1 Introduction
PingIdentity, founded in 2002, has grown to be a major vendor of identity management solutions, both for on-premise and cloud deployment. PingFederate is the company’s best-known product, which brought identity federation capabilities to thousands of customers. PingIdentity was acquired by Vista Equity in June of 2016, and subsequently acquired UnboundID in August 2016, adding robust directory, Consumer Identity & Access Management (CIAM), and complementing Ping Identity’s PingOne Directory Identity-as-a-Service (IDaaS) capabilities.
Directory services are the foundation of Identity and Access Management (IAM) systems. All basic and advanced IAM capabilities depend upon user information repositories, aka directories. Directories contain user identifiers and a variety of attributes, such as organization, organizational unit, location, country, nationality, and all the groups that are used to denote which collections of users should get access to specific resources.
Directories have evolved considerably from the x.500 days. Lightweight Directory Access Protocol (LDAP) has been the standard for many years. Microsoft’s Active Directory (AD) is an enhanced implementation of LDAP. SQL databases are also sometimes used as user attribute repositories. In recent years, NoSQL databases, e.g. MongoDB, are utilized to collect non-standard and sometimes unstructured types of user information.
Many enterprises have deployed virtual directory solutions to provide unified and scoped views into user data across multiple data stores. For example, virtual directories may aggregate user data from more than one LDAP service, SQL databases, and NoSQL data stores. These virtual directories serve as a front-end to calling applications, to deliver a layer of abstraction making it easier for application developers to create more scalable programs and allowing administrators to mask the complexity of underlying identity repositories.
As more services moved to the Cloud, it seems natural that identity services would be offered as a Cloud service by specialists as well. Cloud IAM systems have transitioned from being identity services for SaaS applications to providing full Identity as a Service (IDaaS) solutions for customers.
Traditional workforce IAM has leveraged the functionality of LDAP and AD repositories to build resilient WAM, SSO, and federation infrastructures for decades. In the last few years, as customer IAM has arisen as a specialty, thus the need for scaling IAM has expanded considerably. Whereas workforce IAM systems typically work well for hundreds of thousands of users, CIAM requires reliable service to support hundreds of millions of users.
The UnboundID acquisition gives PingIdentity a highly scalable and advanced directory service, PingDirectory. PingDirectory is a strong, feature-rich directory service capable of world-class performance, with the ability to create unified identities from LDAP, AD, RDBMS, MDM, or other disparate sources, for both workforce and customer IAM environments.