Federated single sign-on (SSO) and identity management. Secure mobile access. Social identity integration. Automated user provisioning.

Transcription

1 PingFederate We went with PingFederate because it s based on standards like SAML, which are important for a secure implementation. John Davidson Senior Product Manager, Opower PingFederate is the leading enterprise federation server for standards-based, federated identity management allowing organizations to break free from expensive, inflexible existing stack vendor investments and leverage Next Gen Identity to meet modern business demands, such as federating identities across multiple identity stores, applications and architectures. By integrating silos of identities and applications inside the enterprise, across partners and into the cloud, PingFederate enables: Federated single sign-on (SSO) and identity management. Secure mobile access. API security. Social identity integration. Features Single integrated solution Proven interoperability Secure and standards-based Lightweight, scalable architecture 80+ integrations Multi-protocol support Centralizes cloud access control Supports hundreds of integration use cases Automated user provisioning. PingFederate easily integrates with existing systems and offers standalone deployment for fast implementation. Additionally, PingFederate can be integrated with PingOne and PingAccess to fully support Next Gen Identity and return agility to the enterprise. SaaS Apps Mobile Apps Web Services Enterprise Federation Server Cloud Single Sign-on (SSO) and Federated Identity PingFederate offers users seamless resource access and eliminates password management. Access Policy Management and Adaptive Federation Flexible authentication and access policies give users the convenience of a single set of credentials and IT complete control. Automated User Provisioning Reduce the risk of unauthorized access and orphaned accounts by leveraging PingFederate for provisioning users to and from the cloud. SIEM and Audit Logging Address compliance and regulatory requirements through integration with popular SIEM vendors and reporting tools. 1

2 It s pretty simple: PingFederate improves employee productivity and saves us time and money. Capabilities and Benefits Single Sign-on (SSO) and Federated Identity Manage all identities and enforce policies from any directory Establish secure, one-click access between identity and service providers Avoid duplicating user directories by leveraging existing IAM infrastructures Lee Tschetter Enterprise Architect, Land O Lakes Bridge identity systems quickly to accelerate new customer and partner relationships, as well as mergers and acquisitions Utilize proven industry standards SAML, OpenID and SCIM to securely transmit user access and provisioning information OAuth, OpenID Connect and WS-Trust to safeguard mobile and API access SSO for Employees Workforce to cloud Internal SSO SSO for Customers and Partners Client-Facing SSO Third-Party Service Aggregation Consumer-Facing SSO Partner-Facing SSO WS-Federation for active (browser) and passive (thick client) use cases, including complete integration with Microsoft Office 365 Multi-Factor Authentication Utilize customized authentication methods to fit any scenario Create rules and authentication chains for sensitive data access or for groups and roles Collect identity attributes from any number of sources, including external identity repositories or attribute services Interact with multiple data sources like JDBC and LDAP to retrieve attributes for tokens, attribute queries and map or link accounts Develop secure access rules based on criteria like physical and logical location and device Integrate with PingID for strong authentication or connect to other strong authentication solutions User Management (Provisioning and Deprovisioning) Enable rapid provisioning and deprovisioning of users Provide users access to the apps and resources they need Centralize control over users Easily add and automate user provisioning and deprovisioning with out-of-the-box support for standards-based provisioning (SCIM) and for proprietary provisioning protocols to many popular SaaS applications Leverage just-in-time user provisioning and account updates based on inbound claims Gain SCIM support for full CRUD operations on user directories Integrate with any user repository (even custom directories) Utilize custom provisioning APIs for popular SaaS applications Integrate flexibility through the Ping Identity SCIM-to-API gateway views and reports for easier, more efficient audits 2

3 Federation Standard Support SAML 1.0 SAML 1.1 SAML 2.0 WS-Federation OpenID OpenID Connect OAuth 2.0 SCIM 1.1 WS-Security WS-Trust WS-Federation Mobile and API Access Deliver a secure SSO experience for mobile applications Support developers with key mobile identity standards: OAuth and OpenID Connect Deploy identity and access control without refactoring back-end applications Leverage REST and SOAP-based architectures with OAuth, OpenID Connect and WS- Trust support Work with out-of-the-box token translators to facilitate integration with existing applications; and gain a complete and documented SDK to support any custom needs Extendable Architecture Utilize dozens of integrations and a network of pre-integrated applications Leverage your identity infrastructure Provide easy integration with target applications Keep your existing IAM infrastructure Implement IAM projects in hours or days, not weeks or months Bridge identity systems quickly to accelerate new customer and partner relationships, as well as mergers and acquisitions Application Integrations PingFederate integrates with the following applications: Microsoft IIS and Apache HTTP Server IBM WebSphere, Oracle Weblogic, Apache Tomcat and other application servers CA Siteminder, Oracle Access Manager, Tivoli Access Manager, SAP Netweaver and other web access management systems Active Directory, Azure AD, LDAP and other authentication systems RSA SecurID, Symantec VIP, Google Authenticator and other two-factor and strong authentication systems PeopleSoft, ADP, Microsoft Dynamics and other commercial applications Amazon Web Services, Citrix XenApp and other virtualization platforms 3

4 Top 5 Reasons People Choose Ping Identity: Fortune 100 proven identity management Deployed in the cloud and the data center PingFederate Solutions Federated Access Management PingFederate, when integrated with PingAccess, creates the first ever Federated Access Management solution. This solution enables authentication to users where their identities live, provides access management and centralizes access control for all client types, web browsers, native mobile applications and server-to-server communication. Integrates with 80+ enterprise technologies for fast deployment Enables single sign-on, federated identity, secure APIs, secure mobile access, social integration Enables secure SSO to customer, partner and employee apps Secure Mobile Access As the number and sophistication of mobile applications grow, it is critical to ensure the same access controls as existing applications. Integrate identity into mobile apps using open standards. Ensure all access to mobile application data is controlled and auditable. Future-proof identity and access managment (IAM) platforms by adopting a standardsbased approach to mobile application authorization and access without proprietary agents. API Security Ping Identity lets you secure your APIs using mature identity standards as well as state-of-the-art authentication and authorization protocols. Deliver a personalized experience by leveraging identity instead of restricting access based on obsolete access controls. Provide a secure user experience based on proven identity standards. Quickly and easily audit for fraud and compliance. OAuth Authorization Server: PingFederate is an OAuth Authorization Server (AS), allowing a resource owner (typically an end user) to grant authorization for access to a resource. As an extension of OAuth capabilities, PingFederate supports an optional configuration for OpenID Connect, an emerging protocol for secure, lightweight transfer of authentication and user attributes. Security Token Service (STS): The PingFederate WS-Trust STS allows organizations to extend SSO identity management to Web Services, allowing token exchange and validation for SOAP APIs. Microsoft Interoperability Ping Identity solutions for Microsoft tightly integrate with Active Directory to provide single signon to applications like Office 365, Dynamics and SharePoint. Integrations with on-premises.net and IIS environments are simple with drop-in modules and libraries. Microsoft Office 365: Ping Identity provides complete single sign-on (SSO) and directory synchronization for Office 365, supporting native apps like Lync and Outlook, as well as secure access for Sharepoint and other web-based applications. Users gain access to rich tools on their desktops, smartphones and tablets using a single identity without sacrificing security or encouraging risky password behaviors. 4

5 On-premises Integrations: Kerberos and Form Authentication: Get Kerberos and HTML form authentication for all of your applications through tight integration with Active Directory, enabling seamless single sign-on regardless of the platform or device..net Applications: Drop in libraries provide easy access to advanced authentication rules, adaptive federation and two-factor authentication so your developers can focus on their applications instead of security. IIS Servers Identity for the Web: A drop-in module for IIS provides secure access to all of your web applications regardless of the identity provider or authentication source. Legacy IAM With older identity management solutions, it can be difficult to meet both business and technical requirements. As your business grows and you acquire a variety of new technologies, your identity solutions need to be flexible and scalable enough to keep up. Ping Identity offers an unmatched portfolio of libraries, adapters and connectors that enable you to easily integrate with your current technologies speeding up development time securely and cost-effectively. Social Identity Integration PingFederate allows users to leverage identities from social sites like Google, LinkedIn, Twitter and Facebook to authenticate and connect employees, partners, customers and consumers to cloudbased applications. Learn More About the Leading Federation Server, PingFederate! Supporting all of the current identity standards including SAML, WS-Federation, WS-Trust, OAuth and OpenID Connect, PingFederate is recognized as a leading federation product today that also future-proofs business tomorrow. To learn more, visit pingidentity.com Ping Identity Corporation. All rights reserved. Ping Identity, PingFederate, PingOne, PingEnable, the Ping Identity logo, and Cloud Identity Summit are registered trademarks, or servicemarks of Ping Identity Corporation. All other product and service names mentioned are the trademarks of their respective companies. 7/14.1 About Ping Identity The Identity Security Company Ping Identity believes secure professional and personal identities underlie human progress in a connected world. Our identity and access management platform gives enterprise customers and employees one-click access to any application from any device. Over 1,200 companies, including half of the Fortune 100, rely on our award-winning products to make the digital world a better experience for hundreds of millions of people. For more information, dial U.S. toll-free or , sales@pingidentity.com or visit pingidentity.com. 5