PingOne for Customers

I work with Governance , Risk, and Compliance  (GRC), IT Service Management (ITSM) , and Customer Service Management (CSM) modules of ServiceNow . My project is related to cybersecurity. I have touched on generative AI and integrations like SOAP APIs. I have used the Ping Identity Platform  for seamless Single Sign-On (SSO)  in enterprises, offering flexible integrations and federated identity management within a mid-sized enterprise environment.

I appreciate that the Ping Identity Platform  does not require coding and offers flexible integrations and federated identity management. Generative AI helps to automate access review and streamline governance workflows. The platform enhances security measures by analyzing multi-factor authentication attempts, highlighting suspicious patterns, and generating compliance reports.

In SSO , I would like to enable ServiceNow  Generative AI for auto-diagnosing PingFederate SSO failures and suggest remediation steps. I would like to see enhanced incident summarizations and awareness virtual agents driven by Generative AI.

I have gained experience with the Ping Identity Platform for about two and a half years. My recent experience is interrelated with my core project on cybersecurity.

During the initial setup, I faced challenges resolving high-volume authentication failures by using Generative AI to pinpoint PingFederate policies. However, I addressed delays in user onboarding by automating access provision through Generative AI workflows.

I have not experienced any stability issues personally. However, some colleagues have mentioned API connectivity, data security, and privacy issues.

In Ping, I have reached out to technical support for troubleshooting SAML certificate mismatches and federated errors between Ping and enterprise apps. They have helped support incident resolution for authentication failures using ServiceNow incident workflows and Generative AI summary.

Positive

I have not worked with any other SSO or IAM  solutions before the Ping Identity Platform.

The initial setup of PingFederate in a cloud environment using Generative AI took around one to two weeks. Once everything is set, it does not require much maintenance.

I evaluated ServiceNow and the Ping Identity Platform.

I would recommend PingFederate as an IAM  solution for its no-code environment, single sign-on, multi-factor authentication, bidirectional services, and advanced features. On a scale of one to ten, I would rate the Ping Identity Platform as ten out of ten.

Public Cloud

Other

I usually deploy single sign-on and multi-factor authentication using PingOne for customer-facing applications to enhance security and user convenience. I use PingFederate to integrate with Kerberos-based systems, such as Salesforce, AWS, ServiceNow, and Google. I configure various OAuth grant types and set up Windows Service Federation and SAML 2.0 protocol service provider endpoints using PingOne and PingFederate.

It's convenient for users to log in through Ping using the Kerberos adapter because it doesn't require them to authenticate again. If a user is already logged into the organization's domain, the system automatically checks the Kerberos ticket in the background when they try to access another application through Ping. It logs them in without prompting for a password or reauthorization. 

You don't need prior experience to use this; you need to understand how it works. Experience is only necessary when integrating it with systems. For instance, when using any application through Ping in your organization, it just needs to be connected to the organization's domain. This setup works seamlessly on a PC, automatically detecting the Kerberos ticket and logging you in. However, it won't work on a mobile device since the mobile doesn't have a Kerberos ticket. On a mobile phone, you'll be prompted to authenticate again.

It's important to keep learning and improving in every phase of life. There are instances when you need to use programming languages like Java and Python, especially when integrating systems or making code changes. 

One significant challenge was ensuring smooth user migration during system upgrades in Ping. At my current company, based on successful authentication, I enabled secure user migration in the PingOne directory to maintain continuity in user access and minimize disruptions. Another challenge was troubleshooting and resolving issues related to PingID MFA flows, which I addressed through performance tuning, logging, and debugging.

I have been using Ping Identity Platform for eight years.

I manage the scale of integration across multiple applications, ensuring minimal disruption to ongoing business operations. This requires effective communication and coordination with the team and stakeholders to address issues and mitigate risks promptly.

In several projects, particularly when deploying Ping across large environments, I encountered challenges supporting many users during peak times, which strained the authentication infrastructure. To address this, I implemented PingID clustering to distribute the load across multiple servers, ensuring high availability and load balancing to prevent single points of failure. The multi-factor authentication process didn't introduce significant latency, especially for high-transaction applications. This involved thorough performance tuning, optimizing network configurations, and fine-tuning Ping settings. I regularly monitor system performance to identify and resolve any bottlenecks.

150-200 users are using this solution.

I rate the scalability as seven out of ten.

The product is affordable and starts at 20,000 dollars/year, depending upon the license and maintenance requirement. It makes our work easier and saves a lot of time.

I haven't faced any debugging issues. It was only during the testing that I faced.

I advise you to be extremely careful when integrating Ping with any application, especially during authentication. If an intruder manages to get authorized, they're just one step away from accessing all your organization's data. With PingFederate, users only need to log in once, so if an attacker gains access, it becomes tough to track and stop them. The critical takeaway is to be vigilant during integration and ensure that every security measure is thoroughly implemented.

Overall, I rate the solution a nine out of ten.

I am into cybersecurity IAM and have excellent experience with Ping Identity, especially. I work on implementing SSO using Ping Identity with application support protocols such as SAML 2.0 and OAuth/OIDC connections in production and non-production environments. 

I validate applications and functionalities on PingFederate and PingAccess, provide 24/7 support on prod/non-prod environments, troubleshoot issues, renew certificates, gather requirements, implement changes, and integrate new applications into Ping. 

I also provide authentication and authorization services to applications. I have been working with the operations team and, for the last six months, have upgraded to the engineering team. I create policies, adapters, and selectors for clients.

We implement multi-factor authentication because two-factor authentication had a lot of problems. We have to move to multi-factor authentication for security purposes. We had to implement multi-factor authentication before onboarding the SSO applications.

It is not an easy tool to use. There are two flows: internal and external. 

For internal flows, we use Azure AD authentication for seamless SSO. Users do not need to enter a user ID or password. Once they are authenticated by Azure AD, they are redirected to the application page. 

For external users, the application teams are using multi-factor authentication.

I like PingFederate. The application support side of PingFederate is the best.

The application only supports specific protocols. SAML is more secure than OAuth or OIDC because OAuth and OIDC expose user ID and password. It's similar to using grant types for access and authorization in production and non-production environments. These are the areas that need improvement.

I have been using it for three to four years. 

We had issues with the stability. After the deployment, SSO did not work. The priority was very high because implementation and deployment were complete. I contacted my manager and the applications team and set up a call with Ping Identity for an immediate response. After that, I cleared the issue within 15 to 20 minutes.

We have to use protocols like OAuth 2.0 for stability and secure use of third-party applications. Many applications using OAuth 2.0 is the most safe and secure, I think.

I would rate the stability an eight out of ten. 

A lot of teams work with technical support, but I work with it for user issues only. You might need support with things like application swaps, application names, and application URLs. 

I didn't know where to find those in Ping Identity, so I contacted technical support for those issues.

The support team is very clever and active. They provide end-to-end support once an issue is created. I have worked with most of the support team.

I also work with the support team because I work with the operations team. I provide 24/7 support to production and non-production environments.

I coordinate with application and network teams to troubleshoot critical tickets and issues related to Ping Identity solutions.

Positive

The initial setup is difficult. 

Integration process with the existing system:

Before creating user access, we first need to ensure the third-party application supports SSO protocols like SAML, ROA, or OpenID Connect. We gather necessary metadata files from the configuration information required by the PingFederate. Then, we select the application type based on the capabilities and requirements of the third-party application. Ping Identity Platform options may include SAML SP or Ping, OpenID Connect, and reliant party.

Next, we configure application settings, providing basic information such as the application name and description, along with relevant details.

Input the necessary URL, endpoint, and metadata provided by the third-party application. Configure authentication settings, including the signing certificates and encryption method. Then, proceed to attribute mapping, where we map attributes between PingFederate and the third-party application. This ensures user information is correctly extended during the SSO transaction. Define which attributes should be sent out and issued by the application.

Next, we define access policies to control which users or groups can access the third-party application, configuring authorization rules and permissions as needed. Use PingFederate's testing tools to ensure the SSO integration is functioning correctly, testing authentication, attribute mapping, and any other relevant features. Once the Ping integration is successful, deploy the configuration to make it live. Ensure any necessary firewall rules or network configurations are in place to allow communication between Ping and the third-party application.

Overall, I would rate it a seven out of ten. Ping Identity is a multinational company, and many MNCs and small-scale industries approach them to implement SSO or MFA. Basic information like data users and data centers are all in the Ping Gateway.

I would recommend it to others. I love Ping Identity products. We use PingFederate, PingAccess, PingOne, and PingID for authentication and authorization. I use PingID on my mobile phone for MFA. It safely and securely accesses my applications without any interruption.

PingID and PingOne are used for authentication and authorization. When MFA is used, you're using PingID on your mobile phone. But PingOne securely accesses my applications without interruption. Within a fraction of a second, I can log in and access any application.

Ping Identity products like PingFederate are safe. They help cybersecurity teams prevent ransomware, any interruption data theft, and money theft for banking products. They offer 24/7 support and monitoring. Ping Identity products are 100% safe and secure.

I primarily use the platform for OAuth and SAML-enabled applications, especially third-party and SaaS applications. I utilize the SAML protocol for those that support SAML, while for OAuth-supporting applications, I use OAuth, OIDC, and OpenID tokens. Additionally, for server-to-server communication, I employ the client credentials grant. For mobile-based native applications that require refresh tokens, I utilize those as well. I manage OAuth client ID registrations for certain SaaS applications and implement various authorization flows, such as Kerberos authentication for intranet requests and form-based authentication for external network requests. Furthermore, I have integrated Multi-Factor Authentication (MFA) to enhance the security of critical applications.

From a security perspective, I highly value the product's biometric authentication methods such as FIDO, FaceID, YubiKey, and the mobile app. These methods provide a higher security level than email authentication, which can be compromised if the email is breached.

There is room for improvement in the solution, particularly in security. With the increase in phishing attacks, organizations are moving towards passwordless authentication, which is the best approach. 

It involves checking certificate authentication or other methods instead of relying on user-entered passwords. This is where Multi-Factor Authentication becomes crucial.

I have been using Ping Identity Platform for almost 13 to 14 years.

The product is stable overall, with most issues arising from integration with other systems like Splunk. Weekly restarts help maintain stability and minimize the risk of crashes due to system connections.

The solution has supported varying numbers of users across different organizations, ranging from 65,000 to 70,000 users in my current environment to handling millions of requests per hour in previous organizations.

Scalability can present challenges, depending on what needs to be scaled. For example, adding servers is straightforward, but care must be taken to avoid disrupting existing environments during integration. Increasing memory or heap size is seamless, and I can restart one server at a time without any issues.

The customer support team is quite responsive and knowledgeable. Whenever I encounter any issues or require assistance, they quickly provide solutions.

Positive

The setup is generally straightforward, but it can depend on the environment. For example, in a previous organization, two companies merged, each with its own Active Directory and identity management instances. I had to build a new environment to match both the SSO-enabled applications. Although the process was straightforward, it depended highly on the organization’s architecture and requirements.

The deployment timeline depends on the availability of the application team. I aim to make SSO seamless between environments, avoiding multiple authentication logins for end users. Typically, the implementation takes about a month, considering network ACLs and other configurations. However, migrating applications can be challenging and may take months. My last project took almost one and a half to two years to complete the migration process.

The platform's value justifies the pricing, especially considering its security features and scalability. While it might seem a bit higher, the return on investment regarding security and efficiency is well worth it. The pricing is appropriate for the level of service and capabilities the platform delivers.

I have evaluated other solutions in the past, but I found this platform to be the most comprehensive regarding security, scalability, and ease of integration. Its strong support for various authentication protocols like OAuth, SAML, and MFA, along with its robust disaster recovery capabilities and adaptive clustering model, made it the ideal choice for our organization's needs.

I use Ping Identity Platform as the Multi-Factor Authentication solution. Once the first level of authentication is completed with a user ID, password, or card authentication, the request is directed to PingID. I have configured profiles that allow the use of devices like the mobile Ping app. I also use email in some scenarios, although I prefer FIDO authentication methods like YubiKey or FaceID for enhanced security.

I have integrated the platform into all environments using an adaptive clustering model that operates in an active-active configuration. Two regions are active-active, while the third serves as a passive disaster recovery region. When integrating new applications, I follow a structured process, beginning with intake forms to determine whether OAuth or SAML is required, depending on whether the application is accessing internal or external systems. ServiceNow tickets are used for configuration. This adaptive clustering ensures that the requests are automatically routed to the disaster recovery center if two data centers are down.

It includes a centralized tool where users can create their OAuth client IDs. However, I do not recommend this practice as it can lead to unnecessary client IDs and access tokens, increasing system load. Instead, I have developed a controlled process where users can request what they need, and the request is then sent to me for approval. This approach ensures that the process is managed effectively.

Overall, my experience with the solution has been very positive. It has played a crucial role in enhancing the security and efficiency of our access management processes. While there are always areas for improvement, particularly in terms of scalability and phishing resistance, it has consistently met our expectations. I would highly recommend it to organizations looking for a reliable and secure access management solution.

I rate it an eight. 

I have around ten years of experience with IAM tools, and I have been working mostly on access management for the last few projects. My overall experience, considering that I have worked with various access management tools, like PingFederate and Okta. In terms of identity management, I have worked with IDM and SailPoint. In terms of privileged access management, I want to work closely with CyberArk to provide the service account and administer it to the vault. I also understand the concept of PSM and password rotation. Integrating CyberArk with Ping, you get both RADIUS and SAML. Coming to my roles and responsibilities, in my current project for new application onboarding and access assigned to the IAM team who are assigned service tickets. We pick up those tickets and assign them to us, and then we communicate with the application owners.

The most valuable feature of the solution is the role-based access control. We use role-based access control in our project while onboarding applications. I get to understand how the user provisioning is done and the roles currently available in the system, and we will integrate them with SailPoint IIQ and make those roles requestable. Once the user requests the roles, we can follow the workflow, and SailPoint IIQ will provide the user with the ability to request the roles in Active Directory. While using SSO, we will read the roles and pass them to the application.

In my company, we have worked on authorization, and I know that there are different types of grants. We have worked on the authorization code, client credentials, and ROPC grant. There are two types of tokens, like the JWT token and internally managed reference tokens. JWT tokens are useful for finding information related to the claim requests. Internally managed reference tokens are useful for dealing with visual data and information. For the clients to fit the user information, they need to do additional work to fit all the user info into the site, which is to define and validate the token issue and provide the request for VPNs. I worked on the key differences between the authorization code and implicit grant. In the authorization code type, you will have the authorization code issued initially to the client, and the client has to exchange it with the authorization server, like using a DAC channel to get the access token. In implicit grants, tokens are issued right away if the application is a single-page application. We can either use the authorization code or an implicit grant.

I have been using the Ping Identity Platform for six years. My company has a partnership with Ping Identity Platform.

Sometimes, there are issues with its stability. It is possible to fix the stability issues in the product.

It is a scalable solution.

If some access is denied to some users, then they can contact the support team for help you can help them fix everything. At times, users are not able to access the applications, but with features like SSO, we can have a single set of credentials. We can access and get a set of login credentials to access the application.

Based on the environments, I would say that I used to work in two environments, like development and production. PingFederat is a standard tool. The product has four nodes, out of which, one node is both admin and engine. The remaining engine nodes, we use direct cluster, like, Ping in front of the proxy and external LBs on the top of it.

There are some issues with the tool's stability, such as where improvements are required.

The product's initial setup phase is very easy.

Ping Identity Platform is not very expensive.

The tool is easy to use.

I would recommend the tool to others.

Ping Identity Platform can help identify and verify users. It is a really good platform to identify users, and give access to them.

I rate the tool a seven out of ten.