Ping Identity Blog

Ping Globe Trotters

2008-08-08T11:39:38Z

PingIdentians are spreading out all over the globe.

Jackson Shaw review of the SSO Summit

2008-08-08T09:06:35Z

Jackson Shaw of Quest Software literally climbed mountains to attend the SSO Summit in Keystone this year. He does a nice job with a review of the event on his blog. Participation by companies such as Quest Software, and their customers is critical to the success of any industry event, so I really appreciate both his participation and his kind words.

I especially appreciated these comments.

"All of the presentations on Day 2 were awesome and I must say I especially liked the customer presentations and the fact there were a lot of customers presenting. To me, this makes it all worthwhile.

and

"p.s. I'll be back next year!"

Time's fun when you're having flies

2008-08-06T21:48:42Z

It's been 6 years since Ping Identity was started with my old friends, Bryan Field-Elliot, Eric Norlin (now Defrag) and an investment from Phil Becker. I just discovered this photo tonight. I didn't even remember it existed. Gosh I look young here. The photo is of the first $100k that started Ping Identity. A lot of water, coffee, sweat, tears and good times have since passed under this bridge.

Mr. X Kudo's for Ping Support

2008-08-06T11:07:34Z

I've received a number of unsolicited customer kudo's recently. In my experience, people are quick to call out the mistakes, but rarely if ever go out of their way to tell you your doing something right. Which makes the below email that much more special. I've changed the gentleman's name and company to avoid needing corporate approval to reproduce the email.

-------

My name is and I am part of the Global IT Security team at . I wanted to write and let you know about the outstanding service provided to us recently by Mark in your support group.

We are currently working on a project to enable SSO between and a partner that is hosting a web application for us. Some technical issues were encountered in trying to get the authentication via SAML to work correctly, and we were up against a deadline to start UAT testing for the implementation. Dealing the technical staff from the web application provider was very difficult. They seemed to be over their heads in trying to make things work and were withdrawing into a very defensive posture as the troubleshooting progressed and signs were pointing to an issue on their end. It was a difficult situation.

However, I wanted to let you know what a great job Mark did for us. He was very helpful in providing troubleshooting assistance while we were trying to determine what the issues were. He was a wealth of knowledge for us, not only in dealing with the PingFederate product and our implementation, but also regarding SAML in general. Even as it was clear that the problem was on the web application provider's end, Mark still made himself available to us for whatever we needed. It was frustrating for all of us (including Mark), but he did a great job supporting us.

Many vendors would have walked away from the issue once it was clear that the problem lay elsewhere. Mark did not. He knew that we needed help, and he did all that he could to help us lead the application vendor where they needed to go to get things working. He went above and beyond for , and I greatly appreciate his efforts. I just wanted to make sure that you were aware of the outstanding service that he has provided to us.

Regards, 

Mr X., CISSP, CISA
Associate Director, Global IT Security

Ping's Shiny New Digs - Waltham Boston

2008-08-06T10:59:14Z

Ping has new offices in Boston. Our shiny new digs are now at 1000 Winter Street.

A change, especially up, is always nice, but I miss the days when Ping fit neatly into a single 10x10 office across the kitchen from my old Jabber offices 6 years ago.

Dave Kearns (Network World) on the SSO Summit

2008-08-04T13:30:34Z

I pulled a few quotes from a post Dave Kearns made this morning on his experiences surrounding the SSO Summit.

"The attendance was small (a little over 100 attendees), but most were security and/or IT managers, execs and implementers from fairly large organizations. And all were willing to share their own experiences, and their questions, about the right path to take and the right reasons to take it for reducing the number of authentication points a user needed to see during the course of the business day."

"I did hear that some people had trouble getting their finance departments to sign off on a conference held at a ski resort, but I'll guarantee that no one went skiing. This was no junket, but a valuable learning experience."

"I should mention that the audience was very international – not usual for a “first annual” conference. I spoke with attendees from all over the U.S., Canada, the U.K., France, Germany, Australia, New Zealand and Brazil. The issues surrounding SSO, federation, governance, security, audit and other aspects of authentication are universal – the reasons why things are done (varying compliance issues, for example) differ but the mechanics of doing it are the same the whole world over."

We had a great time, and really appreciated you coming Dave!

SSO Summit Wrap Up

2008-07-31T13:31:15Z

I was preparing to write up my SSO Summit experience when I was alerted to the below blog post. Christopher does a better job than I would have. Thank you!

Summary --

Full disclosure: I'm just a medium-sized hospital's IT security guy. I've had Imprivata's ESSO appliance (three of them actually, a pair of HA, and a test box) up and running, happily, for about three years. I was invited by Imprivata and Ping Identity to participate in a panel discussion at the SSO Summit held in Keystone, CO, on July 23-25 - www.ssosummit.com).

Andre Durand (Ping Identity) and friends put on a very nice event. There was a good blend of topics, from SSO-centric details, to Federation issues, and a mixture of interesting case studies to visionary presenters like John Haggard (independent security consultant and long-time IT mentor) and Gunnar Peterson (Arctec Group). The event was solid throughout, but to hear John and Gunnar speak about the important issues of the past and future of SSO and IT/Web security, made the event a powerful experience not to be missed.

The conference was well balanced with interesting case studies-GM, Chrysler and 3M were fascinating-vendor technologies-Covisint, Ping Identity and Coreblox-and breakout sessions. Normally, I don't find much value in breakout sessions, they tend to be space fillers and socializing sessions, but not here. I was impressed by the topic-centered groups, I think there were seven or eight for each round, in that they addressed real and interesting questions. I had difficulty choosing which to sit in on. Fortunately, we pulled together at the end of each session to share the highlights from each group. Even though there were a number of new-to-SSO attendees, the depth and breadth of collaboration within the small groups was impressive. I'm a slow note-taker, so I am anxiously awaiting the digital copies of the presentations and breakout session summaries.

The customer discussion panel that I participated in, with Steve Craige, VP, Bank of the West, and Michael Thomason, Chief Technical Architect, Emory Healthcare, was a good way to contrast how the three of us choose our SSO partners, what our challenges were, and what we learned about ourselves, our organizations and our vendors, in the process.

The "take-away" value from the SSO Summit has been transformative. Now, all I have to do is transfer this experience to my IT security peers and the security architects within ACS, and hope that I do justice to the experts who shared their insight and knowledge with us.

Wish you could have been there. I hope to return again next year.

Details, if you're into that sort of thing--

The Keystone Lodge was a welcoming environment, the facilities were well kept and managed, and the staff was first rate. The weather was mild, the beetle-infested trees were disconcerting, and the ride via Colorado Mountain Express (CME) up and down from Denver International was a pleasant alternative to the rental car experience.

Pluses: Two-plus days in the high mountain air and beautiful scenery; comfortable room, and good food. A day and a half was just right for this event. Dave Kearns, Network World, who hosted the SSO customer panel, commented several times on the Burton Group Catalyst conference held in late June, in San Diego. That conference was three days of sessions, plus two days of workshops. Most people needed a vacation after that much intensity. I was in San Diego too, and I can say that the SSO Summit held its own for the quality and value of content.

Minuses: High mountain altitude made several folks not feel so well. I had a low grade headache for most of the time. I guess it's a trade-off.

Topics of interest

One might not think that SSO would be an engrossing stand-alone topic for a conference, but there was a steady and high interest level among the attendees. I have attended a few-make that several-conferences, and there is an ever present opportunity to put the masses to sleep. I was pleased to see an active engagement between the hosts, presenters and the audience.

It was evident from the presentations that SSO tools/technologies/standards have come a long way in the past few years. It was also evident that we still have a ways to go. The current state of SSO is solid, but it is conceptualized within three distinct areas, a) Enterprise, b) Federated enterprises, and c) Web-services or universal. Each of these have existing, viable technologies and vendor solutions, but the talk of universal standards is pulling all of them together-if not to share common security standards, then to share common protocol standards. There was a lot of talk about SAML (http://en.wikipedia.org/wiki/SAML ) and certificates.

The future of SSO is coming upon us quickly. The adoption of standardized federation, identity and authorization schemas is lagging behind the adoption of Web 2.0, cloud-everything and mobile-diversity technologies and service demands. Both John Haggard and Gunnar Peterson spoke emphatically to the need for "real" security to catch up with the explosion of perimeter-less networks and SaaS/SOA/cloud services. If you have a chance to hear these guys, don't miss it. Or, better yet, invite them to your nearest ITSec event; they'll knock your socks off.

Key take-aways

It helps to know that confusion is not just a personal state of mind. Everyone seems to be struggling with the many issues and challenges of finding, paying for, integrating and deploying a robust, high-availability, scalable, feature-rich and easy-to-manage SSO solution.

There is much room for maturity in the SSO marketplace. It will help when the dust settles from all the mergers and acquisitions, and when the community agrees upon common best practices, protocols, and federation schemas. As the business communities of the world migrate ever so rapidly into a webified service delivery experience, identity and access management will become ever more important. And right there at the gateway, SSO-in one form or another will be keeping guard.

When people ask me about SSO, I have tried to stress the importance of finding a really good vendor/partner (like Imprivata), because there is too much at stake when deploying an enterprise-wide SSO solution to not have a high degree of competence and wisdom behind you to guarantee success. Even if you have deployed ESSO solutions before, it helps to have expertise on your bench.

Next year's conference focus? Andre hasn't said what that will be, but if it is anything like this year's event, it will be well worth attending.

Regards,

Christopher Paidhrin HIPAA & IT Security Officer ACS HCS, Inc. for

Ping Identity Fanfare

2008-07-29T15:15:56Z

"I'm usually a 'find open source and build it' type of guy. I've been that way for nearly 10 years now. But the interactions I have had with Ping Identity on both a technical and business level have really impressed me."

"From my vantage, I'm interested in the market maturity of SSO as it emerges out of the scripting/utility phase and into a new architecture discipline. I've been closely following Ping for a number of years and suspected they might be the vendor who breaks the SSO glass ceiling. From what I could tell at the SSO Summit, my suspicions were correct."

New Windows IWA Integration Kit v2.1 - Available for Download

2008-07-23T09:27:58Z

We released a new version of our popular Windows IWA Integration Kit. This is the integration kit that allows companies to leverage their Windows authentication for use in SAML or WS-Federation single sign-on.

New features in this release include:

· Improved Kerberos/NTLM fallback authentication

· Improved NTLM support for multiple domains

· Improved logging and exception handling

· Simplified adapter configuration

· Added support for Microsoft Vista Internet Explorer 7

You can download the new kit from our website at www.pingidentity.com.

185 Internet SSO Connections! WOW

2008-07-22T12:47:15Z

One of our customers just reported that they are now at 185 connections through PingFederate and growing. That's the largest number of production SAML SSO connections to customers/partners I've heard of to date. Very impressive.

$55,000 Commission Check!!

2008-07-11T15:14:41Z

I just signed a $55k commission check to one of our partners who sold PingFederate to a customer in Europe. I love writing these checks, it's a win for everyone as far as I'm concerned.

We've got an even larger check going out to a company that did nothing more than refer us to a customer. Not a bad day's pay for what amounts to a simple referral!

Failing from the word GO

2008-07-02T11:15:36Z

At the Burton Catalyst conference last week, there was a fair amount of talk about failed provisioning and IdM projects. So much so, it prompted me to post an observation.

Many large projects fail to achieve their initial definition of success, not just IdM projects. But we appear to have more than our share of failures. If a customer doesn't take the time to understand the problem enough such that they can define a practically achievable solution, vendors will take advantage of them.

Many centralized strategies, nearly by virtue of their large and complex scope, fail to ever realize their initial definition of success. When is the last time someone defined success in a provision project to simply connecting two data-repositories? These centralized strategies are often not done until everything is centralized, and that's nearly impossible to achieve in today's large and dynamic enterprise environment.

And here is where the vendor community, especially the large suite vendors, combined with the integrator channel, exasperate the problem. If a vendors route to a customer is through an integrator who adds-value by unraveling complex products, someone who is responsible to make all the complexity work, then why would that vendor feel compelled to make their software easier to install, integrate and use? After all, they rely upon their channel partner to make it all work for them?

And if your sales organization is motivated to sell larger and larger deals, or worse yet, enterprise-wide licenses, then there is a motivation to cover more use-cases (instead of making existing ones easier to implement), and so vendors build larger and larger products, which of course are even more complex. It's all fine if someone else can make your complicated product work, but what if they can't? And when success in implementation is defined in years, what are the odds that the person responsible for starting a project is actually still around to see the project completed?

Maintaining quality and simplicity as use-cases grow is a real challenge for vendors. Maintaining achievable scope for customers is similarly challenging, but a requirement if expectations are to be met. Selecting an architectural approach which rewards quick, tactical wins on the way towards larger strategic objects can help, and that's one of the benefits of the federated identity (decentralized) approach. Customers can celebrate a win one connection at a time.

PingFederate Users Manuals - New Download Page

2008-06-23T09:21:13Z

We love being an open company, and we're constantly working to provide more value to our customers and prospects. As of this morning, all of our PingFederate and PingFederate Web Services user manuals and documentation are now available for FREE & IMMEDIATE DOWNLOAD (PDF format). Enjoy

Over 100 SaaS & BPO Providers Choose Ping!

2008-06-18T14:01:55Z

We announced today that over 100 SaaS and BPO providers have selected Ping to secure their Internet SSO requirements.

Complete Release

“Enterprises are beginning to require identity and active directory integration with their SaaS providers. Recognizing this, we've worked closely with the SaaS community to provide the identity federation and Internet single sign-on solutions their enterprise customers are demanding," said Ping Identity CEO Andre Durand. "Today, more than half of our existing SaaS customers have joined the SaaS Partner Program, further validating the use of standards and SAML as the security protocol of choice when it comes to Internet single sign-on."

We got some great quotes from our partners.

“Ping Identity allows us to meet our customers’ requirements for industry-proven SSO solutions that scale quickly and easily as their access requirements change and grow,” said Rideau Director of Infrastructure Technology Daniel Guerard. “The program aligns perfectly with our business model, creating an additional revenue stream with little to no upfront costs.”

“Joining the Ping Identity SaaS Partner Program was a no brainer,” said WageWorks Principal Architect James Yang. “Many of our customers today expect standards-based single sign-on access to work with our applications. The Ping Identity SaaS Partner Program allows us to easily provide customers with the industry’s most trusted SSO solution.”

"The Ping Identity SaaS Partner Program maps nicely to our sales model,” said Axentis CTO Dean Baumann. “The program allows us to easily provide customers with the industry’s most trusted SSO solution.”

“Partnering with Ping Identity to offer standards-based single sign-on is a win-win for PriceMetrix and our clients,” said J. Cory Weech, Vice President, Technology, CISO, PriceMetrix. “In addition to simplifying access to our ValueOne practice management toolset for investment professionals, we can also help our clients address their SSO requirements with PingFederate.”

SignOn.com now a Demo for PingFederate's "Auto-Connect"

2008-06-18T06:48:15Z

A few months back, we added PingFederate to SignOn.com, giving the service basic SAML single sign-on capabilities. One of the reasons we did this was that we wanted to make it easier for people to demonstrate Auto-Connect, a feature built into PingFederate which eliminated the need for manual SAML configuration. In the past month, we've worked to complete that demonstration, which can now be found at http://autoconnect.pingidentity.com.

Instructions

Step 1: Go to SignOn.com and create an account.

Step 2: Enable Google Apps for your account via My Account (more details here. This will give you an email address e.g. joe@signon.com.

Step 3: Go to http://autoconnect.pingidentity.com, type in your SignOn.com email address and click ‘Sign In’. You will be redirected to SignOn.com for authentication and then SSO to autoconnect.pingidentity.com.

For all the technical background, Ashish has written up full details here.