CIS14: PingAccess 101

1,193 views

Published on

John DaSilva, Ping Identity
Scott Tomlinson, Ping Identity

A detailed overview of PingAccess, giving you insight into Ping Identity’s next-generation web access management solution to solve your access management challenges.

Published in: Technology
0 Comments
3 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
1,193
On SlideShare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
44
Comments
0
Likes
3
Embeds 0
No embeds

No notes for slide

CIS14: PingAccess 101

  1. 1. PINGACCESS 101 Scott Tomilson – Technical Product Manager John DaSilva – Technical Training
  2. 2. Web Access Management How did we get here …
  3. 3. Web Access Management – circa 2000 • Designed for Web applications • Agent focused architectures • Single Organization Focus – Federation Standards support as “Add-on” • API Protection for SOAP Web ServicesBuilt for 2000
  4. 4. PingAccess 101 a next generation mobile, web and API access management solution
  5. 5. What can you do with PingAccess? • Securely expose Web apps and APIs externally • Ease OAuth integration with APIs • Centralize URL level access control policies • Centrally manage Web Sessions • Audit access to everything
  6. 6. What Makes PingAccess Unique ? Centralized Web & API Control Lightweight Open Standards Powerful Migration Strategies Identity Auditing
  7. 7. PingAccess 101
  8. 8. PingAccess 101 – Architecture
  9. 9. Front-end Security •  Web –  JWT Session Cookies –  3rd Party WAM Tokens •  API –  OAuth 2.0 Access Tokens
  10. 10. Access Control •  URL & Pattern associated policies –  Application and Resource level •  Available Rules –  Authentication Requirements –  Identity Attributes (RBAC & ABAC) –  OAuth Token Scope –  HTTP Request Information –  Time of Day –  IP Address –  Scripting (Groovy) –  Custom (Add-on SDK)
  11. 11. Confidential — do not distribute •  HTTP Header Injection •  Mutual TLS •  HTTP Basic •  OpenToken •  3rd Party WAM Tokens •  Custom (Add-on SDK) Unparalleled Flexibility Application Integration - Gateway Copyright © 2014 Ping Identity Corp.All rights reserved. 16
  12. 12. Confidential — do not distribute •  HTTP Header Injection •  Web Server Agents –  IIS –  Apache •  Open Agent Protocol –  Enables partners & customers Lightweight & Focused Application Integration - Agents Copyright © 2014 Ping Identity Corp.All rights reserved. 17
  13. 13. Administration Beautiful, design focused administration console
  14. 14. Administration Backed by developer friendly REST APIs
  15. 15. •  Security Hardened •  Performance Engineered •  Built-in Clustering •  Session Management that scales securely –  Client-side Tracking –  Server-side Session Revocation Lists Production Ready Resilient & Scalable
  16. 16. •  Heartbeat Endpoint •  Complete Audit trail for: –  Resource Access –  Policy Enforcement –  Administrative Actions –  Splunk/DB/.log storage •  Capacity Planning: –  Response Time Metrics –  Performance Guides Options Monitoring & Auditing
  17. 17. PingAccess – How we got here … April ‘13 September ‘13 December ‘13 July ‘14 •  Limited Release •  API Access Management •  Policy Engine •  ABAC / RBAC •  OAuth Scopes •  Request Info •  IP Address •  Time of Day •  Groovy •  OAuth Token Caching •  Initial GA Release •  Web Access Management •  OpenID Connect RP •  Token Mediation •  Clustering Improvements •  Performance Guides •  App-scoped Web Session •  Composite Site Authenticators •  Policy Engine •  Any/All Criteria •  Authentication Selection •  Step-up Authentication •  Auditing & Monitoring Improvements •  Access Control Agents •  IIS 8.x •  Apache 2.2 •  Open Policy Protocol •  Central Session Management •  Single Log Out •  Server-side Tracking •  Add-on SDK •  Administration •  Application Modeling •  Anonymous Resources •  PingFederate Configuration •  Config Backup •  TLS SNI Support •  Auditing/Logging •  Response Time 3.0  2.1  2.0  1.0  
  18. 18. THANK YOU! Scott Tomilson – stomilson@pingidentity.com John DaSilva – jdasilva@pingidentity.com

×