worked in presales, demonstrating the capabilities of PingFederate through POCs (Proof of Concepts).

It requires some expertise to set up and manage. Also, having dedicated support is helpful. It's not something anyone can just set up and run without assistance – ideally, a team using PingFederate should have at least one or two people with in-depth knowledge of the product.

I have a total of eight plus years of experience using the complete Ping suite, which includes PingFederate, PingAccess, PingDirectory, and everything. 

I have enterprise-level knowledge of all the products. I have implemented, developed, and supported Ping solutions.

I've used both on-premises and cloud setups, and I haven't experienced any stability issues so far. The  stability depends on how you configure your infrastructure. But overall, the stability is very good.

PingFederate provides different scalability options. We can set it up in a cluster for a large user base. For instance, we can have two or three servers at the back end to distribute the load and ensure stability. We can install PingFederate in a clustered configuration.

This way, requests are distributed equally, and we can tailor the setup to the number of users. If the user base is small, two servers might be enough. For a larger number of authentication requests, we could use four or five PingFederate servers at the back end.

The support is good. If you have issues, they respond promptly. You just need to provide clear and detailed information about your problem.

For PingFederate implementation, we have different options. We can have an on-premise implementation, meaning we install it on our own procured servers. Alternatively, we can use the cloud version of PingFederate.

The initial setup itself isn't overly complex. With the cloud version, it's primarily deploying WAR files. 

While the full implementation takes time due to development and testing, the core installation process is relatively straightforward.

Ping offers flexible pricing that's not standardized. Subscription length will impact the price – for example, a three-year subscription will likely be cheaper than a one-year option. 

Additionally, if you require a higher level of support, that will influence the pricing. It depends on your specific requirements and support needs.

I definitely recommend PingFederate. If not the on-premises version, the cloud version is also a good option. We can determine the best approach based on your specific requirements. 

PingFederate is a great tool with a lot of customization options. It even offers agent-based integrations for older legacy applications that don't support modern protocols like SAML or OAuth. We just need to install JAVA agent on the application server, and there it will take the request and take it forward to the PingFederate.

Based on ease of use and everything, I'll rate it a nine out of ten. I've used Okta, and that's a bit more complex in comparison. 

It requires some expertise to set up and manage. Also, having dedicated support is helpful. It's not something anyone can just set up and run without assistance – ideally, a team using PingFederate should have at least one or two people with in-depth knowledge of the product.

In my company, we use PingFederate for federated connections and some ADC connections to arrange for single sign-on across our infrastructure and customers.

The most valuable feature of the solution is that PingFederate is very customizable since it allows its user to write in Java while using Spring, allowing for any plugin for almost any place or entity inside of it. You can modify everything, and it's a very suitable tool, more than Okta or Azure AD when you have a non-standard structure since it allows for customization and runs as a separate solution or a service.

Notifications and monitoring are two areas with shortcomings in the solution that need improvement.

I have been using PingFederate for more than five years. I use the solution's latest version. I am a customer of the solution.

I haven't faced any issues while walking with the solution. It is a stable solution. Stability-wise, I rate the solution a ten out of ten.

It's a very scalable tool because it allows those working on it to work with clusters, especially if we discuss PingFederate's horizontal scalability. One can use any number of nodes needed, but usually, two or three nodes are enough during the production phase.

For how the solution has been set up and programmed, I rate the solution's scalability a nine out of ten.

Owing to an NDA that my company has signed, I can't disclose the exact number of my company's customers who use the solution, but I can say that many use the solution, and it goes more than 50 in number.

My company does contact the solution's technical support from time to time in relation to the custom components that are due for updates. If we have built something very custom and something inside of PingFederate changes, then we contact the support team. The response from the support team is pretty quick. Mostly our company's issues related to the solution get resolved with the help of the technical team.

PingFederate provides pretty good documentation for the initial setup, but it's a large one requiring users to spend time on it.

If one is familiar with other authorization services, like Keycloak, it is possible to adopt PingFederate quickly.

The solution is deployed on the cloud, and we use the cloud services Amazon provides according to their documentation.

The deployment phase of the tool usually takes less than five minutes.

PingFederate allows us to untie our hands within our work environment, which involves many scenarios in terms of customization.

I would ask those planning to use the solution for the first time to research their infrastructure to utilize the other services in PingFederate. If they use the services of some other vendor, like Azure AD or other solutions, then it would be easier to use PingFederate since it may be less pricey.

I rate the overall solution a nine out of ten.

I've been managing it in my company. I am more on the implementation side.

We implement the MFA feature, multifactor authentication and administrate the application.

When it comes to authentication, the focus is always on security. That means using a separate device to verify the user logging in.

On the security side, PingID adds an extra layer, contributing about 20% of the overall security. Then, authentication brings more advanced features and contributes further.

PingID excels in managing user access and profiles. That's where it integrates most deeply with the existing systems.

The most valuable feature is the two-factor authentication (2FA). 

The mobile biometric authentication option improved user experience. It's always about security because, with two-factor authentication, it's always a separate device verifying the actual user logging in.

The management console needs to be improved. PingID should revise it.

I have been using it for a year. 

I would rate the stability an eight out of ten because there had been some issues.

I would rate the scalability a seven out of ten. PingID is adapting to most challenges. 

We have small and medium businesses as our customers. 

We get support. The support engineers are good. They are quite proactive.

Positive

I would rate my experience with the initial setup a seven out of ten, with ten being easy to set up. 

The initial setup is not too complex. Deployment is really quick and typically the entire process takes two hours. 

The pricing is neither too expensive nor too cheap.

Overall, I would rate the solution an eight out of ten because there is room for improvement in terms of usability. 

People use the solution to secure their applications and authenticate particular processes.

In access token management, we have to attach a certificate. In that column, I have to enable the search option to edit certificates. We can choose a drop-down to search for which certificate we have to create, which is difficult.

I have been using Ping Identity Platform for more than two and a half years.

Ping Identity Platform is a stable solution.

A lot of users from our company are using the solution globally.

The solution’s initial setup is easy.

Ping Identity Platform is not an expensive solution.

Recommending the solution to other users depends on their application. If fewer people use your application, you can set up the tool in a quality environment. You can also use Ping Identity Platform to secure your application by restricting access to a few people.

It is not easy for someone to learn to use the solution for the first time, but at the same time, it's not very difficult to learn.

Overall, I rate the solution an eight out of ten.

The product's most valuable features include its cloud-based capabilities for handling cloud applications and providing authentication and authorization through OIDC and SAML. It also supports integrations needed for both local and internal applications, including legacy applications requiring web server access.

Ping Identity Platform must improve its UI since its management console is complicated. 

In my experience with basic projects, I haven't encountered downtime. However, there have been instances where some application integrations faced challenges that needed resolution. Server issues or downtime haven't been significant. Overall, I would rate it as stable.

I have opened a case, and the tech support responded quickly. I google the issues. 

Neutral

I rate the overall product a seven out of ten. 

From a user perspective, if you need to get into our VPN or virtual private network, which is for remote people, there is protected data behind a vault.

And if you need access to the vault, you must use a multi-factor and PingID. Additionally, vicariously, people have to use multi-factor to get into applications. The final aim is to get into laptops and desktops, and you have to use Multi-factor to restart or unlock your PC. You have to use multi-factor. The way that we do multi-factor here is we give the users a choice of using a phone or a Ubiquiti as to something they have.

So after they type in their password and username, they're prompted for a device that they have registered, and they have their choice of a phone or a Ubiquiti, or both.

I wonder if there are multi factors in improving. It's always a deterrent to productivity, naturally. Since I've been on this journey for three years, I've seen the product improve in the sense that it's less impact on productivity. In the beginning days, we had challenges with paying, finding the network, and signing its back-end service in the cloud. However, that's been drastically improved over the years.

The other thing we did was allow users to manage their device profiles. So they can either go in and register on Ubiquiti or a phone directly with the user interface now or web interface, and they can also set their default device which they want to use. So they, like Ubiqui working with PingID, tend to be the default of choice. So they set their Ubiquiti to the default device. And then whenever MFA is prompted, they have the Ubiquiti or default device. So that was a great improvement. And the way we implemented PingID, it's the same user interface regardless if you're getting into VPN, the vault applications, or a laptop or desktop.

So it's the same user interface to manage profiles centrally on a server. Hence if they change it for one use case, they change it for another.

It's the device management portal where users can manage it themselves. So before that, they'd have to call IT support to rearrange their default device in the profile, but now they can do it themselves.

PingID is feature rich. We've prototyped some of their step-up authentications. In certain circumstances, like geofencing, they can waive the MFA requirement because they're in a trusted area that's physically secured. We've prototyped that but have not rolled anything like that out. So, the aforementioned details can be considered for future improvements and changes in the product.

I have been using the solution for over three years.

It is a stable solution.

It is a scalable solution. I've never really had problems where it's going down in one region. Well, even if it does, I don't notice it because the failover is working. 43,000 users are using the solution.

I would say the scalability is an eight or a nine.

The technical support team is good. We have some enhancement requests for them, and I think our people have a weekly call with them where they bring things up. They notify us of security vulnerabilities.

In the beginning, the initial setup was very complex. We had to ensure it was always available so there was a fail over. We had to have a mirror environment. It was complex in the early days three years ago, but it's matured quite a bit over the past three years. The solution is deployed on the cloud.

I see an ROI. It's not a revenue generator. So it's purely from a cost perspective, but on the other hand, because we protect so much of our data now through multi-factor, I don't know the statistics of how many times we've been hacked or passwords were stolen. But because we have done that, we've probably saved ourselves a lot of money in reputational damage in breach recovering from breaches.

On the technology stack we're currently using, we're exploring other technologies based on our platform and it includes many of our products. But we may explore other technologies to make it more seamless. But PingID is going to stay. We want to use something like biometrics to make it easier for shop floor workers. But if anything, I need an expansion of PingID.

It's a good, stable product, and they've served our needs very well. They've been very responsive, and the product is scalable. It's pretty robust. The desktop is customized to what we do here at GE, but they work a bit with us on it. So it's an excellent product.

I rate the overall solution a nine out of ten.

The only feature we were looking for in PingID was SSO integration with our existing web app. However, they have good support towards MFAs, SSO, and other authentication methods that are either already included in the current plan or made available with a minor upgrade.

PingID should put a little more effort into making a pretty self-explanatory deck about their tech features and the services they offer. I suggested this improvement directly to the sales manager, who was friendly enough to take that feedback.

PingID is a reputed solution. I was already aware of PingID because we used PingID as a solution for all our login functionalities in my previous company. When I had an opportunity to add these capabilities to my new organization, PingID was one of my first choices. It's not because I'm biased but because I already knew the solution was scalable.

The solution architect and the sales managers gave the initial support. PingID's support portal is confusing, and it took a couple of back-and-forths to get some support from the support folks. However, the account manager did help us with the support questions by putting us in touch directly with some of the engineers. I rate PingID an eight and a half out of ten for customer support.

Positive

PingID’s initial setup was pretty straightforward.

The initial deployment with POC took about a month, and the actual production deployment took about a couple of weeks, maybe around four weeks or so. About four engineers, including a tech architect, were involved in the solution's deployment.

PingID's pricing is pretty competitive.

PingID's team was pretty good. We were trying to build a solution and wanted to deploy it for only a couple of hundreds of customers. We didn't want to sign up for a 1,500 or 5,000 feet plan. PingID was pretty understanding about our needs and provided us with great plans for the smallest fee they could provide. We had good negotiations with them, and they were pretty friendly. PingID provided all the required technical support even before we signed up. The sales manager ensured he supported me throughout the process, and we signed a deal with PingID.

Overall, I rate PingID an eight and a half out of ten.