KuppingerCole Report
Executive View
By John Tolbert

Ping Identity’s PingFederate

PingFederate sets the standard for identity federation standards support. PingFederate can enable Single Sign-On (SSO) between business units, enterprises, and all popular SaaS applications. PingFederate works both on-premise or in the cloud, and is easy for administrators to install and maintain.

1 Introduction

Identity federation is the foundational element for enabling Single Sign-On (SSO) between different domains. Thousands of organizations across the globe depend on identity federation for mission critical applications. Federation technology silently powers connections between colleges and universities, banks and other financial institutions, medical service providers to hospitals, e-commerce brands and retail sites, government departments to agencies, employers and employee benefits providers, subsidiaries and holding companies, suppliers to commercial buyers, sub-contractors to prime contractors, online publications to other media companies, etc.

The classic federation use case is a set of users in one domain (Acme.com) leveraging their identity credentials and authentication events to gain access to another domain (Globex.com), without having to explicitly maintain distinct accounts and login with different passwords. Identity federation is one of the main technologies that helps organizations move away from password-based authentication. Since federation is seamless between organizations and transparent to the users, it makes moving between federated web properties a much better user experience.

Federation brings many benefits beyond improving the user experience via SSO. Decreasing the number of passwords that users must remember provides immediate security benefits, in that it reduces the identity attack surface. It also improves organizational security posture, in that, a user’s home domain is usually more diligent and quick to terminate accounts when the user leaves or no longer needs access than all the down-level service providers he or she may interact with in their daily business. Federation also simplifies account maintenance across connected sites. Relying Parties (RPs) depend on Identity Providers (IdPs) to maintain, update, and remove accounts, so the burden of duplicate accounts, attributes, and effort are eliminated.

Prior to the advent of identity federation protocols, web access management (WAM) systems provided SSO within a single domain. Federation technology can bridge WAM systems, even between WAM systems by different vendors. Therefore, federation technology can help deploying organizations escape vendor lock-in, and more easily connect (or disconnect) entities involved in mergers, acquisitions, and divestitures.

The most common federation protocols, frameworks, formats, and specifications are Security Assertion Markup Language (SAML), OAuth, OpenID, OpenIDConnect, JSON Web Tokens, (JWT), WS-Federation, and WS-Trust.

Ping Identity’s PingFederate is the flagship of their product line. PingFederate supports all the federation protocols and provides additional authentication and authorization functionality.
Ping Identity, founded in 2002, has grown to be a major vendor of identity management solutions, both for on-premise and cloud deployment.

Ping Identity was acquired by Vista Equity in June of 2016, and subsequently acquired UnboundID in August 2016, adding robust directory, Consumer Identity & Access Management (CIAM), and Identity-as-a-Service (IDaaS) capabilities.

2 Product Description

PingFederate is the standards-bearer of federation standards products. PingFederate can be licensed separately from Ping Identity’s product line, w ...

Login Get full Access

3 Strengths and Challenges

PingFederate provides federation services as a standalone product or as part of the overall Ping Identity suite of solutions. As a premiere identity ...

Login Get full Access


©2021 KuppingerCole Analysts AG all rights reserved. Reproduction and distribution of this publication in any form is forbidden unless prior written permission. All conclusions, recommendations and predictions in this document represent KuppingerCole´s initial view. Through gathering more information and performing deep analysis, positions presented in this document will be subject to refinements or even major changes. KuppingerCole disclaim all warranties as to the completeness, accuracy and/or adequacy of this information. Even if KuppingerCole research documents may discuss legal issues related to information security and technology, KuppingerCole do not provide any legal services or advice and its publications shall not be used as such. KuppingerCole shall have no liability for errors or inadequacies in the information contained in this document. Any opinion expressed may be subject to change without notice. All product and company names are trademarks™ or registered® trademarks of their respective holders. Use of them does not imply any affiliation with or endorsement by them.

KuppingerCole Analysts support IT professionals with outstanding expertise in defining IT strategies and in relevant decision-making processes. As a leading analyst ompany, KuppingerCole provides first-hand vendor-neutral information. Our services allow you to feel comfortable and secure in taking decisions essential to your business.

KuppingerCole, founded in 2004, is a global, independent analyst organization headquartered in Europe. We specialize in providing vendor-neutral advice, expertise, thought leadership, and practical relevance in Cybersecurity, Digital Identity & IAM (Identity and Access Management), Cloud Risk and Security, and Artificial Intelligence, as well as for all technologies fostering Digital Transformation. We support companies, corporate users, integrators and software manufacturers in meeting both tactical and strategic challenges and make better decisions for the success of their business. Maintaining a balance between immediate implementation and long-term viability is at the heart of our philosophy.

For further information, please contact clients@kuppingercole.com.