Product Review: Ping Identity PingAccess Server
PingAccess server is designed to be a complete access management solution for enterprise customers, particularly large enterprises. The company behind the product, Ping Identity, is a fourteen year old small business with an impressive list of clients. The company recently announced that it has been acquired by Vista Equity Partners, a leading private equity firm focused on software, data and technology enabled businesses. Moreover, the company boasts a 95 percent customer retention rate since the business’s inception. With that information in mind, let us take a look at their PingAccess server – which is designed to provide both Web and Federated Access Management.
PingAccess server offers a variety of access management tools and a wide array of technical capabilities. It also performs these functions in a way that is unlike most, if not all, of its competitors. According to the Ping Identity website, “By providing role and attribute-based access control that applies policies based on identity, you can enable access from any client to any application.” While this may sound at first glance like a simple creation of roles or permissions, it is actually a feature that – according to Ping Identity – is unmatched by its competition. More specifically, this role- or attribute-based control can be established for resources or applications, and features a long list of different policies and capabilities. The policies include authentication (such as OAuth token scope) and identity attributes, while the additional capabilities include the use of scripting (in Apache Groovy) and further configuration via the use of an SDK. With the PingAccess server, various static or dynamic authentication policies can be combined to help keep the security system robust.
“Most use cases today will find in PingAccess a powerful solution to the biggest challenges of business.” – Ivan Niccolai, KuppingerCole
From a workflow perspective, PingAccess server generally stands in the middle between the client (the authentication side) and the client’s tools (the assets). In this way, it functions as a web asset management (WAM) solution, connecting APIs and apps to the users. This is demonstrated in the figure below, which represents one such depiction of PingAccess from the vendor’s website.
Related: Network Traffic Analyzer, provides the “who, what and when” of traffic flowing on the network
PingAccess aims to improve on legacy WAM solutions by offering new functions and capabilities not seen in such older product offerings. PingAccess server is tightly integrated with another Ping product, the PingFederate federation server; the combination of these two provides speedy web application SSO and authentication. Sessions and access restrictions across all applications are centrally managed by Ping for greater security. In addition, PingAccess features an API gateway capability to allow for access policy creation for REST-based APIs (including line-of-business APIs). This is notable because it allows for access control policies for non-browser based applications, such as mobile apps, and because it allows API developers to be unfettered from worrying about developing API authentication. These policies can be based on identity attributes, authentication levels, OAuth attributes and scopes, and both time and network ranges. It is also possible to create URL access control policies, based on attributes such as device type, user information and whether the authentication was multi-factor or single-factor.
The integration of PingAccess and PingFederate provides a Federated Access Management (FAM) solution in addition to the previously mentioned WAM solution. This provides more flexibility for customers, particularly when it comes to using open security standards such as SAML, OAuth and WS-Federation. In fact, Ping markets PingAccess as taking a “standards-based approach” to access management. According to the PingAccess product page, PingAccess “uses JSON Web Tokens (JWTs) to maintain session information and OpenID Connect to facilitate user authentication.” The use of these open standards helps speed up application development and avoid vendor lock-in, as well as enabling IT managers to have consistent access control across devices and applications.
PingAccess server is designed to be a complete access management solution, including web access management (WAM) and federated access management (FAM) with the bundled PingFederate software. (For those who do not need FAM, Ping does provide a subscription service with only PingAccess functionality.) Generally speaking, the software is well-reviewed for having a user-friendly GUI and a very lightweight digital footprint. It can be used by enterprise customers for session management, medium-grade access control or for a full audit. Some of its main competitors for access management include CA, Oracle and IBM. A more detailed account of competitors to Ping Identity’s access management solution can be found in theKuppingerCole report Leadership Compass: Access Management and Federation.
Ping Identity is holding a series of Identify regional conferences this October and November in London, Frankfurt, New York and San Francisco. It will also exhibit at the Gartner Catalyst Conference this August in San Diego, and at Microsoft Ignite in September in Atlanta.
PingAccess Product Page
PingAccess Data Sheet
PingFederate Server Product Page
Ping Identity Events Page