Identity Security Blogs

Planning a Migration from Oracle? Are you running a legacy Oracle IAM stack? Are you tired of the painful million-dollar upgrades with every release? Are you worried about the loss of functionality after you upgrade to those “newer” releases? Are you worried about the end of support of your critical IAM infrastructure? Worse yet, a statement of direction that they are "feature complete"? Let me tell you how you can have a modern IAM system co-exist with the current legacy Oracle system, add immediate value to your business as you plan a phased approach to migration from Oracle.

Learn how to deploy the ForgeRock Identity Platform using DevOps techniques Do you want to deploy the ForgeRock Identity Platform for 100 million users in less than 5 minutes?  Sounds impressive - but how? The ForgeRock Identity Platform has been designed from the beginning for interoperability and massive scale with a DevOps friendly architecture that integrates seamlessly into continuous delivery environments, providing a comprehensive set of identity services to help companies generate new revenue streams and set themselves apart from the competition.

There are several options for using OAuth 2 access tokens with multiple back-end resources (APIs) with single page applications or mobile applications. Read this post to discover how scope and audience are used to describe resources and how these different options might be implemented.

Under PSD2, regulated banks and financial service providers must enable the use of standard eIDAS certificates for identification and authorization of API clients. Delve into a technical solution based on PingFederate and PingAccess, together with the TPP-checking API from Konsentus.

When an application consumes a variety of different APIs, often all endpoints require an OAuth 2 access token issued from a common Identity Provider, with appropriate security token checks in place. Gain an understanding of three primary approaches for best employing OAuth 2 access tokens.

Discover how to create an effective API security strategy. As API adoption increases, you need API security that builds off of traditional web application security practices but also takes additional steps to discover and stop threats specific to this prime attack vector.

Implementing single sign-on (SSO) is often the first step in protecting your enterprise against cybercrime. When you start with SSO, you provide a strong security posture for your enterprise and give your users the convenient access they expect. To learn more about how SSO strengthens security, read on.

Learn how to shore up your API security and help prevent costly data breaches. This article reflects on 16 years of experience implementing API security, shares lessons learned from notorious hacks, and explores the prospect of emerging security patterns leveraging machine learning.

The Modlishka phishing tool, which automates the phishing of one-time passcodes, could potentially cause your users to unintentionally hand over their credentials to bad actors. Here’s what we at Ping are doing to help your organization guard against Modlishka-type phishing attacks.