Identity Federation Hub
Connect all identity types to the applications and resources they need
Federate Beyond Your Workforce
Today’s modern enterprises serve multiple different identity types, from workforce to customers to partners. This complex ecosystem is most effectively managed by identity federation, which provides a bridge to connect all of those different user identities in one place and reduces your administrative overhead. A versatile federation solution can solve your current and future identity management challenges. As your organization evolves to allow more users to securely access the applications they need, a single authentication authority will be essential.
Bridge Identity & Service Providers
In order for a large complex enterprise to enable any workforce, partner, or customer user to access any resource, a robust identity federation solution is required. A federation hub that supports multiple identity standards, like PingFederate, makes it faster and more cost effective to provide secure access for all users. Here are some ways you can deploy PingFederate to bridge an identity provider (IdP or authentication provider) and service provider (SP or application) to address your authentication and access needs:
- IdP to SP
Legacy authentication meets modern application. As a large, long-standing enterprise, you likely have legacy authentication schemes that do not leverage modern identity standard or protocols. At the same time, your workforce needs to access new SaaS applications or resources built on the latest open identity standards. In order to connect your workforce to new applications, such as Salesforce or O365, and older applications you will need PingFederate’s federation hub capabilities to bridge and translate across older authentication sources, multiple standards and modern applications.
- IdP to Many SPs
Existing authentication meets new application portfolio. Mergers and acquisitions are commonplace amongst global enterprises. When a company makes an acquisition, it is often the case that employees of the acquired company need to gain access to a portfolio of new applications that the parent company offers, such as corporate expense reporting, business spend and cloud storage sites like Concur, Coupa and Egnyte. In most cases, the acquired company has an existing authentication method already in place. To streamline access to the new applications, PingFederate bridges the acquired company’s existing authentication method to all of the parent company’s applications.
- Many IdPs to SP
Connect multiple partners to your enterprise application. Your enterprise’s partner network is an essential part of your business operations. To securely and easily manage multiple partners’ access to your enterprise’s partner site, such as Microsoft SharePoint, your application needs to connect to each of those partners’ authentication methods, which often differ from your enterprise’s authentication method. PingFederate has the ability to out-of-the-box connect to multiple authentication methods and give all of your partners secure access to the relevant enterprise applications they are entitled to.
- Many IdPs to Many SPs
Access an application portfolio via multiple authentication methods. Most global enterprises today have multiple authentication methods deployed because authentication requirements vary across geographic regions, business units, or as a result of M&A activity. At the same time, global enterprises have defined application portfolios that specific users need to access. For example, the global finance organization may have a suite of applications it needs to access via multiple authentication methods. PingFederate’s federation hub capabilities can satisfy this complex use case by providing access to the global finance team’s application portfolio for each finance employee, regardless of the employee’s geographic or business unit authentication method.
Identity Provider Initiated SSO
Enterprises are focused on improving user experience for all, whether that is customers, partners, or their own employees. One way to improve user experience for your employees is through a consistent single sign-on (SSO) experience initiated by an IdP. With PingFederate, enterprises can streamline how their workforce accesses all of their corporate applications. A single set of credentials gives the employees access to a corporate dock where they can open each of their applications with a single click. If desired, enterprises can even challenge users to provide additional authentication factors in order provide employees access to their applications.
Service Provider Initiated SSO
Enterprise employees demand flexibility in how they access corporate resources. Often times employees need immediate access to an application such as Salesforce.com and directly visit that application’s website instead of going through their corporate dock. With PingFederate, users can still leverage their SSO credentials to have the application begin the SSO process and minimize password sprawl.
SSO-enable Your Non Standards-based Apps
Many enterprises have older applications that were built with proprietary identity flows and protocols, or they were built before modern identity standards were developed. Rather than reconfigure your older applications to enable SSO, you can leverage the combined power of PingFederate and PingAccess. When combined with PingFederate, PingAccess, acting as a gateway solution, simplifies the process of enabling single sign-on for non standards-based applications.
SSO for APIs and Mobile Applications
Your workforce and partners are using mobile devices and applications more often to get work done, which has driven the widespread use of APIs. However, API security and scalability can be threatened by the constant collection and replay of multiple usernames and passwords.
Together, PingFederate and PingAccess can protect your enterprise’s resources by consolidating and securing identity-driven web SSO authentication and API authorization and access. PingAccess provides the authorization and access management for both web applications and APIs and uses PingFederate for its authentication and federation capabilities.
SSO to Web Services
Today’s complex enterprises must provide access to web services leveraging numerous versions of identity federation standards, such as SOAP and WS-Trust. In order to support a heterogenous application environment, enterprises need a modern federation service that supports universal token translation and a security token service (STS). PingFederate enables the enterprise to extend SSO by generating tokens using the necessary identity standard to give users secure access to a variety of web services.
Start Today
See how Ping can help you deliver secure employee and customer experiences in a rapidly evolving digital world.
Request a free demo
