Ping Identity has announced PingFederate 7, a major upgrade to its identity bridge software and Cloud Identity Management Platform. The release delivers the first standards-based user provisioning, authentication, and authorisation solution to the manual and proprietary obstacles that stand in the way of cross-domain – or federated – business integrations with customers and partners.
A highlight of PingFederate 7 is support for new identity standards: SCIM (System for Cross-domain Identity Management) and OpenID Connect. SCIM is a provisioning standard currently managed by the Internet Engineering Task Force (IETF). It is a lightweight, automated standard that provides inbound and outbound user provisioning for corporate directories and SaaS providers, replacing proprietary or manual provisioning methods. OpenID Connect, an emerging authentication and authorisation standard from the OpenID Foundation, consolidates access control for both web and APIs into one, making it easier to secure web applications and their underlying APIs.
“Identity standards are fundamental to business in the cloud because they make it easier for people to work across multiple domains,” said Roger Oberg, vice president of marketing and product management for Ping Identity. “Imagine your employees automatically provisioned and then authenticated and authorized to use any cloud application in a single click. Consider what it would mean to give your partners the same experience with your applications. Support for SCIM and OpenID Connect in PingFederate 7 largely completes the standardisation effort required for all identity use cases to scale out to the cloud and extends Ping Identity’s market-leading commitment to standards that gives our customers new ways to deliver seamless and secure user experiences.”
Businesses today need to build federated relationships with customers, suppliers and channel partners to succeed. SaaS providers want their applications to appear as an extension of the security and identity management infrastructure their enterprise customers already have. The challenge is to build these cross-domain relationships while balancing the need for security and convenience.
The problem, according to Forrester Research, is that, “In today’s dynamic environment, IT should have the ability to enable all legitimate access by workforce members to software-as-a-service (SaaS) apps and by partners to internal apps — and block all illegitimate access. Unfortunately, most organizations have built multiple user stores that often lack quality data. This doesn’t scale well as the adoption of SaaS apps grows and the number of partners increases.”*
Automating provisioning with SCIM across domains ensures that legitimate users can access their applications easily while unauthorised users cannot. Support for SCIM in PingFederate 7 reduces potential threats that can result from accounts left open after an employee leaves an organisation. Using PingFederate 7, identity providers can automate user provisioning from an organisation’s identity store into SaaS applications, replacing a time-intensive manual or proprietary process. A service provider, such as an HR SaaS application chosen to manage employee information, can also provision a user back into its customer’s organisation as part of an on-boarding process.
With the proliferation of mobile and web applications, passing identity details to target applications requires developers to write an increasing amount of code. This adds complexity, cost and time to each application development effort and lacks scalability. With OpenID Connect’s lightweight, API-friendly framework, developers can extend identity details maintained in existing identity management products in a consistent and secure manner to cloud and mobile apps.
New support for OpenID Connect in PingFederate 7 gives IT a future path for an Internet-scale identity and access management solution that doesn’t compromise security. With PingFederate 7, developers gain a pathway to include identity in any application using the IT organisation’s existing policies and investments in a centralised access management system.
“The addition of SCIM and OpenID Connect provides customers a single offering to solve a broad range of identity and access management problems for both web and API-based applications and services,” said Loren Russon, director of product management for Ping Identity. “The promise of OpenID Connect for Internet-scale identity and access management is still on the horizon, but we are working with customers today who want to utilise it for internal SSO as a lightweight alternative to heavy, proprietary integrations.”
In addition to SCIM and OpenID Connect, the latest release of PingFederate includes more than 80 enhancements to capabilities and integrations with leading IT products, making it easier for customers to configure and manage federated identities.