Ping Identity Platform Reviews

I usually deploy single sign-on and multi-factor authentication using PingOne for customer-facing applications to enhance security and user convenience. I use PingFederate to integrate with Kerberos-based systems, such as Salesforce, AWS, ServiceNow, and Google. I configure various OAuth grant types and set up Windows Service Federation and SAML 2.0 protocol service provider endpoints using PingOne and PingFederate.

It's convenient for users to log in through Ping using the Kerberos adapter because it doesn't require them to authenticate again. If a user is already logged into the organization's domain, the system automatically checks the Kerberos ticket in the background when they try to access another application through Ping. It logs them in without prompting for a password or reauthorization. 

You don't need prior experience to use this; you need to understand how it works. Experience is only necessary when integrating it with systems. For instance, when using any application through Ping in your organization, it just needs to be connected to the organization's domain. This setup works seamlessly on a PC, automatically detecting the Kerberos ticket and logging you in. However, it won't work on a mobile device since the mobile doesn't have a Kerberos ticket. On a mobile phone, you'll be prompted to authenticate again.

I am into cybersecurity IAM and have excellent experience with Ping Identity, especially. I work on implementing SSO using Ping Identity with application support protocols such as SAML 2.0 and OAuth/OIDC connections in production and non-production environments. 

I validate applications and functionalities on PingFederate and PingAccess, provide 24/7 support on prod/non-prod environments, troubleshoot issues, renew certificates, gather requirements, implement changes, and integrate new applications into Ping. 

I also provide authentication and authorization services to applications. I have been working with the operations team and, for the last six months, have upgraded to the engineering team. I create policies, adapters, and selectors for clients.

We implement multi-factor authentication because two-factor authentication had a lot of problems. We have to move to multi-factor authentication for security purposes. We had to implement multi-factor authentication before onboarding the SSO applications.

It is not an easy tool to use. There are two flows: internal and external. 

For internal flows, we use Azure AD authentication for seamless SSO. Users do not need to enter a user ID or password. Once they are authenticated by Azure AD, they are redirected to the application page. 

For external users, the application teams are using multi-factor authentication.

Managing customer identities and providing a secure and seamless login experience for consumer-facing applications.
Protecting APIs from unauthorized access and ensuring secure communication between services.

Enhance security, improve user experience, ensure compliance, and streamline access management.Clients using this Platforms a seamless and secure login experience. Self-service capabilities allow clients to manage their accounts independently, reducing the burden on support teams.

I have around ten years of experience with IAM tools, and I have been working mostly on access management for the last few projects. My overall experience, considering that I have worked with various access management tools, like PingFederate and Okta. In terms of identity management, I have worked with IDM and SailPoint. In terms of privileged access management, I want to work closely with CyberArk to provide the service account and administer it to the vault. I also understand the concept of PSM and password rotation. Integrating CyberArk with Ping, you get both RADIUS and SAML. Coming to my roles and responsibilities, in my current project for new application onboarding and access assigned to the IAM team who are assigned service tickets. We pick up those tickets and assign them to us, and then we communicate with the application owners.

The most valuable feature of the solution is the role-based access control. We use role-based access control in our project while onboarding applications. I get to understand how the user provisioning is done and the roles currently available in the system, and we will integrate them with SailPoint IIQ and make those roles requestable. Once the user requests the roles, we can follow the workflow, and SailPoint IIQ will provide the user with the ability to request the roles in Active Directory. While using SSO, we will read the roles and pass them to the application.

We use the product for migrating applications from on-premises to AWS.

The platform's most valuable feature is its identity management capabilities. It allows us to integrate multiple identity providers (IDPs) seamlessly and manage access policies effectively. Performance-wise, it has been quite reliable compared to other tools.

I primarily use the platform for OAuth and SAML-enabled applications, especially third-party and SaaS applications. I utilize the SAML protocol for those that support SAML, while for OAuth-supporting applications, I use OAuth, OIDC, and OpenID tokens. Additionally, for server-to-server communication, I employ the client credentials grant. For mobile-based native applications that require refresh tokens, I utilize those as well. I manage OAuth client ID registrations for certain SaaS applications and implement various authorization flows, such as Kerberos authentication for intranet requests and form-based authentication for external network requests. Furthermore, I have integrated Multi-Factor Authentication (MFA) to enhance the security of critical applications.

From a security perspective, I highly value the product's biometric authentication methods such as FIDO, FaceID, YubiKey, and the mobile app. These methods provide a higher security level than email authentication, which can be compromised if the email is breached.

I use the solution in my company for SSO implementations in different applications using two protocols, one of which is SAML and the other one is OIDC. For implementing SSO into those applications using the aforementioned protocols, I use Ping Identity Platform.

The most valuable feature of the solution is the federation facility it provides, which helps in fetching identity from one application to another application.