Stephen Shoaff

Ping Identity, the provider of Identity Defined Security, announces updates to its multi-factor authentication (MFA) solution, PingID, providing new methods to mitigate risk and strengthen security for enterprises. PingID’s new features include ways to evaluate user and device risk before access is granted, as well as support for Fast Identity Online (FIDO) standards to increase resistance to advanced phishing attacks. With phishing resistant and user-friendly authentication methods—including biometric authenticators, such as facial recognition and fingerprint matching—enterprises are able to create policies to enforce MFA only when warranted by an increased level of risk. Risk-Based security Risk-based security is especially critical to maintain employee productivity Verizon’s 2019 Data Breach Investigations Report found that 32% of breaches involved phishing and 29% of breaches involved the use of stolen credentials. For this reason, enterprises can benefit from an MFA solution that evaluates user and device risk to provide an extra layer of protection against phished and stolen credentials. Risk-based security is especially critical to maintain employee productivity and seamless online customer experiences. As a result, MFA has become more highly recommended by security frameworks like Zero Trust, those promoted by the National Institute of Standards and Technology and the International Organization for Standardization, as well as regulations like the PCI Data Security Standard. Leveraging facial recognition PingID further improves the balance of security and convenience provided to end users through multi-factor authentication as follows: Generally available in the next month, PingID support for Windows Hello and Mac Touch ID will support FIDO-compliant authentication methods. This will help users leveraging facial recognition and fingerprint matching on their devices. These capabilities help to securely access web applications that have implemented the FIDO standard. Additionally, PingID integration with FIDO-compliant security keys, such as Yubikeys, can be leveraged for web authentication and Windows login. Becoming generally available in the same time period, hardware OATH compliant tokens will be able to be used as an authentication factor when users are unable to use a mobile device. Virtual private network PingID will have the ability to support a quick and easy way to implement MFA PingID can now configure the number of attempts consumers logging in to a provider’s website have to enter a one-time passcode (delivered by SMS or Email), as well as set the amount of time they are locked out of their accounts if failing to provide the right one-time passcode. Additionally, generally available in the next month, PingID will have the ability to support a quick and easy way to implement MFA for Virtual Private Network access when users are working remotely, simplifying deployment of MFA for enterprise administrators. Corporate Resources PingID is now offering features in private preview that evaluate the location where a user requests access to corporate resources, and compares it to the location of the previous request. If the distance between the two geographies exceeds the threshold of what is possible by human travel, access can be automatically denied. Also in private preview, PingID assesses the reputation of the IP address from which a user requests access. Organizations can mandate specific MFA methods when the malicious activity-based risk score associated with an IP address exceeds a certain benchmark. Multi-Factor authentication Hackers are evolving their tactics to access accounts and steal data every single day" “Hackers are evolving their tactics to access accounts and steal data every single day, and it’s our responsibility as an enterprise security provider to come up with innovative and reliable ways to assess risk before access is granted, and block access when warranted,” said Steve Shoaff, chief product officer, Ping Identity. “PingID is a core product that enterprises have been using for years, and its new features make it stronger and smarter than ever.” Organizations interested in securing their enterprise with multi-factor authentication can sign up for a free trial of PingID. Also, be sure to check out the blog titled ‘Five Preventable Breaches Make the Case for MFA Everywhere’ to learn more about attacks that can be prevented with multi-factor authentication.

Ping Identity, the pioneer in Identity Defined Security, announced a significant update to PingOne for Customers, the cloud-delivered Identity-as-a-Service (IDaaS) offering built for developers. The API-first solution can now deliver seamless and secure push notifications from custom mobile applications that can be used for passwordless and advanced multi-factor authentication. The cloud identity solution helps development teams speed time to launch their applications, while also taking security concerns off their plates and letting them maintain customization and control over their user experiences. This release marks another milestone for PingOne for Customers that makes embedding secure identity services— login, registration, multi-factor authentication and others — into applications easier than ever. Application developers using PingOne for Customers can now: Convenient and secure authentication factor These push notifications are a more convenient and secure authentication factor than SMS or email OTPsPingOne for Customers is now equipped with a mobile SDK that allows development teams to send push notifications to custom mobile applications for multi-factor authentication (MFA). These push notifications are a more convenient and secure authentication factor than SMS or email one-time passwords (OTPs). Push notifications to custom mobile apps also can be used to achieve strong passwordless authentication, allowing consumers to skip using a password entirely. Social login through different methods PingOne for Customers now has authentication APIs for social login and registration with Facebook. Application teams can add one-click registration and login into their user interfaces in any manner they see fit. They can embed a social login button or link in a hidden dropdown, or lead users directly to it if it’s the method of login they prefer their consumers to use. Social login — like other elements of PingOne for Customers’ authentication APIs — gives development teams full control over their consumer authentication experiences. Login using SAML identity providers PingOne for Customers can now accept inbound SAML assertions and support just-in-time provisioning. This capability helps enable enterprises to route all customer logins through a single sign-on (SSO) experience. This allows enterprises to achieve federated SSO across their entire application portfolio and connect to their largest customers, thus enabling their customers to reuse their existing identities without worrying about tedious onboarding and identity management tasks. Storing data in an EU data Center This helps ensure compliance with data sovereignty and regulations such as GDPRThe solution has added a dedicated data center in the European Union, giving enterprises confidence that user data added to the EU data center is completely isolated from users living in other parts of the world. This helps ensure compliance with data sovereignty and regulations such as GDPR, which restricts the allowance of EU citizens’ personal data being sent out of the EU.  Securely getting identity into applications “When PingOne for Customers launched, it took a huge step forward in allowing development teams within large enterprises to quickly and securely get identity into their applications,” said Steve Shoaff, chief product officer, Ping Identity. “This latest release builds on that ease-of-use. It drastically expands the use cases PingOne for Customers can support and enhances critical features that allow development teams to build secure experiences to really wow their consumers.”

Ping Identity, the provider of Identity Defined Security, announced the public preview of PingOne for Customers. The cloud-based Identity as a Service (IDaaS) offering is built for the developer community and provides API-based identity services for customer-facing applications. It can help large enterprises launch apps faster, replace custom identity services that are difficult to maintain, and facilitate the transition from on-premises deployments to cloud-hosted services. By making it easy to securely authenticate end users, PingOne for Customers frees up developers’ time to focus on delivering business value faster. PingOne for Customers is designed to make it faster and easier to embed registration, login, profile management, multi-factor authentication (MFA) and other cloud-based identity services directly into customer-facing applications. The solution offers developer-friendly APIs, extensive documentation, and a dedicated community to help ensure ease of use as developer teams get up and running. PingOne for Customers includes broad support for identity standards such as OAuth, OpenID Connect, and SAML Support For Identity Standards Organizations are embarking on a broader range of cloud-first digital business initiatives yet struggle with the integration and support of new cloud and SaaS offerings with their existing identity infrastructures. PingOne for Customers addresses these needs and includes broad support for identity standards such as OAuth, OpenID Connect, and SAML. It also offers hybrid IT capabilities, delegated administration, and addresses other enterprise requirements at the onset to provide diverse implementation and deployment options. Integrations across the broader Ping Intelligent Identity Platform will help current enterprise customers maintain a seamless path to the Cloud. Integrating Identity And Access Management Services “The developer community wants to build applications and just leverage a service for securing login and registration, versus creating the capabilities themselves in their app,” said Steve Shoaff, chief product officer, Ping Identity. Speed time to market by leveraging the APIs in PingOne for Customers to embed identity services directly into an application “PingOne for Customers saves time and valuable resources by greatly simplifying how developers integrate identity and access management services into their application development process. By providing easy to integrate identity services, developers can focus on other high-value work and their enterprise customers can rest assured their applications are secure.” Capabilities And Benefits Of PingOne PingOne for Customers provides the following additional capabilities and benefits: Flexible application integration: Speed time to market by leveraging the APIs in PingOne for Customers to embed identity services directly into an application. Tenant-in-tenant architecture: Create multiple development, staging and production environments for apps to support DevOps, agile development and delegated administration. Secure and reliable CIAM platform in the cloud: With support for identity standards (OAuth, OpenID Connect, and SAML), a cloud-based MFA solution, a secure place to store users in the cloud, centralized policies and authentication flows, and much more. IDaaS to on-premises: Connect with existing on-premises infrastructure to provide access management, single sign-on, and data synchronization across hybrid IT environments. According to Forrester Research, "The IDaaS model provides a much faster deployment model by eliminating the need for security and risk pros to purchase and deploy." PingOne for Customers is now available for public preview. Stop by the Ping Identity booth #324 at the Gartner IAM Summit taking place in Las Vegas this week to learn more about the offering.