Ping Identity Platform Reviews

The use case I mentioned, particularly for Single Sign-On, is that we have used it for Single Sign-On. It allows users to access multiple applications with one set of credentials. Users don't need to remember different kinds of credentials. Single Sign-On comes into the picture where Ping Identity Platform provides the Single Sign-On feature.

Another thing is that Ping Identity Platform provides adaptive multi-factor authentication. It uses context-based security, based on things such as location, device, and different networks, which triggers extra authentication only when the risk is detected. That is what we call adaptive multi-factor authentication.

Then comes Identity Orchestration. It is one of the great features that Ping Identity Platform has. It provides a no-code, drag-and-drop interface which builds complex, personalized user journeys, from start to bottom, from when a user starts, then their updates such as transfers, then when a user leaves. All of these things are managed by Identity Orchestration. If we need to define it, we can define it as per the client's requirements. It is completely feasible as per client requirement. As well as it provides complete API security. We have secure data flow which protects APIs through OAuth and OpenID Connect protocols. These are the SSO protocols.

Again, it has great features such as Ping One Protect, which is a real-time AI-driven threat detection that prevents bot attacks, account takeovers, and fraudulent activity. Ping Identity Platform is also used for IGA; we have SailPoint, we have Okta. Ping Identity Platform is useful for IGA, that is Identity Governance, which is helpful for user lifecycle management, which includes provisioning, deprovisioning, and compliance, as well as for recertification.

I utilize analytics tools for Autonomous Identity within Ping Identity Platform. This product uses machine learning for Identity Governance, specifically for auto-provisioning access, analyzing access patterns which reduces roles, then identifying high-risk access outliers, where it will be used for Autonomous Identity. Then comes PingHelix, which is an AI product used for Ping Identity Platform. It is a strategic initiative that embeds AI at the core of Ping One platform which creates a more intelligent, proactive identity secure posture. Finally, there's Ping Intelligence, which is used to detect anomalies and threats specifically against APIs, identifying potential data breaches in real-time. That is the use for advanced analytics.

With Ping Identity Platform, I was using it in my previous organization, which is the Great Software Laboratory, which is an India-based organization. It is a completely comprehensive hybrid capable Identity and Access Management feature which provides features such as multi-factor authentication, Single Sign-On, then Identity Orchestration, centralized authorizations such as ABAC. As well as it provides directory services, then API security, and fraud detection.

Personally, I appreciate Identity Orchestration the most about Ping Identity Platform. We don't need to define too much code. It is just a simple drag-and-drop interface. With the correct drag-and-drop options, we can build a complex and personalized process very efficiently and effectively for registration, for login, for profile management. Another thing I appreciate is that it provides great Identity Governance features. We don't need to define too much. It will take very less time for deployment. One of the great features of Ping Identity Platform is Ping One Protect, which protects against bot attacks, account takeover, and other fraudulent and misleading activities.

The platform's API security features, particularly with Ping Gateway, are one of the great features in Ping Identity Platform that help protect my API. Ping Gateway provides the secure data flow and also it protects the API that is used by OAuth, OpenID, and SAML, which is used by their API connector tool. It integrates with multiple Workday applications and multiple contractor applications. With Ping Gateway, it will be completely secured and all the APIs are secured by the help of Ping Gateway.

Regarding areas for improvement in Ping Identity Platform, there is not much. In terms of licensing and implementation costs, it has premium pricing, and it has a very complex implementation. It provides greater feasibility, but it takes a very long time in terms of complete building. There is a very limited number of legacy support, which can pose potential difficulties in integrating with certain older or legacy systems. Additionally, issue troubleshooting can be difficult at times. Sometimes issues can be difficult to diagnose and require extensive technical expertise. There is also a very steep learning curve for administrative purposes and potential difficulties with offline authentication scenarios.

My experience with Ping Identity Platform is that I worked previously for about three years.

In terms of stability for Ping Identity Platform, we haven't faced any issues till now. It depends on the workload. It may take some time, but there have been no crashes till now. However, it takes time to load all of these things, so I would recommend or give a rate of around nine out of ten.

I find that it has great scalability, so I will rate it ten out of ten. There are no issues at all.

I would rate the technical support for Ping Identity Platform seven out of ten because of their limited support and late availability.

Maintenance for Ping Identity Platform depends on the technical support you require and the license you obtain. For these elements, we require maintenance support yearly.

Regarding pricing for Ping Identity Platform, I would rate it eight out of ten.

My advice for others looking to implement Ping Identity Platform is that if you are looking for a cloud-first company, you can prefer other platforms such as OneLogin or Okta. If a customer wants a hybrid environment where they can use on-premises applications and cloud-based applications while requiring advanced compliance and customization, then I would recommend the client to prefer Ping Identity Platform.

I assess the Single Sign-On capabilities of Ping Identity Platform in streamlining user access as providing almost 200 to 300 pre-built applications. It provides Single Sign-On based on SAML 2.0, OAuth, and OIDC. It has a very great feature, but as compared to other applications such as Okta, it has a very low number of pre-built applications. However, when it comes to customization, it is very good. It provides greater flexibility. A client can define it in their own way. There is no limitation in customization. We can do a lot of customization in Ping Identity Platform. That is where it provides greater feasibility over Okta.

In terms of the flexibility of integration with Ping Identity Platform, I have a couple of applications for cloud-based, a few based on on-demand, and several on-premises applications. We have some real-time applications we use for user lifecycle management as well as provisioning. Depending on the client's requirement, we set it as a customization as per their need. We define their user interface, then user logout interface, and there is also a thing such as self-registration forms, and log in and log out timing sessions. We can do that kind of customization as per the client's requirements. That is the greatest feasibility for Ping Identity Platform.

Overall, I would rate Ping Identity Platform eight out of ten.

The main use case for PingFederate is that we are maintaining the centralized single sign-on with DuroSengel and Carabras as the two main instances to review. If any application is hosted outside our organization, then we have front desk and third applications for SDM authentication. Along with that, we have all my answers in place.

The most valuable feature I have found in PingFederate is that it is quite similar to other competitors regarding the problem. If I am comparing it with another competitor, such as Excel or Microsoft, it provides a similar kind of feature in terms of single sign-on. In terms of business, I am not sure about the value for money and how much they are charging for the same credit. I do not know about it, but in terms of the feature, I do not think there are many differences between other competitors. Other competitors also provide the same feature, and I see that they could also provide the same feature.

The areas where I think PingFederate needs room for improvement include that the most significant area I would recommend is that things such as redirects still do not have majority of the application direct integration, such as Oracle ERP. There are many other applications which do not have direct integration between identity provider and service provider, and we see that in terms of business, there is a lot of complexity involved and a lot of customization required. PingFederate has to improve a lot in terms of providing the single tenant facility rather than depending on other third parties.

I have been using PingFederate for almost one and a half years.

Overall, I see PingFederate as a stable product and I do not see any bugs at the moment. Since all those issues are missing, then it is fine.

Scalability-wise, PingFederate is the same for me overall.

I have contacted the technical support team at PingFederate.

I would rate their help as two out of ten.

The problem with the support team is that I do not like support; the day of the threat image, they never come on the call and unless it is a priority, they never come to call to defend it and to provide any kind of solutions. It is very hard to bring them into the call when we have priority.

My company decided to use PingFederate rather than a different product because the salesman sold the product without involving the technical team, and we are not comparing it with other products, opting instead for a slim project.

The initial setup of PingFederate is quite unusual.

The setup time for PingFederate is not specified.

If you want to use PingFederate for the first time, I would recommend going with the other competitors to compare what the business wants. The business needs to focus on cost and efficiency. If you think any of these three are enough, then go for the other competitors. At the end of the day, what matters is how much money you spend. This other competitor is providing a similar kind of feature with one ammon, while another competitor is providing it with two ammon, so you will always opt for one ammon.

More than ten thousand people in my company might be using PingFederate.

I would rate PingFederate six out of ten, as it is up to you. For me, more technical ability of the person's things are great. I rate this review six out of ten overall.

I run my own IT company where we work with multiple products. Nowadays, we are not doing a lot of Ping Identity Platform projects because there are other technologies like Ping and Okta and other options available which are better than Oracle. That is why we don't have a lot of Oracle projects these days.

We are working mostly with Ping technology and ForgeRock, and we do have some Oracle projects that we are running, but majorly we are running Ping and ForgeRock.

Ping Identity Platform can provide a solution for both workforce identity and access management and also for consumer identity and access management, which is CIAM.

There are many things that are better in Ping Identity Platform. First, it is a very lightweight product. Second, I would say it's a converged platform which can do both identity management, access management, and recently they are bringing privilege management capability as well. Another thing is that they also have something very unique, which is their user interface-based journeys, which provides their single sign-on experience. That is a very good thing. Ping Identity Platform also supports all the latest features such as passwordless and managing agentic identity. They also have AI capabilities within the product itself.

They provide out-of-box almost all the MFA options, including email OTP, text-based OTP, TOTP, HOTP, biometric, and passwordless. They can also integrate with any third-party MFA provider. From that perspective, it's a complete platform.

They support OAuth and OpenID. They also have this product called Ping Gateway, which you can use to implement API security. It provides features such as throttling, adding authentication, or everything you can do as part of Ping Gateway.

From the improvement perspective, they could bring IGA capability, which right now they only have in their SaaS offering. Other than that, Ping Identity Platform has multiple products for access management, identity management, a solution for API security, a solution for authorization, and a product for identity verification. From that perspective, it is complete, and they are improving it.

I think a nine.

Ping Identity Platform can be compared with any other leader in the identity and access management space, but I would say it would be high because they have been the leader in all the analytics reports, whether it's Gartner or KuppingerCole or any other reports.

I would say Okta, and Okta and IBM from that perspective. IBM and even Oracle could be alternatives, but Oracle is a dying technology at this point in time.

Ping Identity Platform has some analytic capability, but mostly it produces the logs which can be sent to any external SIEM tools such as QRadar or Grafana or anything similar. It basically produces the logs which can be consumed by any analytics tool.

It is very easy to integrate.

They have been the leader for the last eight or nine years according to Gartner and KuppingerCole or any other analyst reports.

I would rate Ping Identity Platform at a ten. Overall, I would rate my experience between nine and ten. My overall review rating for Ping Identity Platform is nine.

Ping Identity Platform provides federation services for third-party applications, which is essential for organizations with high-security needs to manage all logins with a single sign-on, making it easy to onboard third-party applications.

Ping Identity Platform's most valuable feature compared to other tools is its extensive customization capabilities. Unlike some competitors that are cloud-only, Ping Identity Platform can be accessed both on-premises and in the cloud, allowing for high flexibility in creating user flows and policies tailored to client requirements. However, a drawback is that it does not manage users directly in the interface, requiring interaction with third-party entities or LDAP gateways.

Ping Identity Platform needs to improve user management capabilities so it can be easier to maintain users and their access, as well as enhance flexibility in logging into multiple applications seamlessly through PingOne, as some organizations restrict access to their data.

When I mention better user management in Ping Identity Platform, I refer to its lack of features similar to those in IGA platforms such as Okta, where users can be modified without needing to check logs repeatedly. In Ping Identity Platform, it requires checking Active Directory for user issues, which can pose challenges, especially since SSO teams often do not have complete access to user data.

I have been using Ping Identity Platform for the last four years, specifically since 2019, and I stick mostly to PingFed with four years of experience, while I also have one year of experience with PingAxis and two years with PingOne and PingID. Currently, I am learning PingOne DaVinci.

Ping Identity Platform demonstrates strong stability, as it is not prone to bugs, with the development team consistently fixing issues, making it highly recommended by many clients.

I have contacted the support team of Ping Identity Platform for help before, and my experience with them varies depending on the situation at hand; I would rate their assistance as a seven out of ten based on my experiences.

The installation, setup, and deployment of Ping Identity Platform are easy to manage without significant complications.

If a customer inquires about using Ping Identity Platform for the first time, I would advise them to consider their budget, license costs, and how many applications they have before proceeding. I also compare Ping Identity Platform with other products such as Okta or JumpCloud to ensure it meets their needs.

In my company, many people use Ping Identity Platform, especially among banking and retail customers, with at least five out of ten clients utilizing it for access management.

Ping Identity Platform is expensive. However, I believe it is worth the investment despite its high cost because of the value it provides.

For beginners, learning to use Ping Identity Platform for the first time is manageable; I can say that if one dedicates one to two months to it, they would grasp the tool effectively, rating ease of learning around six out of ten. I would give Ping Identity Platform an overall rating of eight out of ten.

Positive

I usually deploy single sign-on and multi-factor authentication using PingOne for customer-facing applications to enhance security and user convenience. I use PingFederate to integrate with Kerberos-based systems, such as Salesforce, AWS, ServiceNow, and Google. I configure various OAuth grant types and set up Windows Service Federation and SAML 2.0 protocol service provider endpoints using PingOne and PingFederate.

It's convenient for users to log in through Ping using the Kerberos adapter because it doesn't require them to authenticate again. If a user is already logged into the organization's domain, the system automatically checks the Kerberos ticket in the background when they try to access another application through Ping. It logs them in without prompting for a password or reauthorization. 

You don't need prior experience to use this; you need to understand how it works. Experience is only necessary when integrating it with systems. For instance, when using any application through Ping in your organization, it just needs to be connected to the organization's domain. This setup works seamlessly on a PC, automatically detecting the Kerberos ticket and logging you in. However, it won't work on a mobile device since the mobile doesn't have a Kerberos ticket. On a mobile phone, you'll be prompted to authenticate again.

It's important to keep learning and improving in every phase of life. There are instances when you need to use programming languages like Java and Python, especially when integrating systems or making code changes. 

One significant challenge was ensuring smooth user migration during system upgrades in Ping. At my current company, based on successful authentication, I enabled secure user migration in the PingOne directory to maintain continuity in user access and minimize disruptions. Another challenge was troubleshooting and resolving issues related to PingID MFA flows, which I addressed through performance tuning, logging, and debugging.

I have been using Ping Identity Platform for eight years.

I manage the scale of integration across multiple applications, ensuring minimal disruption to ongoing business operations. This requires effective communication and coordination with the team and stakeholders to address issues and mitigate risks promptly.

In several projects, particularly when deploying Ping across large environments, I encountered challenges supporting many users during peak times, which strained the authentication infrastructure. To address this, I implemented PingID clustering to distribute the load across multiple servers, ensuring high availability and load balancing to prevent single points of failure. The multi-factor authentication process didn't introduce significant latency, especially for high-transaction applications. This involved thorough performance tuning, optimizing network configurations, and fine-tuning Ping settings. I regularly monitor system performance to identify and resolve any bottlenecks.

150-200 users are using this solution.

I rate the scalability as seven out of ten.

The product is affordable and starts at 20,000 dollars/year, depending upon the license and maintenance requirement. It makes our work easier and saves a lot of time.

I haven't faced any debugging issues. It was only during the testing that I faced.

I advise you to be extremely careful when integrating Ping with any application, especially during authentication. If an intruder manages to get authorized, they're just one step away from accessing all your organization's data. With PingFederate, users only need to log in once, so if an attacker gains access, it becomes tough to track and stop them. The critical takeaway is to be vigilant during integration and ensure that every security measure is thoroughly implemented.

Overall, I rate the solution a nine out of ten.

I have around ten years of experience with IAM tools, and I have been working mostly on access management for the last few projects. My overall experience, considering that I have worked with various access management tools, like PingFederate and Okta. In terms of identity management, I have worked with IDM and SailPoint. In terms of privileged access management, I want to work closely with CyberArk to provide the service account and administer it to the vault. I also understand the concept of PSM and password rotation. Integrating CyberArk with Ping, you get both RADIUS and SAML. Coming to my roles and responsibilities, in my current project for new application onboarding and access assigned to the IAM team who are assigned service tickets. We pick up those tickets and assign them to us, and then we communicate with the application owners.

The most valuable feature of the solution is the role-based access control. We use role-based access control in our project while onboarding applications. I get to understand how the user provisioning is done and the roles currently available in the system, and we will integrate them with SailPoint IIQ and make those roles requestable. Once the user requests the roles, we can follow the workflow, and SailPoint IIQ will provide the user with the ability to request the roles in Active Directory. While using SSO, we will read the roles and pass them to the application.

In my company, we have worked on authorization, and I know that there are different types of grants. We have worked on the authorization code, client credentials, and ROPC grant. There are two types of tokens, like the JWT token and internally managed reference tokens. JWT tokens are useful for finding information related to the claim requests. Internally managed reference tokens are useful for dealing with visual data and information. For the clients to fit the user information, they need to do additional work to fit all the user info into the site, which is to define and validate the token issue and provide the request for VPNs. I worked on the key differences between the authorization code and implicit grant. In the authorization code type, you will have the authorization code issued initially to the client, and the client has to exchange it with the authorization server, like using a DAC channel to get the access token. In implicit grants, tokens are issued right away if the application is a single-page application. We can either use the authorization code or an implicit grant.

I have been using the Ping Identity Platform for six years. My company has a partnership with Ping Identity Platform.

Sometimes, there are issues with its stability. It is possible to fix the stability issues in the product.

It is a scalable solution.

If some access is denied to some users, then they can contact the support team for help you can help them fix everything. At times, users are not able to access the applications, but with features like SSO, we can have a single set of credentials. We can access and get a set of login credentials to access the application.

Based on the environments, I would say that I used to work in two environments, like development and production. PingFederat is a standard tool. The product has four nodes, out of which, one node is both admin and engine. The remaining engine nodes, we use direct cluster, like, Ping in front of the proxy and external LBs on the top of it.

There are some issues with the tool's stability, such as where improvements are required.

The product's initial setup phase is very easy.

Ping Identity Platform is not very expensive.

The tool is easy to use.

I would recommend the tool to others.

Ping Identity Platform can help identify and verify users. It is a really good platform to identify users, and give access to them.

I rate the tool a seven out of ten.

Managing customer identities and providing a secure and seamless login experience for consumer-facing applications.
Protecting APIs from unauthorized access and ensuring secure communication between services.

Enhance security, improve user experience, ensure compliance, and streamline access management.Clients using this Platforms a seamless and secure login experience. Self-service capabilities allow clients to manage their accounts independently, reducing the burden on support teams.

Centralizing the management of authentication and authorization policies simplifies administration.Organizations can enforce consistent security policies across all applications, improving overall security posture and compliance with regulatory requirements.PingFederate can adapt authentication requirements based on risk factors such as user behavior, location, and device.

Streamline the user interface for administrators and end-users to make configuration and daily use more intuitive.
Reduces the learning curve and administrative burden, leading to better adoption and more efficient management.
Optimize performance to handle high-load environments more efficiently, reducing latency and improving response times.
Provide more comprehensive and user-friendly documentation, including more use cases, troubleshooting guides, and best practices.

I have about three years of experience with PingFederate and six years with PingDirectory.

PingFederate supports horizontal scalability, allowing organizations to add more servers to handle increased loads.

PingFederate can be deployed behind load balancers to distribute traffic evenly across multiple instances, ensuring efficient handling of authentication requests.

Clustering capabilities allow multiple PingFederate instances to work together, sharing the load and providing redundancy.

We have six to eight members who provide operational support for Ping Identity products. They perform day-to-day operational support, including root cause analysis, Ping server installation, server maintenance, troubleshooting data sources, and any issues related to stopping processes. 

We create standard operating procedures for them to follow. If there's a high-priority incident that cannot be resolved by our SOPPO, CTP, IDaaS, and other support teams, we escalate the issue to the Ping Identity vendor team. We set up meetings to discuss the issue and find a solution.

I am also part of the support team as a senior consultant. Considering our daily activities and customer identity issue resolution, I would rate the operational support for Ping products at six to seven out of ten.

Positive

I have around eight years of experience in total IT and six years of experience in the Identity and Access Management domain. I've worked with different identity and access tools, such as PingFederate, PingDirectory, PingOne, Oracle Identity and Access Manager, ForgeRock, SailPoint, and CyberArk. I have more experience with US clients, and my last organization was Ping Identity.

At my previous company, I implemented a CDP identity portal with a Python DevOps model. We worked with four types of customers: CPB, QRadar, DUP, and DIRAS. We used PingFederate as an Access Manager and Federation Server to enable user authentication, single sign-on operations, and multi-factor authentication (MFA). It operated as an identity federation and provided secure access to authorized resources.

We also used PingDirectory as a structured repository for customer, partner, and external employee identity data to build unified user profiles. Apart from that, I've worked with Python and Shell scripting for about three years, enabling automation in Azure and AWS cloud environments.

Sometimes we need to configure PingFederate as an OAuth authorization server and OpenID Connect policy. We also configure SAML 2.0, register web applications and different applications, on-premises applications, and any cloud applications that integrate with PingFederate. 

Sometimes we create data store connectors, password credential validators, and adapters to enable authentication, and we work with proxy servers. That kind of implementation with PingFederate.

Project-Specific Setup:

The complexity of the setup depends on the requirements of the project. Some architect teams and different customers have specific needs. If you want to deploy Ping on-premises, the team will handle that. We use the Ping Identity Portal and follow the core documents to integrate with any application. 

We also create SOPs to enable authentication for different applications. We create high-level and low-level design documents and perform daily support activities for the PingFederate server.

Pricing is not a concern.

you can make an informed decision about whether PingFederate or another IAM solution is the best fit for your organization's needs. Each solution has its strengths and potential drawbacks, so aligning the choice with your specific requirements and environment is key to a successful implementation. Some other popular IAM solutions you might evaluate Like Okta, AzureAd , IBM Security and forgerock.

Ensure that the implementation of PingFederate aligns with your overall business goals and IT strategy. Identify key objectives such as improving security, enhancing user experience, or achieving regulatory compliance, and use these to guide the implementation process.

AI trends:

We have not used AI. We rely on shell scripting for automation processes, and there is no built-in AI in Ping products. We perform automation tasks through scripting and integrate various services, but no AI is involved.

Overall, I would rate it an eight out of ten. 

I primarily use the platform for OAuth and SAML-enabled applications, especially third-party and SaaS applications. I utilize the SAML protocol for those that support SAML, while for OAuth-supporting applications, I use OAuth, OIDC, and OpenID tokens. Additionally, for server-to-server communication, I employ the client credentials grant. For mobile-based native applications that require refresh tokens, I utilize those as well. I manage OAuth client ID registrations for certain SaaS applications and implement various authorization flows, such as Kerberos authentication for intranet requests and form-based authentication for external network requests. Furthermore, I have integrated Multi-Factor Authentication (MFA) to enhance the security of critical applications.

From a security perspective, I highly value the product's biometric authentication methods such as FIDO, FaceID, YubiKey, and the mobile app. These methods provide a higher security level than email authentication, which can be compromised if the email is breached.

There is room for improvement in the solution, particularly in security. With the increase in phishing attacks, organizations are moving towards passwordless authentication, which is the best approach. 

It involves checking certificate authentication or other methods instead of relying on user-entered passwords. This is where Multi-Factor Authentication becomes crucial.

I have been using Ping Identity Platform for almost 13 to 14 years.

The product is stable overall, with most issues arising from integration with other systems like Splunk. Weekly restarts help maintain stability and minimize the risk of crashes due to system connections.

The solution has supported varying numbers of users across different organizations, ranging from 65,000 to 70,000 users in my current environment to handling millions of requests per hour in previous organizations.

Scalability can present challenges, depending on what needs to be scaled. For example, adding servers is straightforward, but care must be taken to avoid disrupting existing environments during integration. Increasing memory or heap size is seamless, and I can restart one server at a time without any issues.

The customer support team is quite responsive and knowledgeable. Whenever I encounter any issues or require assistance, they quickly provide solutions.

Positive

The setup is generally straightforward, but it can depend on the environment. For example, in a previous organization, two companies merged, each with its own Active Directory and identity management instances. I had to build a new environment to match both the SSO-enabled applications. Although the process was straightforward, it depended highly on the organization’s architecture and requirements.

The deployment timeline depends on the availability of the application team. I aim to make SSO seamless between environments, avoiding multiple authentication logins for end users. Typically, the implementation takes about a month, considering network ACLs and other configurations. However, migrating applications can be challenging and may take months. My last project took almost one and a half to two years to complete the migration process.

The platform's value justifies the pricing, especially considering its security features and scalability. While it might seem a bit higher, the return on investment regarding security and efficiency is well worth it. The pricing is appropriate for the level of service and capabilities the platform delivers.

I have evaluated other solutions in the past, but I found this platform to be the most comprehensive regarding security, scalability, and ease of integration. Its strong support for various authentication protocols like OAuth, SAML, and MFA, along with its robust disaster recovery capabilities and adaptive clustering model, made it the ideal choice for our organization's needs.

I use Ping Identity Platform as the Multi-Factor Authentication solution. Once the first level of authentication is completed with a user ID, password, or card authentication, the request is directed to PingID. I have configured profiles that allow the use of devices like the mobile Ping app. I also use email in some scenarios, although I prefer FIDO authentication methods like YubiKey or FaceID for enhanced security.

I have integrated the platform into all environments using an adaptive clustering model that operates in an active-active configuration. Two regions are active-active, while the third serves as a passive disaster recovery region. When integrating new applications, I follow a structured process, beginning with intake forms to determine whether OAuth or SAML is required, depending on whether the application is accessing internal or external systems. ServiceNow tickets are used for configuration. This adaptive clustering ensures that the requests are automatically routed to the disaster recovery center if two data centers are down.

It includes a centralized tool where users can create their OAuth client IDs. However, I do not recommend this practice as it can lead to unnecessary client IDs and access tokens, increasing system load. Instead, I have developed a controlled process where users can request what they need, and the request is then sent to me for approval. This approach ensures that the process is managed effectively.

Overall, my experience with the solution has been very positive. It has played a crucial role in enhancing the security and efficiency of our access management processes. While there are always areas for improvement, particularly in terms of scalability and phishing resistance, it has consistently met our expectations. I would highly recommend it to organizations looking for a reliable and secure access management solution.

I rate it an eight. 

We use the product for migrating applications from on-premises to AWS.

The platform's most valuable feature is its identity management capabilities. It allows us to integrate multiple identity providers (IDPs) seamlessly and manage access policies effectively. Performance-wise, it has been quite reliable compared to other tools.

They could enhance the product's device tracking for better zero-trust security would be beneficial. Currently, it tracks IPs well but lacks detailed device information, which is crucial from a security standpoint.

Setting up applications and configuring policies can be complex, requiring meticulous planning and manual configurations.

I've been working with Ping Identity Platform for several years.

Stability-wise, it's generally good, but we encounter issues like log size management and occasional CPU utilization spikes, especially with web application firewall (WAF) integrations. It's manageable with proper monitoring and maintenance.

We manage around 400 applications across four IDPs, serving roughly 45,000 to 50,000 users. Each IDP setup varies in terms of application integration and user management. It allows us to quickly scale resources up or down without significant downtime, which is crucial for our operations.

They provide good technical support, but resource availability can be limited compared to larger providers like Azure AD. The self-help resources are useful, but response times for complex issues could be faster.

The product deployment can be complex, especially when migrating from on-premises to cloud environments like AWS. It involves reconfiguring settings and ensuring minimal downtime, which requires careful coordination.

The product generates a return on investment especially for organizations prioritizing on-premises control and security. It offers robust features and customization options that justify the cost.

Compared to some SaaS-based solutions, the platform is relatively cost-effective. It's cheaper than options like Microsoft Azure AD but can be pricier than basic IAM solutions.

The product is suitable for enterprises looking to manage identities securely and efficiently.

I rate it an eight.