CIS14: PingOne IDaaS: What You Need to Know

PINGONE IDAAS: What You Need to Know

Ian Jaffe Email: [email protected]

Copyright © 2014 Ping Identity Corp. All rights reserved. 2

OVERVIEW PingOne Service

Confidential — do not distribute Copyright © 2014 Ping Identity Corp. All rights reserved. 3

What is PingOne?


• Cloud-based SSO Solution

• Secure with certificate trust

• Built on standards (SAML)

• Federated and Basic Apps

• Quick to deploy

• Optimized for any device

What are the various versions of PingOne?


•  Employee SSO PingOne for Groups – Free Offering

•  Desktop and Mobile •  Basic SSO and SAML •  Cloud Directory •  Web/Email Support •  Limited to 5 Applications

PingOne for Enterprise

•  Adds AD Connect Capability •  Multi-Factor Authentication •  Provisioning •  24x7x365 Support (email, phone & web) •  Adds On-Premise Identity Store Integration

(AD/LDAP/DB, WAM) •  Adaptive Authentication


What are the various versions of PingOne?

•  PingOne SSO For SaaS Apps – SAML enable your applications – Single connection to PingOne for all your customers

– REST-based API and source code available – Supports both private and public applications


More to Know about PingOne for Groups

•  Supports SSO to virtually any application –  Basic SSO for apps with a username and password –  Federated SSO for standards based SSO using SAML

•  1,000’s of applications via the PingOne app catalog –  Other applications can be added manually

•  Authentication Policy Support •  Autostart Application Functionality


How does the Cloud User Store work?

•  Web based administration screens – Manually create users – Bulk load via CSV in PingOne for Enterprise

– Attribute mapping depends on the available attributes •  Search through user list

What does the PingOne infrastructure look like?


•  Deployment/Infrastructure – Composed of many different services and subsystems – Three primary data centers in the US

– 24/7/365 Supervision. 99.9% uptime – All data centers are SOC II compliant – Detailed logging and monitoring

http://uptime.pingidentity.com/ https://status.pingidentity.com/ https://www.pingone.com/security

What can be found in the App Catalog?


•  Application Catalog – Self-Service Configuration and Management – Hundreds of SAML Applications

– Over 1,000 Additional Basic SSO Applications – Through a SaaS SSO Account after SAML enabling and

integrating an application it can be added to the catalog

How does AD Connect with IIS work?


•  AD Connect with IIS – Authentication Utility – Leverages Active Directory – Uses the SAML Standard

– Provisioning Capability – “Point, Click and Configure” Deployment

Requirements: Windows 2008 R2 or Windows 2008 R1 - 32-bit and 64-bit or Windows 2012 Processor: Single processor with 1.4 GHz (x64 processor) or 1.3GHz (Dual Core) Memory: 1024 MB RAM

How does AD Connect work?


•  AD Connect (AD Agent) –  Does not require IIS – No need for certificates –  Ping-managed High Availability –  Provides Delegated Authentication Capability –  Receives Authentication Requests, Validates Credentials, and

Sends User Attributes – Option in the AD Connect Installer

What other IdPs are Supported?


•  PingFederate – 80 integration kits. Connect to any identity store and application, on-premise and cloud

•  Cloud User Store – Built into PingOne •  Salesforce as an IdP – Use Salesforce’s Identity Info •  Google as an IdP – Use Google’s Identity Via OpenID •  Other Third-Party Options – ADFS, Any SAML Solution

What about Provisioning?


• Provisioning

– Many applications are supported via their Provisioning APIs

– Works with both AD Connect and PingFederate

–  Provides one convenient + central location to manage users

–  Supports multiple domains/forests and child domains

Exercise One: Joining PingOne For Groups


•  https://www.pingidentity.com/en/products/pingone/sign-up-free.html

•  Get your welcome e-mail and click ‘Activate’

•  Fill in profile information including a password. Logo is optional.

•  Click ‘Create Account’ and select four applications for your desktop

•  Click ‘Next’ and Install the Browser Plugin

•  Define a privacy key. These applications are Basic SSO so let’s try out the functionality

Exercise Two: Utilizing Basic SSO


•  From the CloudDesktop, select an application

•  Follow the CloudDesktop extension prompts and click ‘Save’

•  Logout of this Application

•  Return to the portal and click the Application Link (Credentials replayed at this point)

•  Return once again and select ‘Customize’

•  Select ‘Manage Application Passwords’ and view Application info

Exercise Three: Train your own Basic SSO app


•  Login to the PingOne Administrative Console

•  Click ‘Applications’ and click ‘Add Application’, ‘New Basic SSO’

•  Click the ‘Begin’ button and specify URL to train

•  Follow the steps including selecting Username + Password fields

•  Optionally add images for logo and icon and select ‘Save’

Exercise Four: Mobile Access


•  The PingOne mobile application works for both SAML + Basic SSO

• Download the app from either iOS App or Android Play Store

•  Launch the App and enter your Company ID

•  Enter login credentials

•  Select the app of your choice here that is configured for Basic SSO

Any Questions?


CIS14: PingOne IDaaS: What You Need to Know

Technology

Transcript of CIS14: PingOne IDaaS: What You Need to Know