Ping Pitches Cloud-Based SSO

Ping Identity has announced PingOne, which it calls a cloud-based multiplexed identity switch that provides single single-on (SSO) access to cloud applications. It uses standards-based, federated SSO protocols such as Security Assertion Markup Language, OAuth, and OpenID. In addition to providing SSO for users, the product also gives IT staff the ability to manage access to cloud applications in a central user directory, such as Microsoft’s Active Directory, which means there needs to be only one set of employee credentials with the required security.

Moving to the cloud adds new layers of complexity to the already challenging identity management issue. Factors to be considered include the need for government and other regulatory requirements, the number of public cloud apps being used, the number and ability of development resources available, the need or desire for single sign-on capabilities, and more.

BioIQ Inc., a Santa Barbara, Calif.,based wellness technology company that provides platforms for employees of client companies to log in and get health information, testing, and other resources, started working with Ping in December, says chief technology officer Aaron Campos. Because many employers already have an Internet portal into which the user logs in, BioIQ uses SSO on the front end as an entry into its screening solution, which then links employees to information, resources, and a whole ecosystem of hundreds of kinds of wellness intervention, he says. While the company had been working with another SSO partner, it had to tailor its system to meet variances that the partner had, and eventually it made sense to find an off-the-shelf solution rather than continuing to maintain the old one, he says.

“PingOne is bringing a loosely coupled, horizontal approach to the identity federation broker pattern, which has typically been deployed in more limited business-to-business circles of trust, such as the automotive industry and higher education,” says Eve Maler, principal analyst in security and risk for Forrester Research. “Integrating identity partners one time rather than repeatedly is a strong potential attractor,” she says. However, she warns, with ecosystems, it’s all about third parties. “Enterprises looking for seamless sign-on into business software-as-a-service apps will be looking to see if this “club” has the set of application-provider members they need,” she says.

The services are intended for what are referred to as Tier 1 vendors, which use open standards, have directories that remain in place rather than being moved to the cloud and synchronized, and users log in to a directory and SAML works by using an open token exchange in a back-end process, says Jonathan Buckley, vice president of the on-demand business for the Denver company. Ping connects applications and directories rather than relying on screen scraping and proprietary methods for SSO. This makes the price a tenth the cost of competing products such as those from Oracle because no professional services are required, he says. Once the user logs in for the first time that morning, they are led to a cloud desktop, with load balancing and protected applications, which replaces the need to bookmark everything and makes workflow easier, he says.

PingOne Application Provider Services starts at $5,000 per application per year. PingOne Cloud Access Services starts at $5 per user per month. Both services are available now. 50 companies have participated in the beta program since late last summer, Buckley says.

Learn more about Strategy: How to Manage Identity in the Public Cloud by subscribing to Network Computing Pro Reports (free, registration required).