Ping Identity

Ping Identity delivers a unified identity platform for workforce and customer access, available as PingOne (cloud) or enterprise software (PingFederate, PingAccess, PingDirectory). It supports OIDC/OAuth 2.0, SAML 2.0, and WS-Federation/WS-Trust, with adaptive MFA, risk-based access, and no-code orchestration.

Key Capabilities

• Standards-based federation: Provides interoperability across SaaS and enterprise apps with OIDC/OAuth 2.0, SAML 2.0, and legacy WS-Fed/WS-Trust.

• Authorization server: PingFederate operates as a full OAuth 2.0/OIDC provider, issuing ID and access tokens and supporting advanced profiles such as PAR, mTLS-bound tokens, and (optionally) DPoP where configured.

• Adaptive MFA & passkeys: PingID enables FIDO2/WebAuthn, mobile push, OTP, SMS, and voice for passwordless and step-up authentication.

• Risk-based access: PingOne Protect applies device and behavioral analytics to produce dynamic risk scores and drive adaptive access decisions.

Limitations

• Portfolio complexity: Capabilities span multiple products (PingFederate, PingAccess, PingDirectory, PingOne); deployment models, licensing, and management differ between cloud and on-prem.

• Advanced OAuth coverage: PAR and mTLS are supported; there isn’t enough public information to confirm universal DPoP support across all Ping products.

• SCIM role clarity: PingDirectory typically acts as a SCIM provider, while PingOne commonly serves as a SCIM client—verify directionality for your integration.

• Legacy protocol retention: WS-Fed/WS-Trust persist mainly for backward compatibility; modern deployments should prefer OIDC/SAML.

• Corporate lifecycle: Ping Identity merged with ForgeRock (Thoma Bravo, 2023); branding, roadmap, and product convergence are still evolving.