KuppingerCole Report
Executive View
By John Tolbert

PingIdentity’s PingDirectory

PingDirectory provides a flexible and scalable base for IAM and customer IAM. With advanced functions for encryption, load-balancing, and virtual directory, PingDirectory can meet and exceed security requirements and SLAs.

1 Introduction

PingIdentity, founded in 2002, has grown to be a major vendor of identity management solutions, both for on-premise and cloud deployment. PingFederate is the company’s best-known product, which brought identity federation capabilities to thousands of customers. PingIdentity was acquired by Vista Equity in June of 2016, and subsequently acquired UnboundID in August 2016, adding robust directory, Consumer Identity & Access Management (CIAM), and complementing Ping Identity’s PingOne Directory Identity-as-a-Service (IDaaS) capabilities.

Directory services are the foundation of Identity and Access Management (IAM) systems. All basic and advanced IAM capabilities depend upon user information repositories, aka directories. Directories contain user identifiers and a variety of attributes, such as organization, organizational unit, location, country, nationality, and all the groups that are used to denote which collections of users should get access to specific resources.

Directories have evolved considerably from the x.500 days. Lightweight Directory Access Protocol (LDAP) has been the standard for many years. Microsoft’s Active Directory (AD) is an enhanced implementation of LDAP. SQL databases are also sometimes used as user attribute repositories. In recent years, NoSQL databases, e.g. MongoDB, are utilized to collect non-standard and sometimes unstructured types of user information.

Many enterprises have deployed virtual directory solutions to provide unified and scoped views into user data across multiple data stores. For example, virtual directories may aggregate user data from more than one LDAP service, SQL databases, and NoSQL data stores. These virtual directories serve as a front-end to calling applications, to deliver a layer of abstraction making it easier for application developers to create more scalable programs and allowing administrators to mask the complexity of underlying identity repositories.

As more services moved to the Cloud, it seems natural that identity services would be offered as a Cloud service by specialists as well. Cloud IAM systems have transitioned from being identity services for SaaS applications to providing full Identity as a Service (IDaaS) solutions for customers.

Traditional workforce IAM has leveraged the functionality of LDAP and AD repositories to build resilient WAM, SSO, and federation infrastructures for decades. In the last few years, as customer IAM has arisen as a specialty, thus the need for scaling IAM has expanded considerably. Whereas workforce IAM systems typically work well for hundreds of thousands of users, CIAM requires reliable service to support hundreds of millions of users.

The UnboundID acquisition gives PingIdentity a highly scalable and advanced directory service, PingDirectory. PingDirectory is a strong, feature-rich directory service capable of world-class performance, with the ability to create unified identities from LDAP, AD, RDBMS, MDM, or other disparate sources, for both workforce and customer IAM environments.

2 Product Description

PingDirectory is an enterprise class directory service product. PingDirectory can be licensed separately from PingIdentity’s product line, which in ...

Login Get full Access

3 Strengths and Challenges

PingDirectory provides directory services as a standalone product or as part of the overall PingIdentity suite of solutions. As a premiere identit ...

Login Get full Access


©2021 KuppingerCole Analysts AG all rights reserved. Reproduction and distribution of this publication in any form is forbidden unless prior written permission. All conclusions, recommendations and predictions in this document represent KuppingerCole´s initial view. Through gathering more information and performing deep analysis, positions presented in this document will be subject to refinements or even major changes. KuppingerCole disclaim all warranties as to the completeness, accuracy and/or adequacy of this information. Even if KuppingerCole research documents may discuss legal issues related to information security and technology, KuppingerCole do not provide any legal services or advice and its publications shall not be used as such. KuppingerCole shall have no liability for errors or inadequacies in the information contained in this document. Any opinion expressed may be subject to change without notice. All product and company names are trademarks™ or registered® trademarks of their respective holders. Use of them does not imply any affiliation with or endorsement by them.

KuppingerCole Analysts support IT professionals with outstanding expertise in defining IT strategies and in relevant decision-making processes. As a leading analyst ompany, KuppingerCole provides first-hand vendor-neutral information. Our services allow you to feel comfortable and secure in taking decisions essential to your business.

KuppingerCole, founded in 2004, is a global, independent analyst organization headquartered in Europe. We specialize in providing vendor-neutral advice, expertise, thought leadership, and practical relevance in Cybersecurity, Digital Identity & IAM (Identity and Access Management), Cloud Risk and Security, and Artificial Intelligence, as well as for all technologies fostering Digital Transformation. We support companies, corporate users, integrators and software manufacturers in meeting both tactical and strategic challenges and make better decisions for the success of their business. Maintaining a balance between immediate implementation and long-term viability is at the heart of our philosophy.

For further information, please contact clients@kuppingercole.com.