PingOne from Ping Identity vs. Salt Security API Protection Platform

Really like [this] solution, it fits our requirements 100%. There are unlimited possibilities to extend the product, either by creating additional adapters or selectors. We really like the policy management level in PingFederate. It's extremely helpful when we can specify customer journey per many different requirements like user location, application type etc. As well, both StepUp and TopDown authentication flows were implemented [easily].

Salt is highly recommended for anyone who wants to discover, monitor and protect their APIs against various types of attacks. Salt should not be used as a SIEM.

• Based on open standards, we can use as much or as little of the Ping suite as we like, depending on which other technologies we've already implemented.
• Continuous innovation and product enhancements have ensured their products continue to meet our rapidly evolving needs.
• Ping Identity has been an outstanding partner, starting with the RFP process and continuing to this day, years after the sale. They are focused on our success at every level of the company and are highly responsive to our needs, issues, and product suggestions.

• PII identification in API traffic.
• Divergence between API traffic and documentation (swagger files).
• Potential attacks with information to take counter measures.

• Solutions are attractive to engineers but harder to sell to upper management.
• Support was initially a challenge but has improved immensely.

Incentivized

• The platform could have more options for exporting detailed data from attackers' dashboards.
• The Attackers dashboard could also have more options of filters in order to support the investigations of the attack.
• The OAS analysis could present a more detailed view of the found issues.

As I mentioned earlier, efficiency and security are this software's bread and butter. The usability is very simple and straightforward, very user-friendly. As a result, it is efficient in a way that we can provide faster quality service to our merchants, and security in a way that our credentials will never leak since PingOne always values Personal Identifiable Information.

Incentivized

Ping's support is willing and attentive, but if I am in a position to engage them I am often at a point where most of the usual support engineers would not be in a position to answer the questions I have. However, Ping has been more than willing to engage their product and development teams with our organization as we take advanced deployment and use case challenges to them.

Incentivized

This solution is selected before my time so, not much influence ,but product allow to customized and require decent ping skills to configure the solution. Okta and Other solutions are well suited in this category with some positive and some negative capabilities. it must say that Auth0 is the best option with Azure Identity to move ahead.

Incentivized

We tried controls offered by the IaaS providers but these were hard to manage and did not provide the visibility we wanted. We also protected APIs with a normal WAF but this was only helpful for assets we knew about and API attacks were not caught by the WAF.

• Decreased overall number of help desk calls for password reset.
• Reduced time need for authentication; user[s] now have to authenticate once to be able to use more than 20 applications, instead of authenticating 20 times (per app).

• Salt Security API Protection Platform has provided detailed information that is helping us to identify and investigate attacks in our environment