Excellent platform that marries the customization of on-prem with the flexibility of SaaS
July 29, 2020
Excellent platform that marries the customization of on-prem with the flexibility of SaaS
Score 9 out of 10
Vetted Review
Verified User
Overall Satisfaction with Ping Identity Platform
The Ping Identity Platform is used centrally for all business units in our deployment. PingFederate provides enterprise SSO and session management for worker-used applications, and PingID is the MFA provider for the same. PingCentral is the self-service integration platform for internal application teams to create, manage, and delete their app integrations against that platform. It was selected to facilitate our long-term cloud migration and security modernization strategies.
Pros
- PingFederate is feature-rich, and quickly updated with the latest standards and profiles. This gives us more tools to apply identity standards to modern business challenges.
- PingFederate and PingCentral were also easy to deploy within docker containers and weave into an infra-as-code deployment, keeping operational overhead low.
- PingID has an array of supported authenticators for nearly every use case, and early FIDO2 support has us looking into moving to passwordless much more quickly than I had anticipated.
Cons
- PingID has some limitations when used as the MFA for some LDAP implementations. You need to use it as a RADIUS password credential validator to solve for some of those limitations, which in turn causes challenges with our ephemeral cloud deployment model of PingFederate.
- The basic logon services within PingFederate are adequate and well-documented, but simple features like disabling user input after entering credentials would help with some of the additional customization required to support real world failure modes.
- PingCentral authorization models and configuration remain unpolished compared to other products, and now the features seem to be shifting toward onboarding PingAccess and PingDirectory over improving baseline administrative functionality/operations.
- The TCO for our deployment of Ping will be over a million dollars/year less to operate compared to the systems it replaces.
- Moving the organization to federated protocols allows greater flexibility in our cloud migration strategy and zero trust designs.
- Operating with federated protocols internally facilitates M&A and divestiture activities.
I found both platforms compelling from an ease of use and user experience perspective. The decider for me was cost driven as I had already used Ping to drive a self-service transformation in a prior organization, and I intended to do the same at this one. Okta had issues with the last mile connectivity for many applications (particularly legacy) that Ping already had solutions for.
Do you think PingOne from Ping Identity delivers good value for the price?
Yes
Are you happy with PingOne from Ping Identity's feature set?
Yes
Did PingOne from Ping Identity live up to sales and marketing promises?
Yes
Did implementation of PingOne from Ping Identity go as expected?
Yes
Would you buy PingOne from Ping Identity again?
Yes
Comments
Please log in to join the conversation