Connecting Users with Identity as a Service

Connecting Users with Identity as a

Service

When investigating identity and access management (IAM) solutions for workforce, partners

and customers, there are many options available. Existing on-premises IAM solutions typically

work well for providing single sign-on (SSO) to employees, but open up a set of challenges

when organizations want to provide access to their customers and partners. Organizations with

traditional IAM are therefore faced with complexity and a choice—add customers and partners to

existing user directories, such as Microsoft

®

_{Active Directory (AD), and take on the licensing and}

user administration costs, or look to alternatives.

Unfortunately, with the first option’s complexity, partners and customers must settle for less and

IT with forced cost and compromises for implementation—not ideal. Fortunately, there is an

alternative to the complexity, cost and comprises. Identity as a Service (IDaaS) is growing as a

common deployment model for organizations. An IDaaS solution provides a cloud-based option to

give all of your users the same easy access to all of the applications they need.

“By the end of 2017, 20% of IAM purchases will use the IDaaS delivery model, up from less

than 10% in 2014.” – Gregg Kreizman,

Gartner

2

“

Ping Identity has demonstrated support for multiple workforce and external identity use cases, as well as strong service provider support.

”

Gregg Kreizman

Solution Benefits

■ Single sign-on to all your

applications for all of your users ■ Centralized control for IT—with

convenience for end users ■ Integration with your existing

security investments

Introducing PingOne, Identity as a Service

PingOne®_{, an Identity as a Service (IDaaS) solution, delivers a centralized solution to provide single} sign-on to all of the applications your employees, customers and partners need, while keeping it under your control.

Deliver the Applications Users Need

Multiple usernames and passwords simply no longer work as a primary security practice. Still, end users need access to a variety of applications—including SaaS, custom and packaged applications. With PingOne, you can give centralized access to all of the applications end users need. PingOne provides a number of ways to access your SaaS, web, custom and legacy applications. It also offers a customizable user portal that is available via a web browser, as well as via mobile applications for Apple and Android™.

Users access all of their applications via the PingOne web-portal or mobile app. This user interface can be customized to match your branding for your users, customer and partners.

Give Access to Applications Through an Application Catalog

PingOne offers flexibility on how to provide applications to your end users. It includes an application catalog with thousands of pre-configured applications and allows you to define new applications yourself.

Basic or Federated Single Sign-On

Connections are made to applications using basic or federated SSO. With basic SSO, a web-browser extension is used to securely relay passwords to web applications. The user is prompted to sign on to their application as they normally would the first time. PingOne will then use those credentials to sign on to those applications in the future. The credentials are encrypted locally on the end-user’s device and stored in PingOne. PingOne never has access to those credentials. With federated SSO, sign-on to SaaS applications is done via Security Assertion Markup Language (SAML), an open standard used to exchange authentication and authorization data between an identity provider (PingOne) and a service provider (your SaaS application). With SAML, a single connection is made to your SaaS application and PingOne.

Ping Identity solutions work with:

■

Web Servers:

Apache, Microsoft® _IIS PingOne has been consistently

Managing Users

If you are like most organizations, you need to provide applications to your workforce, customers and partners. With PingOne, you get unmatched flexibility to work with your existing identity stores, while providing options for the future.

Bridging Existing Identity Stores

The challenge with existing on-premises identity systems that leverage Kerberos and LDAP is that they cannot make the leap to SaaS applications. Without coding or extensive customization, external identities (partners or customers) won’t be able to readily connect from their environments to on-premises resources.

Unlike legacy on-premises systems, PingOne can work with your existing identity stores by providing an identity bridge to your existing investments. The identity bridge is important for both ‘to the cloud’ and ‘from the cloud’ application access.

PingOne offers a number of identity bridge options to work with your existing stores. If you are using Microsoft Active Directory, Ping Identity offers AD Connect, a lightweight agent that connects to Active Directory and provides a single, outbound federation identity provider and provisioning connection to PingOne. From there, PingOne takes care of SSO to your applications. PingOne gives you the flexibility to work with multiple identity stores. If you have more complex needs, such as a legacy WAM or LDAP, PingOne provides an enterprise identity bridge that can be used with PingOne.

Manage Your Users in PingOne

One Directory for Customers, Partners and Occasional Users

Your user population consists of more than just your employees. Today, you have a network of users, including demand chain partner users, supply chain partner users, customers, contractors, retirees and more. Why add the expense and hassle of managing these users in your existing on-premises directory? With the PingOne directory, you can provide access to your applications for occasional users with simplicity.

The PingOne directory includes:

■

Cloud User Management.

Gain easy user management with the ability to customize the attribute schema for your needs.

■

User Groups.

Define and assign users to groups for simple management of users to applications and directory access entitlements.

■

Directory Access Entitlements.

Assign administrative rights for groups of users to manage other users in the directory.

■

User Provisioning Via SCIM.

Utilize automated on-boarding and off-boarding of users to applications using the SCIM standard. Give users access to apps when they need them and take away access when they don’t. This provides a standards based approach to provisioning and eliminates proprietary APIs for provisioning.

■

User Registration.

Deliver quick and efficient access to applications for your end-users via a self-registration or anonymous registration process. This eliminates the need to create users and gets your users into your applications faster.

Strong Authentication

What You Get: PingOne as an IDaaS Solution Highlights

■

SSO for all of your users.

Give employees, customers and partners the same, secure one-click access.

■

Integration with all of your applications.

Provide one-click access to all of your SaaS, web, custom and legacy applications.

■

Support for your existing user directories.

Use an identity bridge to connect to your existing investments while providing SSO to all of your applications.

■

Cloud user management.

With the PingOne directory, easily manage users in the cloud and provide easy access to your applications with no on-premises requirements.

■

Multi-factor authentication.

With the optional PingID MFA solution, provide easy-to-use and secure strong authentication to meet your policies.

Start using PingOne today

Sign up today for a free trial of PingOne!

Standards Support

Ping Identity supports a complete portfolio of standards, including SAML, OAuth and OpenID® Connect. In addition to supporting standards, Ping Identity actively participates in the standards development for critical new capabilities, like native mobile SSO (NAPPS).

Customer Support

Ping Identity has customers across North America, EMEA and APJ, and provides 24/7 support in multiple languages. Ping Identity is ranked among the top software companies in the world with a Net Promoter Score (NPS) of 58.

Ping Identity has been consistently named a leader across multiple, independent industry evaluation and analyst reports:

■ Gartner Magic Quadrant: Identity and Access Management as a Service, June, 2014

■ The IDC MarketScape: Federated Identity Management and Single Sign-On Market, March, 2014 ■ The Forrester Wave™: Identity

And Access Management Suites, Q3 2013