PINGACCESS 101 Scott Tomilson – Technical Product Manager John DaSilva – Technical Training

Web Access Management

How did we get here …

Web Access Management – circa 2000

• Designed for Web applications

• Agent focused architectures

• Single Organization Focus

– Federation Standards support as “Add-on”

• API Protection for SOAP Web Services Built for 2000

PingAccess 101

a next generation mobile, web and API access management solution

What can you do with PingAccess?

• Securely expose Web apps and APIs externally

• Ease OAuth integration with APIs

• Centralize URL level access control policies

• Centrally manage Web Sessions

• Audit access to everything

What Makes PingAccess Unique ?

Centralized Web & API

Control

Lightweight

Open Standards

Powerful Migration Strategies

Identity Auditing

PingAccess 101

PingAccess 101 – Architecture

Front-end Security

•  Web –  JWT Session Cookies –  3rd Party WAM Tokens

•  API –  OAuth 2.0 Access Tokens

Access Control •  URL & Pattern associated policies

–  Application and Resource level

•  Available Rules

–  Authentication Requirements

–  Identity Attributes (RBAC & ABAC)

–  OAuth Token Scope

–  HTTP Request Information

–  Time of Day

–  IP Address

–  Scripting (Groovy)

–  Custom (Add-on SDK)

Confidential — do not distribute

•  HTTP Header Injection

• Mutual TLS

•  HTTP Basic

•  OpenToken

•  3rd Party WAM Tokens

•  Custom (Add-on SDK)

Unparalleled Flexibility

Application Integration - Gateway

Copyright © 2014 Ping Identity Corp. All rights reserved. 16

Confidential — do not distribute

•  HTTP Header Injection

• Web Server Agents

–  IIS

–  Apache

•  Open Agent Protocol

–  Enables partners & customers

Lightweight & Focused

Application Integration - Agents

Copyright © 2014 Ping Identity Corp. All rights reserved. 17

Administration

Beautiful, design focused administration console

Administration

Backed by developer friendly REST APIs

•  Security Hardened

•  Performance Engineered

•  Built-in Clustering

•  Session Management that scales securely

–  Client-side Tracking

–  Server-side Session Revocation Lists

Production Ready

Resilient & Scalable

•  Heartbeat Endpoint

•  Complete Audit trail for:

–  Resource Access

–  Policy Enforcement

–  Administrative Actions

–  Splunk/DB/.log storage

•  Capacity Planning:

–  Response Time Metrics

–  Performance Guides

Options

Monitoring & Auditing

PingAccess – How we got here … April ‘13 September ‘13 December ‘13 July ‘14

•  Limited Release

•  API Access Management

•  Policy Engine

•  ABAC / RBAC •  OAuth Scopes

•  Request Info •  IP Address •  Time of Day •  Groovy

•  OAuth Token Caching

•  Initial GA Release

•  Web Access Management

•  OpenID Connect RP

•  Token Mediation

•  Clustering Improvements

•  Performance Guides

•  App-scoped Web Session

•  Composite Site Authenticators

•  Policy Engine

•  Any/All Criteria •  Authentication Selection

•  Step-up Authentication •  Auditing & Monitoring

Improvements

•  Access Control Agents

•  IIS 8.x •  Apache 2.2 •  Open Policy Protocol

•  Central Session Management

•  Single Log Out •  Server-side Tracking

•  Add-on SDK

•  Administration

•  Application Modeling •  Anonymous Resources

•  PingFederate Configuration •  Config Backup

•  TLS SNI Support

•  Auditing/Logging

•  Response Time

3.0  2.1  2.0  1.0  

THANK YOU!

Scott Tomilson – stomilson@pingidentity.com John DaSilva – jdasilva@pingidentity.com