We use PingFederate to provide SSO (Single Sign-On) solutions to enterprise applications. We support protocols like SAML (Security Assertion Markup Language), OAuth, and OpenID Connect. For example, an organization wants to enable SSO for their applications. We use PingFederate to integrate those applications and onboard them with their IdP (Identity Provider).

PingFederate's scalability features supported our organization's growth. 

We use PingFederate as an identity provider (IdP). At the back end, we have Active Directory and Ping Directory as user stores for authentication. For our company, where we have around one million users and a thousand applications, PingFederate enables single sign-on (SSO) using the SAML protocol.

People have different email IDs and applications. Instead of users needing to remember a thousand different credentials, they can authenticate with a centralized system and use a single set of credentials to log in to all authorized applications. This provides a seamless user experience.

PingFederate is very flexible. We can do many customizations, and it also provides an SDK to tailor it to our specific requirements. There are also numerous plugins available. I've worked with tools like ForgeRock and Okta, but I find PingFederate to be the most customizable.

It provides basic SSO functionality, but we can easily extend it. For instance, if a client requires multi-factor authentication (MFA) beyond username and password, such as OTPs or knowledge-based answers, we can integrate those. 

Ultimately, we tailor the solution based on client needs. In fact, I've also worked in presales, demonstrating the capabilities of PingFederate through POCs (Proof of Concepts).

It requires some expertise to set up and manage. Also, having dedicated support is helpful. It's not something anyone can just set up and run without assistance – ideally, a team using PingFederate should have at least one or two people with in-depth knowledge of the product.

I have a total of eight plus years of experience using the complete Ping suite, which includes PingFederate, PingAccess, PingDirectory, and everything. 

I have enterprise-level knowledge of all the products. I have implemented, developed, and supported Ping solutions.

I've used both on-premises and cloud setups, and I haven't experienced any stability issues so far. The  stability depends on how you configure your infrastructure. But overall, the stability is very good.

PingFederate provides different scalability options. We can set it up in a cluster for a large user base. For instance, we can have two or three servers at the back end to distribute the load and ensure stability. We can install PingFederate in a clustered configuration.

This way, requests are distributed equally, and we can tailor the setup to the number of users. If the user base is small, two servers might be enough. For a larger number of authentication requests, we could use four or five PingFederate servers at the back end.

The support is good. If you have issues, they respond promptly. You just need to provide clear and detailed information about your problem.

For PingFederate implementation, we have different options. We can have an on-premise implementation, meaning we install it on our own procured servers. Alternatively, we can use the cloud version of PingFederate.

The initial setup itself isn't overly complex. With the cloud version, it's primarily deploying WAR files. 

While the full implementation takes time due to development and testing, the core installation process is relatively straightforward.

Ping offers flexible pricing that's not standardized. Subscription length will impact the price – for example, a three-year subscription will likely be cheaper than a one-year option. 

Additionally, if you require a higher level of support, that will influence the pricing. It depends on your specific requirements and support needs.

I definitely recommend PingFederate. If not the on-premises version, the cloud version is also a good option. We can determine the best approach based on your specific requirements. 

PingFederate is a great tool with a lot of customization options. It even offers agent-based integrations for older legacy applications that don't support modern protocols like SAML or OAuth. We just need to install JAVA agent on the application server, and there it will take the request and take it forward to the PingFederate.

Based on ease of use and everything, I'll rate it a nine out of ten. I've used Okta, and that's a bit more complex in comparison. 

It requires some expertise to set up and manage. Also, having dedicated support is helpful. It's not something anyone can just set up and run without assistance – ideally, a team using PingFederate should have at least one or two people with in-depth knowledge of the product.

The product's most valuable features include its cloud-based capabilities for handling cloud applications and providing authentication and authorization through OIDC and SAML. It also supports integrations needed for both local and internal applications, including legacy applications requiring web server access.

Ping Identity Platform must improve its UI since its management console is complicated. 

In my experience with basic projects, I haven't encountered downtime. However, there have been instances where some application integrations faced challenges that needed resolution. Server issues or downtime haven't been significant. Overall, I would rate it as stable.

I have opened a case, and the tech support responded quickly. I google the issues. 

Neutral

I rate the overall product a seven out of ten. 

I've been managing it in my company. I am more on the implementation side.

We implement the MFA feature, multifactor authentication and administrate the application.

When it comes to authentication, the focus is always on security. That means using a separate device to verify the user logging in.

On the security side, PingID adds an extra layer, contributing about 20% of the overall security. Then, authentication brings more advanced features and contributes further.

PingID excels in managing user access and profiles. That's where it integrates most deeply with the existing systems.

The most valuable feature is the two-factor authentication (2FA). 

The mobile biometric authentication option improved user experience. It's always about security because, with two-factor authentication, it's always a separate device verifying the actual user logging in.

The management console needs to be improved. PingID should revise it.

I have been using it for a year. 

I would rate the stability an eight out of ten because there had been some issues.

I would rate the scalability a seven out of ten. PingID is adapting to most challenges. 

We have small and medium businesses as our customers. 

We get support. The support engineers are good. They are quite proactive.

Positive

I would rate my experience with the initial setup a seven out of ten, with ten being easy to set up. 

The initial setup is not too complex. Deployment is really quick and typically the entire process takes two hours. 

The pricing is neither too expensive nor too cheap.

Overall, I would rate the solution an eight out of ten because there is room for improvement in terms of usability. 

The solution has a smooth and configurable user interface for single sign-on capabilities. We can do a lot of configurations. It is a fairly good product for workforce identity management.

The product is not customizable. It is not suitable for consumer identity management.

I have been working with the product for two years.

Our clients are mainly government entities and big investment firms.

The technical support is not proactive. If an issue or concern is raised, the support person must jump on a call as soon as possible, but it is not happening now.

Neutral

We also recommend ForgeRock. It is used for access management. It doesn’t have many configurations but allows customizations. We can achieve a lot of things using customizations. Wherever PingID is not suitable for the customer, we ask them to choose ForgeRock so that we can customize it as per the requirements and deliver the solution.

The tool is very easy to set up.

The product is costly. Large organizations can afford it. However, it is not suitable for smaller companies. Smaller organizations can choose Okta or One Identity.

We recommend the product to our customers. Organizations can buy the product if they are ready to spend a lot of money. They must be aware that the support is average. However, the tool is very good. Overall, I rate the solution a seven out of ten.

In my company, we use PingFederate for federated connections and some ADC connections to arrange for single sign-on across our infrastructure and customers.

The most valuable feature of the solution is that PingFederate is very customizable since it allows its user to write in Java while using Spring, allowing for any plugin for almost any place or entity inside of it. You can modify everything, and it's a very suitable tool, more than Okta or Azure AD when you have a non-standard structure since it allows for customization and runs as a separate solution or a service.

Notifications and monitoring are two areas with shortcomings in the solution that need improvement.

I have been using PingFederate for more than five years. I use the solution's latest version. I am a customer of the solution.

I haven't faced any issues while walking with the solution. It is a stable solution. Stability-wise, I rate the solution a ten out of ten.

It's a very scalable tool because it allows those working on it to work with clusters, especially if we discuss PingFederate's horizontal scalability. One can use any number of nodes needed, but usually, two or three nodes are enough during the production phase.

For how the solution has been set up and programmed, I rate the solution's scalability a nine out of ten.

Owing to an NDA that my company has signed, I can't disclose the exact number of my company's customers who use the solution, but I can say that many use the solution, and it goes more than 50 in number.

My company does contact the solution's technical support from time to time in relation to the custom components that are due for updates. If we have built something very custom and something inside of PingFederate changes, then we contact the support team. The response from the support team is pretty quick. Mostly our company's issues related to the solution get resolved with the help of the technical team.

PingFederate provides pretty good documentation for the initial setup, but it's a large one requiring users to spend time on it.

If one is familiar with other authorization services, like Keycloak, it is possible to adopt PingFederate quickly.

The solution is deployed on the cloud, and we use the cloud services Amazon provides according to their documentation.

The deployment phase of the tool usually takes less than five minutes.

PingFederate allows us to untie our hands within our work environment, which involves many scenarios in terms of customization.

I would ask those planning to use the solution for the first time to research their infrastructure to utilize the other services in PingFederate. If they use the services of some other vendor, like Azure AD or other solutions, then it would be easier to use PingFederate since it may be less pricey.

I rate the overall solution a nine out of ten.

We use the product to run different reports. 

We have encountered instances where it is not easy to do authentication. 

I have been using the product for two years. 

I would rate the tool's stability a ten out of ten. 

My company has 1000 users for the product. 

My experience with the support team is good. 

The product's setup is easy if you have all the information and support. 

I would rate the product a nine out of ten. 

We use PingID for multifactor authentication, passwordless login, and push notifications. 

I like the self-service feature. The 502 and UBP systems are also excellent. PingID's ability to authenticate with SSH, RDP, and Windows login is pretty handy. It covers the entire spectrum of use.

PingID's device management portal should be more easily accessible via a link. They provide no link to the portal like they do for the service. The passwordless functionality could be more comprehensive. You can't filter based on hardware devices. Having that filtering option would be great. Device authentication would be a great feature. 

We have used PingID for five years.

Early on, there were many changes to PingID because the company was trying to address some security vulnerabilities, but we only faced outages twice in three years due to these updates.  It's fairly stable overall. 

PingID's scalability is good. We haven't had any issues, but we don't have a huge amount of traffic. My organization has around 150,000 users. 

We've had issues with incorrect reporting and needed to contact support. Reports were missing values, or the details weren't clear. We had a quick resolution 80 percent of the time. 

Positive

I rate PingID seven out of 10 for ease of setup. It takes less than a day to deploy in one environment. It's a cloud-based solution, so you only need to set up an account and link it to your on-prem environment using an adapter. 

I rate PingID eight out of 10. I would recommend it depending on the use case. You need to clarify your requirements before implementing the solution. 

We primarily use PingFederate for access management authentication. It is mainly for authenticating employees, but we sometimes use it to authenticate customer applications. 

PingFederate gives you granular control over the settings. There are many options for fine-tuning policies. 

PingFederate's UI could be streamlined. They have recently made several improvements, but it's still too complex. It's a common complaint. The configuration should be simplified because the learning curve is too steep. 

PingFederate is stable. 

PingFederate is an efficient solution, but the scalability depends on the environment. It's an on-prem solution, so it depends on the number of servers we have. We have around 150,000 users. 

Deploying PingFederate is straightforward. The deployment time depends on the size of your environment and the things you need to do to get it working, such as configuring the server and the firewall rules. Installing it is simple, but you might need to spend a week configuring it to work in your environment. 

I rate PingFederate eight out of 10. 

From a user perspective, if you need to get into our VPN or virtual private network, which is for remote people, there is protected data behind a vault.

And if you need access to the vault, you must use a multi-factor and PingID. Additionally, vicariously, people have to use multi-factor to get into applications. The final aim is to get into laptops and desktops, and you have to use Multi-factor to restart or unlock your PC. You have to use multi-factor. The way that we do multi-factor here is we give the users a choice of using a phone or a Ubiquiti as to something they have.

So after they type in their password and username, they're prompted for a device that they have registered, and they have their choice of a phone or a Ubiquiti, or both.

I wonder if there are multi factors in improving. It's always a deterrent to productivity, naturally. Since I've been on this journey for three years, I've seen the product improve in the sense that it's less impact on productivity. In the beginning days, we had challenges with paying, finding the network, and signing its back-end service in the cloud. However, that's been drastically improved over the years.

The other thing we did was allow users to manage their device profiles. So they can either go in and register on Ubiquiti or a phone directly with the user interface now or web interface, and they can also set their default device which they want to use. So they, like Ubiqui working with PingID, tend to be the default of choice. So they set their Ubiquiti to the default device. And then whenever MFA is prompted, they have the Ubiquiti or default device. So that was a great improvement. And the way we implemented PingID, it's the same user interface regardless if you're getting into VPN, the vault applications, or a laptop or desktop.

So it's the same user interface to manage profiles centrally on a server. Hence if they change it for one use case, they change it for another.

It's the device management portal where users can manage it themselves. So before that, they'd have to call IT support to rearrange their default device in the profile, but now they can do it themselves.

PingID is feature rich. We've prototyped some of their step-up authentications. In certain circumstances, like geofencing, they can waive the MFA requirement because they're in a trusted area that's physically secured. We've prototyped that but have not rolled anything like that out. So, the aforementioned details can be considered for future improvements and changes in the product.

I have been using the solution for over three years.

It is a stable solution.

It is a scalable solution. I've never really had problems where it's going down in one region. Well, even if it does, I don't notice it because the failover is working. 43,000 users are using the solution.

I would say the scalability is an eight or a nine.

The technical support team is good. We have some enhancement requests for them, and I think our people have a weekly call with them where they bring things up. They notify us of security vulnerabilities.

In the beginning, the initial setup was very complex. We had to ensure it was always available so there was a fail over. We had to have a mirror environment. It was complex in the early days three years ago, but it's matured quite a bit over the past three years. The solution is deployed on the cloud.

I see an ROI. It's not a revenue generator. So it's purely from a cost perspective, but on the other hand, because we protect so much of our data now through multi-factor, I don't know the statistics of how many times we've been hacked or passwords were stolen. But because we have done that, we've probably saved ourselves a lot of money in reputational damage in breach recovering from breaches.

On the technology stack we're currently using, we're exploring other technologies based on our platform and it includes many of our products. But we may explore other technologies to make it more seamless. But PingID is going to stay. We want to use something like biometrics to make it easier for shop floor workers. But if anything, I need an expansion of PingID.

It's a good, stable product, and they've served our needs very well. They've been very responsive, and the product is scalable. It's pretty robust. The desktop is customized to what we do here at GE, but they work a bit with us on it. So it's an excellent product.

I rate the overall solution a nine out of ten.