Ping Identity SSO: A Practical Guide | Frontegg (2024)

How Does Ping Identity Provide SSO?

Ping Identity is an American software company that provides identity services. It provides an Identity Access Management (IAM) platform, including a suite of identity solutions which can be deployed on-premises or in the cloud.

One of Ping Identity’s notable features is single sign on (SSO). This is a user authentication option that allows a user to use one set of login credentials to access multiple applications. The service authenticates the user for all the applications they have been given rights to and eliminates further prompts when the user switches applications during the same session.

Ping Identity provides SSO as part of PingOne for customers, PingOne for Workforce, Identity Cloud, and PingFederate. Its SSO capabilities include identity federation, registration and profile management, adaptive authentication policies, social login, account linking, and an identity integration marketplace with over 1,800 integrations.

In this article:

Ping Products that Deliver SSO

Here are some of the Ping products that deliver single sign-on capabilities.

SSO with PingOne for Customers

PingOne for Customers enables secure access to web applications and services. This cloud-based solution enables organizations to implement single sign-on (SSO) for their customer-facing applications. It supports standards like OpenID Connect and OAuth 2.0.

PingOne for Customers integrates with a company’s web and mobile applications, enabling customers to sign in once and gain access to all associated services without the need to log in again. This is achieved through a centralized authentication mechanism that manages user identities and permissions.

SSO with PingOne for Workforce

PingOne for Workforce secures employee access to internal and cloud-based applications. It supports a range of authentication methods and standards, including SAML and SCIM, which allow it to easily integrate with existing IT infrastructure.

PingOne for Workforce implements SSO by allowing employees to authenticate once and gain access to all authorized applications without needing to sign in to each one separately. This is accomplished by creating a secure session that is recognized across all integrated applications, eliminating the need for multiple logins.

SSO with Ping Identity Cloud

Identity Cloud by Ping Identity is a cloud-based identity and access management platform that combines SSO, multi-factor authentication, user directory, and data governance capabilities. It can support complex enterprise environments, and enables management of user identities across a wide range of applications and services.

Identity Cloud implements SSO by leveraging a centralized identity store and authentication framework to manage user access across multiple applications. By integrating with various applications through standard protocols like SAML, OAuth, and OpenID Connect, Identity Cloud ensures that users can navigate between services with a single authentication process.

SSO with PingFederate

PingFederate is an enterprise federation server that enables single sign-on, and identity management for both internal and external applications. It acts as a bridge between different identity management systems. PingFederate supports a wide range of standards and protocols, including SAML, WS-Federation, OAuth, and OpenID Connect, enabling it to support diverse IT environments.

PingFederate facilitates SSO by acting as a central authentication authority that securely authenticates users and issues tokens that are recognized by integrated applications. This allows users to access multiple applications by authenticating only once with PingFederate, which then communicates their authentication status to other services. It can integrate seamlessly with a wide variety of applications, both on-premises and in the cloud.

Ping Identity SSO Features

Configurable SSO and Identity Federation

The basic SSO and identity federation feature in the Ping Identity platform supports standards such as SAML, OAuth, and OpenID Connect. Ping Identity’s administrative interface is designed to simplify the configuration process, enabling quick setup of SSO and federation without requiring deep technical expertise.

Registration, Profile Management and Password Reset

Ping Identity provides built-in user registration, profile management, and password reset processes. These features support management of user identity lifecycles across an organization.

With Ping Identity, users can self-register and manage their profiles, enabling them to update their personal information, preferences, and security settings directly. The password reset feature provides multiple ways for users to regain access to their accounts, such as through email verification, security questions, or SMS verification.

Adaptive Authentication Policies

Adaptive authentication policies in Ping Identity enhance security by adjusting authentication requirements based on the context of access requests.

The platform evaluates several factors, including user behavior, device trustworthiness, location, and network security, to determine the appropriate level of authentication needed. If an access request appears to be high risk, the system can prompt for additional authentication factors, such as biometrics or one-time passwords.

Social login and account linking

Ping Identity supports social login and account linking, enabling users to access applications using their existing social media credentials. This feature simplifies the login process for users by allowing them to use familiar credentials, reducing the need for multiple usernames and passwords. Account linking also allows users to connect their application accounts with their social media profiles.

Identity Integration Marketplace

The Identity Integration Marketplace is a comprehensive ecosystem that provides access to over 1,800 integrations, connectors, and extensions. This marketplace allows organizations to easily extend the capabilities of their Ping Identity solutions, integrating them with a variety of systems, applications, and services.

Ping Identity Limitations

Like all products, Ping Identity’s solutions come with some limitations and challenges. Here are a few issues that were shared by users via the G2 platform.

Interface Complexity and Performance Issues

Ping Identity faces criticism for its complex interfaces, particularly in applications like PingAuthorize and PingDirectory. This complexity can pose a challenge for new users or those with limited technical background.

Additionally, performance issues have been noted, such as delays in pop-up notifications when new access is requested via the PingIdentity App. Users indicate that these performance issues, especially during initial sign-on on the Windows interface, could be improved for a smoother login experience.

Role Management, Synchronization, and MFA Integration

Users report challenges with role management and entitlement creation within Ping Identity. Synchronization issues also add to the administrative burden when changes do not reflect in a consistent or timely manner across the system.

Furthermore, setting up multi-factor authentication, particularly with hardware tokens like YubiKeys, has been less than intuitive, requiring more support than anticipated. This complexity suggests that simplifying the MFA process could benefit users, particularly those less familiar with such security measures.

Documentation Quality and Upgrade Process

Ping Identity’s documentation has come under scrutiny for not being as thorough as required. Users feel that more accurate and detailed guidance would be beneficial.

Another area for improvement is the upgrade process for PingFederate. Major updates necessitate a simultaneous rollout, which complicates efforts to achieve zero downtime. While Ping Identity allows minor revisions to be upgraded more seamlessly, users are looking for further simplification of the update process, particularly for significant version changes.

Support and User Experience

The console user experience and after-hours support are additional areas where users see room for improvement. A more intuitive console UI could enhance the overall user experience.

Timely assistance during critical periods is essential, and users suggest that more accessible after-hours contact support could mitigate the impact of unexpected issues.

Tutorial: Setting up SSO in PingFederate

This guide will walk you through the process of setting up single sign-on for administrators.

Prerequisites:

• A licensed copy of PingFederate version 10.1.2 or a more current version
• A licensed copy of PingOne
• A text editor or terminal for editing files
• Environment Admin role privileges in PingOne to set up SSO to PingFederate

To set up SSO in PingFederate:

1. Navigate to the Overview page, locate the PingFederate tile and click on the Configure Administrator SSO button.
2. Provide the URL of the PingFederate administration console.
   It should look like this: https:///pingfederate/app

3. Click Save and Continue.
4. When you see the OpenID Connect (OIDC) settings, copy them to the oidc.properties file on the PingFederate administration server.