PingAccess 101 presents a next-generation solution for mobile, web, and API access management, designed to enhance security and streamline OAuth integration. It offers centralized control of access policies and session management, utilizing advanced authentication methods and flexible integration options. The document outlines the platform's architecture, features, and historical development timeline, highlighting its unique capabilities in access management.

1. PINGACCESS 101
Scott Tomilson – Technical Product Manager
John DaSilva – Technical Training

2. Web Access Management
How did we get here …

7. Web Access Management – circa 2000
• Designed for Web applications
• Agent focused architectures
• Single Organization Focus
– Federation Standards support as “Add-on”
• API Protection for SOAP Web ServicesBuilt for 2000

9. PingAccess 101
a next generation mobile, web and API
access management solution

10. What can you do with PingAccess?
• Securely expose Web apps and APIs externally
• Ease OAuth integration with APIs
• Centralize URL level access control policies
• Centrally manage Web Sessions
• Audit access to everything

11. What Makes PingAccess Unique ?
Centralized
Web & API
Control
Lightweight
Open
Standards
Powerful
Migration
Strategies
Identity
Auditing

12. PingAccess 101

13. PingAccess 101 – Architecture

14. Front-end Security
• Web
– JWT Session Cookies
– 3rd Party WAM Tokens
• API
– OAuth 2.0 Access Tokens

15. Access Control
• URL & Pattern associated policies
– Application and Resource level
• Available Rules
– Authentication Requirements
– Identity Attributes (RBAC & ABAC)
– OAuth Token Scope
– HTTP Request Information
– Time of Day
– IP Address
– Scripting (Groovy)
– Custom (Add-on SDK)

16. Confidential — do not distribute
• HTTP Header Injection
• Mutual TLS
• HTTP Basic
• OpenToken
• 3rd Party WAM Tokens
• Custom (Add-on SDK)
Unparalleled Flexibility
Application Integration - Gateway
Copyright © 2014 Ping Identity Corp.All rights reserved. 16

17. Confidential — do not distribute
• HTTP Header Injection
• Web Server Agents
– IIS
– Apache
• Open Agent Protocol
– Enables partners &
customers
Lightweight & Focused
Application Integration - Agents
Copyright © 2014 Ping Identity Corp.All rights reserved. 17

18. Administration
Beautiful, design focused administration console

19. Administration
Backed by developer friendly REST APIs

20. • Security Hardened
• Performance Engineered
• Built-in Clustering
• Session Management that
scales securely
– Client-side Tracking
– Server-side Session
Revocation Lists
Production Ready
Resilient & Scalable

21. • Heartbeat Endpoint
• Complete Audit trail for:
– Resource Access
– Policy Enforcement
– Administrative Actions
– Splunk/DB/.log storage
• Capacity Planning:
– Response Time Metrics
– Performance Guides
Options
Monitoring & Auditing

22. PingAccess – How we got here …
April ‘13 September ‘13 December ‘13 July ‘14
• Limited Release
• API Access Management
• Policy Engine
• ABAC / RBAC
• OAuth Scopes
• Request Info
• IP Address
• Time of Day
• Groovy
• OAuth Token Caching
• Initial GA Release
• Web Access Management
• OpenID Connect RP
• Token Mediation
• Clustering Improvements
• Performance Guides
• App-scoped Web Session
• Composite Site Authenticators
• Policy Engine
• Any/All Criteria
• Authentication Selection
• Step-up Authentication
• Auditing & Monitoring
Improvements
• Access Control Agents
• IIS 8.x
• Apache 2.2
• Open Policy Protocol
• Central Session Management
• Single Log Out
• Server-side Tracking
• Add-on SDK
• Administration
• Application Modeling
• Anonymous Resources
• PingFederate Configuration
• Config Backup
• TLS SNI Support
• Auditing/Logging
• Response Time
3.0
2.1
2.0
1.0

23. THANK YOU!
Scott Tomilson – stomilson@pingidentity.com
John DaSilva – jdasilva@pingidentity.com