cis14: pingaccess 101
DESCRIPTION
John DaSilva, Ping Identity Scott Tomlinson, Ping Identity A detailed overview of PingAccess, giving you insight into Ping Identity’s next-generation web access management solution to solve your access management challenges.TRANSCRIPT
PINGACCESS 101 Scott Tomilson – Technical Product Manager John DaSilva – Technical Training
Web Access Management
How did we get here …
Web Access Management – circa 2000
• Designed for Web applications
• Agent focused architectures
• Single Organization Focus
– Federation Standards support as “Add-on”
• API Protection for SOAP Web Services Built for 2000
PingAccess 101
a next generation mobile, web and API access management solution
What can you do with PingAccess?
• Securely expose Web apps and APIs externally
• Ease OAuth integration with APIs
• Centralize URL level access control policies
• Centrally manage Web Sessions
• Audit access to everything
What Makes PingAccess Unique ?
Centralized Web & API
Control
Lightweight
Open Standards
Powerful Migration Strategies
Identity Auditing
PingAccess 101
PingAccess 101 – Architecture
Front-end Security
• Web – JWT Session Cookies – 3rd Party WAM Tokens
• API – OAuth 2.0 Access Tokens
Access Control • URL & Pattern associated policies
– Application and Resource level
• Available Rules
– Authentication Requirements
– Identity Attributes (RBAC & ABAC)
– OAuth Token Scope
– HTTP Request Information
– Time of Day
– IP Address
– Scripting (Groovy)
– Custom (Add-on SDK)
Confidential — do not distribute
• HTTP Header Injection
• Mutual TLS
• HTTP Basic
• OpenToken
• 3rd Party WAM Tokens
• Custom (Add-on SDK)
Unparalleled Flexibility
Application Integration - Gateway
Copyright © 2014 Ping Identity Corp. All rights reserved. 16
Confidential — do not distribute
• HTTP Header Injection
• Web Server Agents
– IIS
– Apache
• Open Agent Protocol
– Enables partners & customers
Lightweight & Focused
Application Integration - Agents
Copyright © 2014 Ping Identity Corp. All rights reserved. 17
Administration
Beautiful, design focused administration console
Administration
Backed by developer friendly REST APIs
• Security Hardened
• Performance Engineered
• Built-in Clustering
• Session Management that scales securely
– Client-side Tracking
– Server-side Session Revocation Lists
Production Ready
Resilient & Scalable
• Heartbeat Endpoint
• Complete Audit trail for:
– Resource Access
– Policy Enforcement
– Administrative Actions
– Splunk/DB/.log storage
• Capacity Planning:
– Response Time Metrics
– Performance Guides
Options
Monitoring & Auditing
PingAccess – How we got here … April ‘13 September ‘13 December ‘13 July ‘14
• Limited Release
• API Access Management
• Policy Engine
• ABAC / RBAC • OAuth Scopes
• Request Info • IP Address • Time of Day • Groovy
• OAuth Token Caching
• Initial GA Release
• Web Access Management
• OpenID Connect RP
• Token Mediation
• Clustering Improvements
• Performance Guides
• App-scoped Web Session
• Composite Site Authenticators
• Policy Engine
• Any/All Criteria • Authentication Selection
• Step-up Authentication • Auditing & Monitoring
Improvements
• Access Control Agents
• IIS 8.x • Apache 2.2 • Open Policy Protocol
• Central Session Management
• Single Log Out • Server-side Tracking
• Add-on SDK
• Administration
• Application Modeling • Anonymous Resources
• PingFederate Configuration • Config Backup
• TLS SNI Support
• Auditing/Logging
• Response Time
3.0 2.1 2.0 1.0
THANK YOU!
Scott Tomilson – [email protected] John DaSilva – [email protected]