Ping Identity Platform Reviews

We use PingFederate to provide SSO (Single Sign-On) solutions to enterprise applications. We support protocols like SAML (Security Assertion Markup Language), OAuth, and OpenID Connect. For example, an organization wants to enable SSO for their applications. We use PingFederate to integrate those applications and onboard them with their IdP (Identity Provider).

PingFederate's scalability features supported our organization's growth. 

We use PingFederate as an identity provider (IdP). At the back end, we have Active Directory and Ping Directory as user stores for authentication. For our company, where we have around one million users and a thousand applications, PingFederate enables single sign-on (SSO) using the SAML protocol.

People have different email IDs and applications. Instead of users needing to remember a thousand different credentials, they can authenticate with a centralized system and use a single set of credentials to log in to all authorized applications. This provides a seamless user experience.

PingFederate is very flexible. We can do many customizations, and it also provides an SDK to tailor it to our specific requirements. There are also numerous plugins available. I've worked with tools like ForgeRock and Okta, but I find PingFederate to be the most customizable.

It provides basic SSO functionality, but we can easily extend it. For instance, if a client requires multi-factor authentication (MFA) beyond username and password, such as OTPs or knowledge-based answers, we can integrate those. 

Ultimately, we tailor the solution based on client needs. In fact, I've also worked in presales, demonstrating the capabilities of PingFederate through POCs (Proof of Concepts).

It requires some expertise to set up and manage. Also, having dedicated support is helpful. It's not something anyone can just set up and run without assistance – ideally, a team using PingFederate should have at least one or two people with in-depth knowledge of the product.

I have a total of eight plus years of experience using the complete Ping suite, which includes PingFederate, PingAccess, PingDirectory, and everything. 

I have enterprise-level knowledge of all the products. I have implemented, developed, and supported Ping solutions.

I've used both on-premises and cloud setups, and I haven't experienced any stability issues so far. The  stability depends on how you configure your infrastructure. But overall, the stability is very good.

PingFederate provides different scalability options. We can set it up in a cluster for a large user base. For instance, we can have two or three servers at the back end to distribute the load and ensure stability. We can install PingFederate in a clustered configuration.

This way, requests are distributed equally, and we can tailor the setup to the number of users. If the user base is small, two servers might be enough. For a larger number of authentication requests, we could use four or five PingFederate servers at the back end.

The support is good. If you have issues, they respond promptly. You just need to provide clear and detailed information about your problem.

For PingFederate implementation, we have different options. We can have an on-premise implementation, meaning we install it on our own procured servers. Alternatively, we can use the cloud version of PingFederate.

The initial setup itself isn't overly complex. With the cloud version, it's primarily deploying WAR files. 

While the full implementation takes time due to development and testing, the core installation process is relatively straightforward.

Ping offers flexible pricing that's not standardized. Subscription length will impact the price – for example, a three-year subscription will likely be cheaper than a one-year option. 

Additionally, if you require a higher level of support, that will influence the pricing. It depends on your specific requirements and support needs.

I definitely recommend PingFederate. If not the on-premises version, the cloud version is also a good option. We can determine the best approach based on your specific requirements. 

PingFederate is a great tool with a lot of customization options. It even offers agent-based integrations for older legacy applications that don't support modern protocols like SAML or OAuth. We just need to install JAVA agent on the application server, and there it will take the request and take it forward to the PingFederate.

Based on ease of use and everything, I'll rate it a nine out of ten. I've used Okta, and that's a bit more complex in comparison. 

It requires some expertise to set up and manage. Also, having dedicated support is helpful. It's not something anyone can just set up and run without assistance – ideally, a team using PingFederate should have at least one or two people with in-depth knowledge of the product.

I use the solution in my company for SSO implementations in different applications using two protocols, one of which is SAML and the other one is OIDC. For implementing SSO into those applications using the aforementioned protocols, I use Ping Identity Platform.

The most valuable feature of the solution is the federation facility it provides, which helps in fetching identity from one application to another application.

The product's community has certain shortcomings that require improvement. The tool's community needs to become stronger and more user-friendly since multiple questions are not being answered. If I search for errors or queries, I get answers from around eight years or four years ago.

I have been using Ping Identity Platform for two years. When it comes to Ping Identity Platform, I use PingFederate 12.0. My company is a product partner.

It is a very stable solution.

It is a scalable solution. We can use cluster management. We can have multiple servers as many as we want.

A lot of people in my company are using the tool. Hundreds of people are using Ping Identity Platform in my company.

The product's initial setup phase is easy.

The solution is deployed as an on-premises software. I am also using the tool on my local system and AWS.

The tool is quite affordable.

My company started to use Ping Identity Platform since it is quite robust, easy to use, user-friendly and provides a lot of features with its own directory, access management tool, and identity management tool.

I would choose Ping Identity Platform over the other platforms in the market.

I recommend the tool to others.

It is a very user-friendly platform, I would say, so there are no prerequisites required or anything else.

The multi-factor authentication process depends on how users configure their authentic policies, so it is according to user requirements.

I did not face any challenges when integrating Ping Identity Platform with other systems. My experience has been very smooth and good.

I haven't used the tool with any AI to improve the identity verification process.

Learning to use the tool is easy, especially compared to other Identity tools.

The product offers robustness and stability, and it provides a number of tools for different use cases.

I rate the tool an eight to eight and a half out of ten.

From a user perspective, if you need to get into our VPN or virtual private network, which is for remote people, there is protected data behind a vault.

And if you need access to the vault, you must use a multi-factor and PingID. Additionally, vicariously, people have to use multi-factor to get into applications. The final aim is to get into laptops and desktops, and you have to use Multi-factor to restart or unlock your PC. You have to use multi-factor. The way that we do multi-factor here is we give the users a choice of using a phone or a Ubiquiti as to something they have.

So after they type in their password and username, they're prompted for a device that they have registered, and they have their choice of a phone or a Ubiquiti, or both.

I wonder if there are multi factors in improving. It's always a deterrent to productivity, naturally. Since I've been on this journey for three years, I've seen the product improve in the sense that it's less impact on productivity. In the beginning days, we had challenges with paying, finding the network, and signing its back-end service in the cloud. However, that's been drastically improved over the years.

The other thing we did was allow users to manage their device profiles. So they can either go in and register on Ubiquiti or a phone directly with the user interface now or web interface, and they can also set their default device which they want to use. So they, like Ubiqui working with PingID, tend to be the default of choice. So they set their Ubiquiti to the default device. And then whenever MFA is prompted, they have the Ubiquiti or default device. So that was a great improvement. And the way we implemented PingID, it's the same user interface regardless if you're getting into VPN, the vault applications, or a laptop or desktop.

So it's the same user interface to manage profiles centrally on a server. Hence if they change it for one use case, they change it for another.

It's the device management portal where users can manage it themselves. So before that, they'd have to call IT support to rearrange their default device in the profile, but now they can do it themselves.

PingID is feature rich. We've prototyped some of their step-up authentications. In certain circumstances, like geofencing, they can waive the MFA requirement because they're in a trusted area that's physically secured. We've prototyped that but have not rolled anything like that out. So, the aforementioned details can be considered for future improvements and changes in the product.

I have been using the solution for over three years.

It is a stable solution.

It is a scalable solution. I've never really had problems where it's going down in one region. Well, even if it does, I don't notice it because the failover is working. 43,000 users are using the solution.

I would say the scalability is an eight or a nine.

The technical support team is good. We have some enhancement requests for them, and I think our people have a weekly call with them where they bring things up. They notify us of security vulnerabilities.

In the beginning, the initial setup was very complex. We had to ensure it was always available so there was a fail over. We had to have a mirror environment. It was complex in the early days three years ago, but it's matured quite a bit over the past three years. The solution is deployed on the cloud.

I see an ROI. It's not a revenue generator. So it's purely from a cost perspective, but on the other hand, because we protect so much of our data now through multi-factor, I don't know the statistics of how many times we've been hacked or passwords were stolen. But because we have done that, we've probably saved ourselves a lot of money in reputational damage in breach recovering from breaches.

On the technology stack we're currently using, we're exploring other technologies based on our platform and it includes many of our products. But we may explore other technologies to make it more seamless. But PingID is going to stay. We want to use something like biometrics to make it easier for shop floor workers. But if anything, I need an expansion of PingID.

It's a good, stable product, and they've served our needs very well. They've been very responsive, and the product is scalable. It's pretty robust. The desktop is customized to what we do here at GE, but they work a bit with us on it. So it's an excellent product.

I rate the overall solution a nine out of ten.

I use the solution to protect the application and enable the single sign-on.

Setting up the infrastructure with Ping Identity Platform is very easy compared to other IAM products. You just have to unzip the folder, and your Ping infrastructure is ready. With very limited changes, you can prepare your infrastructure with Ping Identity Platform.

PingAccess can only have one token provider, and you cannot enable two different token providers simultaneously. Nowadays, people are migrating from on-premises to the cloud and may want to run the on-premises and cloud versions simultaneously. In other words, they may want to enable two token providers at the same time. That feature is not available in PingAccess.

PingFederate has limitations with cookie size, and it does not support larger cookie sizes. We also have some concerns about the cookie size.

I have been using Ping Identity Platform for five years.

Ping Identity Platform is a stable solution.

We had a good experience with the solution's technical support team.

It is very easy to set up the infrastructure with Ping Identity Platform compared to other on-premises solutions.

I would recommend the solution to other users. Compared to other IAM products, Ping Identity Platform is a stable and easy-to-maintain product with many features that can be enabled. It is easy for a beginner to learn to use the solution if he has a basic understanding of technical skills and networking.

Overall, I rate the solution an eight out of ten.

I've been managing it in my company. I am more on the implementation side.

We implement the MFA feature, multifactor authentication and administrate the application.

When it comes to authentication, the focus is always on security. That means using a separate device to verify the user logging in.

On the security side, PingID adds an extra layer, contributing about 20% of the overall security. Then, authentication brings more advanced features and contributes further.

PingID excels in managing user access and profiles. That's where it integrates most deeply with the existing systems.

The most valuable feature is the two-factor authentication (2FA). 

The mobile biometric authentication option improved user experience. It's always about security because, with two-factor authentication, it's always a separate device verifying the actual user logging in.

The management console needs to be improved. PingID should revise it.

I have been using it for a year. 

I would rate the stability an eight out of ten because there had been some issues.

I would rate the scalability a seven out of ten. PingID is adapting to most challenges. 

We have small and medium businesses as our customers. 

We get support. The support engineers are good. They are quite proactive.

Positive

I would rate my experience with the initial setup a seven out of ten, with ten being easy to set up. 

The initial setup is not too complex. Deployment is really quick and typically the entire process takes two hours. 

The pricing is neither too expensive nor too cheap.

Overall, I would rate the solution an eight out of ten because there is room for improvement in terms of usability. 

In my company, we use PingFederate for federated connections and some ADC connections to arrange for single sign-on across our infrastructure and customers.

The most valuable feature of the solution is that PingFederate is very customizable since it allows its user to write in Java while using Spring, allowing for any plugin for almost any place or entity inside of it. You can modify everything, and it's a very suitable tool, more than Okta or Azure AD when you have a non-standard structure since it allows for customization and runs as a separate solution or a service.

Notifications and monitoring are two areas with shortcomings in the solution that need improvement.

I have been using PingFederate for more than five years. I use the solution's latest version. I am a customer of the solution.

I haven't faced any issues while walking with the solution. It is a stable solution. Stability-wise, I rate the solution a ten out of ten.

It's a very scalable tool because it allows those working on it to work with clusters, especially if we discuss PingFederate's horizontal scalability. One can use any number of nodes needed, but usually, two or three nodes are enough during the production phase.

For how the solution has been set up and programmed, I rate the solution's scalability a nine out of ten.

Owing to an NDA that my company has signed, I can't disclose the exact number of my company's customers who use the solution, but I can say that many use the solution, and it goes more than 50 in number.

My company does contact the solution's technical support from time to time in relation to the custom components that are due for updates. If we have built something very custom and something inside of PingFederate changes, then we contact the support team. The response from the support team is pretty quick. Mostly our company's issues related to the solution get resolved with the help of the technical team.

PingFederate provides pretty good documentation for the initial setup, but it's a large one requiring users to spend time on it.

If one is familiar with other authorization services, like Keycloak, it is possible to adopt PingFederate quickly.

The solution is deployed on the cloud, and we use the cloud services Amazon provides according to their documentation.

The deployment phase of the tool usually takes less than five minutes.

PingFederate allows us to untie our hands within our work environment, which involves many scenarios in terms of customization.

I would ask those planning to use the solution for the first time to research their infrastructure to utilize the other services in PingFederate. If they use the services of some other vendor, like Azure AD or other solutions, then it would be easier to use PingFederate since it may be less pricey.

I rate the overall solution a nine out of ten.

My primary use case for PingID was multifactor authentication, then I used PingOne, which showed me the transaction, so the whole person authentication, including the errors. Based on the resulting errors, I checked the PingFederate connection mapped for the particular application and published information about the issue.

Through PingID, there was multifactor authentication. In particular, secondary authentication was enabled to secure the application and is supported in IOS, even for mobile devices.

During the PingID authentication, you need to swipe or give your fingerprint on your mobile and then get the SMS for authentication.

What I like best about PingID is that it's very user-friendly.

PingID is well-built as a developer tool and regularly upgrades and updates via patches. Sometimes, my company faces vulnerability issues, and PingID even helps through vulnerability patches.

The tool has excellent features.

I also like that PingID has clear documents that will help you integrate it with other solutions.

PingID classifies the type of environment into internal and external, with the internal environment for internal users and the external environment for external users. For example, the external users would be cabin crew members who log in using the mail ID through multifactor authentication. This is an area for improvement in PingID because you need to take additional steps so you can trust both internal and external users.

My company had to use the CIDR authentication selector as an additional step, through policy creation in the PingFederate website, with the help of trusted IP, where all people belong to a particular network, then my company needs to do some IP load balancing. My company had to configure the particular IP in the CIDR authentication selector, then only then can it classify users into internal or external.

An internal user doesn't need to do multifactor authentication, but an external user will be redirected to a request from the PingFederate console, and then, based on the user authentication method, through biometrics, the user will be authenticating from Active Directory. If the user is valid, authenticated, and the authorization is approved, the user will then be redirected to the application.

I have more than three years of experience with PingID. The last time I used PingID was six months ago. I'm now working on the PingFederate side.

Stability-wise, PingID is an eight out of ten for me. It's a very stable solution, but sometimes, failures occur that you can't control. For example, my company checked logs in Sumo Logic and had Dynatrace as a monitoring tool. If there's a failure in the software system, where everything is connected, for example, if PingFederate isn't working, Dynatrace will send a report to my company. If PingFederate or an agent isn't working, my company won't receive any logs, so it depends on the policy and infrastructure, but PingID stability is an eight for me.

The scalability of PingID purely depends on the server side and how you're going to configure it. In some cases, it would also depend on how you'll do performance tuning. How scalable PingID  is will differ from infrastructure to infrastructure. For example, I supported the easyjet.com environment which had more than ten thousand user bandwidth.

Support-wise, PingID is an eight out of ten because when my company faced a P1 incident or issue that company members couldn't resolve, my company created a P1 request. The PingID SME joined the call within thirty to forty minutes, which was the vendor's service agreement, but only for P1 issues.

For P2 issues, it takes around one hour and forty minutes; for P3 incidents, it could take eight hours; for P4, it usually takes ten hours but could reach up to twenty hours.

Positive

I used PingFederate with PingID because PingFederate can assign internal and external users and configure validation. Based on the improv setup, you can also use PingFederate for your internal environment. Still, in my company, I'm using PingFederate for the external environment, where servers run outside the company's environment.

I used CA SiteMinder in the past, which was an older tool, and I wanted to use the latest technology, so I switched to a newer tool, PingDirectory, which I installed. Now I can work on PingDirector in terms of schema rules, mapping, etc.

The initial setup for PingID is seven out of ten for me. I had to install PingFederate, have experience with PingDirectory and Apache Studio, and do everything myself, including the environment setup. I've successfully implemented the project.

PingID for mobile apps is okay, as you don't need to deploy PingID in any of the servers. Still, you need to create the connection, enabling PingFederate in a particular environment. PingFederate is not infallible, and it's the only inject site, so you inject, then run the property file, configure the admin port, cluster port, and the index number for the engine node. You need to denote how many engine nodes you must classify for the admin node on the property file, then run that file. Once the PingFederate console runs, automatic cancellation will occur, and the application will work.

The complete deployment of the PingID project didn't take more than five to six months, including the POC, development, and production.

I've implemented PingID, so it was an in-house implementation.

PingID saves you time between thirty to forty percent, so time is the ROI, at least to me.

PingID pricing is a ten out of ten because it's a little bit cheaper than other tools, such as Okta and ForgeRock, and supports multiple tools. It also has the main feature of MFA via finger swiping or SMS versus other MFA tools, where you need to wait for a few seconds to get the new code, even if you've been authenticated. The speed of transactions in PingID is also very fast because it only takes microseconds after swiping your finger. I like the tool very much.

I've evaluated other software, such as PingFederate, PingDirectory, PingAccess, and PingOne, apart from PingID.

I'm working in the identity access management domain, so I've used software such as PingFederate, PingDirectory, PingID, PingOne, and PingAccess.

PingID is deployed on the AWS service, so that's on a cloud environment.

I'm part of the engineering team, with three members working on the PingID project and five from the support team working on PingID. Within the environment I supported, twelve thousand people used PingID, particularly crew members who used the MFA feature of the solution.

The maximum number of users I've seen from PingID based on the environment I supported was up to twelve thousand.

My recommendation to anyone looking into implementing PingID is that before working with the tool or any other tool, you first need to understand it and get some basic knowledge about it. With basic knowledge, you can implement PingID. Consider why you'd implement the tool in your environment and for what purpose. How many people will benefit from using the tool? Before implementing, it would be best to compare PingID with other tools to see the features and benefits.

My rating for PingID is eight out of ten because it's a faster tool with multiple features. It also supports one of the adapters of PingFederate, the composite adapter, which allows you to enable MFA on an adapter-based setup.

My company is a PingID partner.

People use the solution to secure their applications and authenticate particular processes.

In access token management, we have to attach a certificate. In that column, I have to enable the search option to edit certificates. We can choose a drop-down to search for which certificate we have to create, which is difficult.

I have been using Ping Identity Platform for more than two and a half years.

Ping Identity Platform is a stable solution.

A lot of users from our company are using the solution globally.

The solution’s initial setup is easy.

Ping Identity Platform is not an expensive solution.

Recommending the solution to other users depends on their application. If fewer people use your application, you can set up the tool in a quality environment. You can also use Ping Identity Platform to secure your application by restricting access to a few people.

It is not easy for someone to learn to use the solution for the first time, but at the same time, it's not very difficult to learn.

Overall, I rate the solution an eight out of ten.