I usually deploy single sign-on and multi-factor authentication using PingOne for customer-facing applications to enhance security and user convenience. I use PingFederate to integrate with Kerberos-based systems, such as Salesforce, AWS, ServiceNow, and Google. I configure various OAuth grant types and set up Windows Service Federation and SAML 2.0 protocol service provider endpoints using PingOne and PingFederate.

It's convenient for users to log in through Ping using the Kerberos adapter because it doesn't require them to authenticate again. If a user is already logged into the organization's domain, the system automatically checks the Kerberos ticket in the background when they try to access another application through Ping. It logs them in without prompting for a password or reauthorization. 

You don't need prior experience to use this; you need to understand how it works. Experience is only necessary when integrating it with systems. For instance, when using any application through Ping in your organization, it just needs to be connected to the organization's domain. This setup works seamlessly on a PC, automatically detecting the Kerberos ticket and logging you in. However, it won't work on a mobile device since the mobile doesn't have a Kerberos ticket. On a mobile phone, you'll be prompted to authenticate again.

It's important to keep learning and improving in every phase of life. There are instances when you need to use programming languages like Java and Python, especially when integrating systems or making code changes. 

One significant challenge was ensuring smooth user migration during system upgrades in Ping. At my current company, based on successful authentication, I enabled secure user migration in the PingOne directory to maintain continuity in user access and minimize disruptions. Another challenge was troubleshooting and resolving issues related to PingID MFA flows, which I addressed through performance tuning, logging, and debugging.

I have been using Ping Identity Platform for eight years.

I manage the scale of integration across multiple applications, ensuring minimal disruption to ongoing business operations. This requires effective communication and coordination with the team and stakeholders to address issues and mitigate risks promptly.

In several projects, particularly when deploying Ping across large environments, I encountered challenges supporting many users during peak times, which strained the authentication infrastructure. To address this, I implemented PingID clustering to distribute the load across multiple servers, ensuring high availability and load balancing to prevent single points of failure. The multi-factor authentication process didn't introduce significant latency, especially for high-transaction applications. This involved thorough performance tuning, optimizing network configurations, and fine-tuning Ping settings. I regularly monitor system performance to identify and resolve any bottlenecks.

150-200 users are using this solution.

I rate the scalability as seven out of ten.

The product is affordable and starts at 20,000 dollars/year, depending upon the license and maintenance requirement. It makes our work easier and saves a lot of time.

I haven't faced any debugging issues. It was only during the testing that I faced.

I advise you to be extremely careful when integrating Ping with any application, especially during authentication. If an intruder manages to get authorized, they're just one step away from accessing all your organization's data. With PingFederate, users only need to log in once, so if an attacker gains access, it becomes tough to track and stop them. The critical takeaway is to be vigilant during integration and ensure that every security measure is thoroughly implemented.

Overall, I rate the solution a nine out of ten.

I primarily use the platform for OAuth and SAML-enabled applications, especially third-party and SaaS applications. I utilize the SAML protocol for those that support SAML, while for OAuth-supporting applications, I use OAuth, OIDC, and OpenID tokens. Additionally, for server-to-server communication, I employ the client credentials grant. For mobile-based native applications that require refresh tokens, I utilize those as well. I manage OAuth client ID registrations for certain SaaS applications and implement various authorization flows, such as Kerberos authentication for intranet requests and form-based authentication for external network requests. Furthermore, I have integrated Multi-Factor Authentication (MFA) to enhance the security of critical applications.

From a security perspective, I highly value the product's biometric authentication methods such as FIDO, FaceID, YubiKey, and the mobile app. These methods provide a higher security level than email authentication, which can be compromised if the email is breached.

There is room for improvement in the solution, particularly in security. With the increase in phishing attacks, organizations are moving towards passwordless authentication, which is the best approach. 

It involves checking certificate authentication or other methods instead of relying on user-entered passwords. This is where Multi-Factor Authentication becomes crucial.

I have been using Ping Identity Platform for almost 13 to 14 years.

The product is stable overall, with most issues arising from integration with other systems like Splunk. Weekly restarts help maintain stability and minimize the risk of crashes due to system connections.

The solution has supported varying numbers of users across different organizations, ranging from 65,000 to 70,000 users in my current environment to handling millions of requests per hour in previous organizations.

Scalability can present challenges, depending on what needs to be scaled. For example, adding servers is straightforward, but care must be taken to avoid disrupting existing environments during integration. Increasing memory or heap size is seamless, and I can restart one server at a time without any issues.

The customer support team is quite responsive and knowledgeable. Whenever I encounter any issues or require assistance, they quickly provide solutions.

Positive

The setup is generally straightforward, but it can depend on the environment. For example, in a previous organization, two companies merged, each with its own Active Directory and identity management instances. I had to build a new environment to match both the SSO-enabled applications. Although the process was straightforward, it depended highly on the organization’s architecture and requirements.

The deployment timeline depends on the availability of the application team. I aim to make SSO seamless between environments, avoiding multiple authentication logins for end users. Typically, the implementation takes about a month, considering network ACLs and other configurations. However, migrating applications can be challenging and may take months. My last project took almost one and a half to two years to complete the migration process.

The platform's value justifies the pricing, especially considering its security features and scalability. While it might seem a bit higher, the return on investment regarding security and efficiency is well worth it. The pricing is appropriate for the level of service and capabilities the platform delivers.

I have evaluated other solutions in the past, but I found this platform to be the most comprehensive regarding security, scalability, and ease of integration. Its strong support for various authentication protocols like OAuth, SAML, and MFA, along with its robust disaster recovery capabilities and adaptive clustering model, made it the ideal choice for our organization's needs.

I use Ping Identity Platform as the Multi-Factor Authentication solution. Once the first level of authentication is completed with a user ID, password, or card authentication, the request is directed to PingID. I have configured profiles that allow the use of devices like the mobile Ping app. I also use email in some scenarios, although I prefer FIDO authentication methods like YubiKey or FaceID for enhanced security.

I have integrated the platform into all environments using an adaptive clustering model that operates in an active-active configuration. Two regions are active-active, while the third serves as a passive disaster recovery region. When integrating new applications, I follow a structured process, beginning with intake forms to determine whether OAuth or SAML is required, depending on whether the application is accessing internal or external systems. ServiceNow tickets are used for configuration. This adaptive clustering ensures that the requests are automatically routed to the disaster recovery center if two data centers are down.

It includes a centralized tool where users can create their OAuth client IDs. However, I do not recommend this practice as it can lead to unnecessary client IDs and access tokens, increasing system load. Instead, I have developed a controlled process where users can request what they need, and the request is then sent to me for approval. This approach ensures that the process is managed effectively.

Overall, my experience with the solution has been very positive. It has played a crucial role in enhancing the security and efficiency of our access management processes. While there are always areas for improvement, particularly in terms of scalability and phishing resistance, it has consistently met our expectations. I would highly recommend it to organizations looking for a reliable and secure access management solution.

I rate it an eight. 

Managing customer identities and providing a secure and seamless login experience for consumer-facing applications.
Protecting APIs from unauthorized access and ensuring secure communication between services.

Enhance security, improve user experience, ensure compliance, and streamline access management.Clients using this Platforms a seamless and secure login experience. Self-service capabilities allow clients to manage their accounts independently, reducing the burden on support teams.

Centralizing the management of authentication and authorization policies simplifies administration.Organizations can enforce consistent security policies across all applications, improving overall security posture and compliance with regulatory requirements.PingFederate can adapt authentication requirements based on risk factors such as user behavior, location, and device.

Streamline the user interface for administrators and end-users to make configuration and daily use more intuitive.
Reduces the learning curve and administrative burden, leading to better adoption and more efficient management.
Optimize performance to handle high-load environments more efficiently, reducing latency and improving response times.
Provide more comprehensive and user-friendly documentation, including more use cases, troubleshooting guides, and best practices.

I have about three years of experience with PingFederate and six years with PingDirectory.

PingFederate supports horizontal scalability, allowing organizations to add more servers to handle increased loads.

PingFederate can be deployed behind load balancers to distribute traffic evenly across multiple instances, ensuring efficient handling of authentication requests.

Clustering capabilities allow multiple PingFederate instances to work together, sharing the load and providing redundancy.

We have six to eight members who provide operational support for Ping Identity products. They perform day-to-day operational support, including root cause analysis, Ping server installation, server maintenance, troubleshooting data sources, and any issues related to stopping processes. 

We create standard operating procedures for them to follow. If there's a high-priority incident that cannot be resolved by our SOPPO, CTP, IDaaS, and other support teams, we escalate the issue to the Ping Identity vendor team. We set up meetings to discuss the issue and find a solution.

I am also part of the support team as a senior consultant. Considering our daily activities and customer identity issue resolution, I would rate the operational support for Ping products at six to seven out of ten.

Positive

I have around eight years of experience in total IT and six years of experience in the Identity and Access Management domain. I've worked with different identity and access tools, such as PingFederate, PingDirectory, PingOne, Oracle Identity and Access Manager, ForgeRock, SailPoint, and CyberArk. I have more experience with US clients, and my last organization was Ping Identity.

At my previous company, I implemented a CDP identity portal with a Python DevOps model. We worked with four types of customers: CPB, QRadar, DUP, and DIRAS. We used PingFederate as an Access Manager and Federation Server to enable user authentication, single sign-on operations, and multi-factor authentication (MFA). It operated as an identity federation and provided secure access to authorized resources.

We also used PingDirectory as a structured repository for customer, partner, and external employee identity data to build unified user profiles. Apart from that, I've worked with Python and Shell scripting for about three years, enabling automation in Azure and AWS cloud environments.

Sometimes we need to configure PingFederate as an OAuth authorization server and OpenID Connect policy. We also configure SAML 2.0, register web applications and different applications, on-premises applications, and any cloud applications that integrate with PingFederate. 

Sometimes we create data store connectors, password credential validators, and adapters to enable authentication, and we work with proxy servers. That kind of implementation with PingFederate.

Project-Specific Setup:

The complexity of the setup depends on the requirements of the project. Some architect teams and different customers have specific needs. If you want to deploy Ping on-premises, the team will handle that. We use the Ping Identity Portal and follow the core documents to integrate with any application. 

We also create SOPs to enable authentication for different applications. We create high-level and low-level design documents and perform daily support activities for the PingFederate server.

Pricing is not a concern.

you can make an informed decision about whether PingFederate or another IAM solution is the best fit for your organization's needs. Each solution has its strengths and potential drawbacks, so aligning the choice with your specific requirements and environment is key to a successful implementation. Some other popular IAM solutions you might evaluate Like Okta, AzureAd , IBM Security and forgerock.

Ensure that the implementation of PingFederate aligns with your overall business goals and IT strategy. Identify key objectives such as improving security, enhancing user experience, or achieving regulatory compliance, and use these to guide the implementation process.

AI trends:

We have not used AI. We rely on shell scripting for automation processes, and there is no built-in AI in Ping products. We perform automation tasks through scripting and integrate various services, but no AI is involved.

Overall, I would rate it an eight out of ten. 

People use the solution to secure their applications and authenticate particular processes.

In access token management, we have to attach a certificate. In that column, I have to enable the search option to edit certificates. We can choose a drop-down to search for which certificate we have to create, which is difficult.

I have been using Ping Identity Platform for more than two and a half years.

Ping Identity Platform is a stable solution.

A lot of users from our company are using the solution globally.

The solution’s initial setup is easy.

Ping Identity Platform is not an expensive solution.

Recommending the solution to other users depends on their application. If fewer people use your application, you can set up the tool in a quality environment. You can also use Ping Identity Platform to secure your application by restricting access to a few people.

It is not easy for someone to learn to use the solution for the first time, but at the same time, it's not very difficult to learn.

Overall, I rate the solution an eight out of ten.

We use the product for migrating applications from on-premises to AWS.

The platform's most valuable feature is its identity management capabilities. It allows us to integrate multiple identity providers (IDPs) seamlessly and manage access policies effectively. Performance-wise, it has been quite reliable compared to other tools.

They could enhance the product's device tracking for better zero-trust security would be beneficial. Currently, it tracks IPs well but lacks detailed device information, which is crucial from a security standpoint.

Setting up applications and configuring policies can be complex, requiring meticulous planning and manual configurations.

I've been working with Ping Identity Platform for several years.

Stability-wise, it's generally good, but we encounter issues like log size management and occasional CPU utilization spikes, especially with web application firewall (WAF) integrations. It's manageable with proper monitoring and maintenance.

We manage around 400 applications across four IDPs, serving roughly 45,000 to 50,000 users. Each IDP setup varies in terms of application integration and user management. It allows us to quickly scale resources up or down without significant downtime, which is crucial for our operations.

They provide good technical support, but resource availability can be limited compared to larger providers like Azure AD. The self-help resources are useful, but response times for complex issues could be faster.

The product deployment can be complex, especially when migrating from on-premises to cloud environments like AWS. It involves reconfiguring settings and ensuring minimal downtime, which requires careful coordination.

The product generates a return on investment especially for organizations prioritizing on-premises control and security. It offers robust features and customization options that justify the cost.

Compared to some SaaS-based solutions, the platform is relatively cost-effective. It's cheaper than options like Microsoft Azure AD but can be pricier than basic IAM solutions.

The product is suitable for enterprises looking to manage identities securely and efficiently.

I rate it an eight. 

I use the solution to protect the application and enable the single sign-on.

Setting up the infrastructure with Ping Identity Platform is very easy compared to other IAM products. You just have to unzip the folder, and your Ping infrastructure is ready. With very limited changes, you can prepare your infrastructure with Ping Identity Platform.

PingAccess can only have one token provider, and you cannot enable two different token providers simultaneously. Nowadays, people are migrating from on-premises to the cloud and may want to run the on-premises and cloud versions simultaneously. In other words, they may want to enable two token providers at the same time. That feature is not available in PingAccess.

PingFederate has limitations with cookie size, and it does not support larger cookie sizes. We also have some concerns about the cookie size.

I have been using Ping Identity Platform for five years.

Ping Identity Platform is a stable solution.

We had a good experience with the solution's technical support team.

It is very easy to set up the infrastructure with Ping Identity Platform compared to other on-premises solutions.

I would recommend the solution to other users. Compared to other IAM products, Ping Identity Platform is a stable and easy-to-maintain product with many features that can be enabled. It is easy for a beginner to learn to use the solution if he has a basic understanding of technical skills and networking.

Overall, I rate the solution an eight out of ten.

I use the solution in my company for SSO implementations in different applications using two protocols, one of which is SAML and the other one is OIDC. For implementing SSO into those applications using the aforementioned protocols, I use Ping Identity Platform.

The most valuable feature of the solution is the federation facility it provides, which helps in fetching identity from one application to another application.

The product's community has certain shortcomings that require improvement. The tool's community needs to become stronger and more user-friendly since multiple questions are not being answered. If I search for errors or queries, I get answers from around eight years or four years ago.

I have been using Ping Identity Platform for two years. When it comes to Ping Identity Platform, I use PingFederate 12.0. My company is a product partner.

It is a very stable solution.

It is a scalable solution. We can use cluster management. We can have multiple servers as many as we want.

A lot of people in my company are using the tool. Hundreds of people are using Ping Identity Platform in my company.

The product's initial setup phase is easy.

The solution is deployed as an on-premises software. I am also using the tool on my local system and AWS.

The tool is quite affordable.

My company started to use Ping Identity Platform since it is quite robust, easy to use, user-friendly and provides a lot of features with its own directory, access management tool, and identity management tool.

I would choose Ping Identity Platform over the other platforms in the market.

I recommend the tool to others.

It is a very user-friendly platform, I would say, so there are no prerequisites required or anything else.

The multi-factor authentication process depends on how users configure their authentic policies, so it is according to user requirements.

I did not face any challenges when integrating Ping Identity Platform with other systems. My experience has been very smooth and good.

I haven't used the tool with any AI to improve the identity verification process.

Learning to use the tool is easy, especially compared to other Identity tools.

The product offers robustness and stability, and it provides a number of tools for different use cases.

I rate the tool an eight to eight and a half out of ten.

We use PingFederate to provide SSO (Single Sign-On) solutions to enterprise applications. We support protocols like SAML (Security Assertion Markup Language), OAuth, and OpenID Connect. For example, an organization wants to enable SSO for their applications. We use PingFederate to integrate those applications and onboard them with their IdP (Identity Provider).

PingFederate's scalability features supported our organization's growth. 

We use PingFederate as an identity provider (IdP). At the back end, we have Active Directory and Ping Directory as user stores for authentication. For our company, where we have around one million users and a thousand applications, PingFederate enables single sign-on (SSO) using the SAML protocol.

People have different email IDs and applications. Instead of users needing to remember a thousand different credentials, they can authenticate with a centralized system and use a single set of credentials to log in to all authorized applications. This provides a seamless user experience.

PingFederate is very flexible. We can do many customizations, and it also provides an SDK to tailor it to our specific requirements. There are also numerous plugins available. I've worked with tools like ForgeRock and Okta, but I find PingFederate to be the most customizable.

It provides basic SSO functionality, but we can easily extend it. For instance, if a client requires multi-factor authentication (MFA) beyond username and password, such as OTPs or knowledge-based answers, we can integrate those. 

Ultimately, we tailor the solution based on client needs. In fact, I've also worked in presales, demonstrating the capabilities of PingFederate through POCs (Proof of Concepts).

It requires some expertise to set up and manage. Also, having dedicated support is helpful. It's not something anyone can just set up and run without assistance – ideally, a team using PingFederate should have at least one or two people with in-depth knowledge of the product.

I have a total of eight plus years of experience using the complete Ping suite, which includes PingFederate, PingAccess, PingDirectory, and everything. 

I have enterprise-level knowledge of all the products. I have implemented, developed, and supported Ping solutions.

I've used both on-premises and cloud setups, and I haven't experienced any stability issues so far. The  stability depends on how you configure your infrastructure. But overall, the stability is very good.

PingFederate provides different scalability options. We can set it up in a cluster for a large user base. For instance, we can have two or three servers at the back end to distribute the load and ensure stability. We can install PingFederate in a clustered configuration.

This way, requests are distributed equally, and we can tailor the setup to the number of users. If the user base is small, two servers might be enough. For a larger number of authentication requests, we could use four or five PingFederate servers at the back end.

The support is good. If you have issues, they respond promptly. You just need to provide clear and detailed information about your problem.

For PingFederate implementation, we have different options. We can have an on-premise implementation, meaning we install it on our own procured servers. Alternatively, we can use the cloud version of PingFederate.

The initial setup itself isn't overly complex. With the cloud version, it's primarily deploying WAR files. 

While the full implementation takes time due to development and testing, the core installation process is relatively straightforward.

Ping offers flexible pricing that's not standardized. Subscription length will impact the price – for example, a three-year subscription will likely be cheaper than a one-year option. 

Additionally, if you require a higher level of support, that will influence the pricing. It depends on your specific requirements and support needs.

I definitely recommend PingFederate. If not the on-premises version, the cloud version is also a good option. We can determine the best approach based on your specific requirements. 

PingFederate is a great tool with a lot of customization options. It even offers agent-based integrations for older legacy applications that don't support modern protocols like SAML or OAuth. We just need to install JAVA agent on the application server, and there it will take the request and take it forward to the PingFederate.

Based on ease of use and everything, I'll rate it a nine out of ten. I've used Okta, and that's a bit more complex in comparison. 

It requires some expertise to set up and manage. Also, having dedicated support is helpful. It's not something anyone can just set up and run without assistance – ideally, a team using PingFederate should have at least one or two people with in-depth knowledge of the product.

I've been managing it in my company. I am more on the implementation side.

We implement the MFA feature, multifactor authentication and administrate the application.

When it comes to authentication, the focus is always on security. That means using a separate device to verify the user logging in.

On the security side, PingID adds an extra layer, contributing about 20% of the overall security. Then, authentication brings more advanced features and contributes further.

PingID excels in managing user access and profiles. That's where it integrates most deeply with the existing systems.

The most valuable feature is the two-factor authentication (2FA). 

The mobile biometric authentication option improved user experience. It's always about security because, with two-factor authentication, it's always a separate device verifying the actual user logging in.

The management console needs to be improved. PingID should revise it.

I have been using it for a year. 

I would rate the stability an eight out of ten because there had been some issues.

I would rate the scalability a seven out of ten. PingID is adapting to most challenges. 

We have small and medium businesses as our customers. 

We get support. The support engineers are good. They are quite proactive.

Positive

I would rate my experience with the initial setup a seven out of ten, with ten being easy to set up. 

The initial setup is not too complex. Deployment is really quick and typically the entire process takes two hours. 

The pricing is neither too expensive nor too cheap.

Overall, I would rate the solution an eight out of ten because there is room for improvement in terms of usability.