Ping Flashcards
What is orchestration?
A service that can put all applications and services together in a desired flow.
Automated workflows for different identity workflows.
Orchestration Before?
Siloed apps and identity systems are impossible to tie into a seamless flow.
Orchestration After?
Easily deliver user journeys across any vendor and any service in one canvas.
How can orchestration improve Business Agility?
Reduce integrations and time/money. Time is limited. Get more done in less time.
How can orchestration improve customer experience and engagement?
3
1) Drive engagement with better customer experience.
2) Drive revenue.
3) Build faster than competition.
Key question to ask?
Orchestration
What would your ideal user experience look like?
How can orchestration increase revenue?
6
1) # of customers
2) Improve Abandoment Metrics
3) RPU
4) Customer Engagement (time/visits)
5) Time to Market - Changes
6) # of new digital products
Orchestration vendors out there?
3
1) Strata (Strong Microsoft Relationship - Identity Orchestration built for teams that need modern security for multi-cloud.
2) Jumio (The KYX Platform lets you orchestrate the controls and assurances you need to instill trust in your online channels, meet AML/KYC compliance and fight fraud and financial crime.
3) Alloy Alloy is the global Identity Decisioning Platform that helps banks and fintech companies automate their decisions for onboarding, transaction monitoring and credit underwriting.)
How can orchestration improve operating expense?
7
1) Development Costs
2) Recurring maintenance costs related to customer experience changes
3) Compliance expenditures and fines
4) Security expenditures and fines
5) Customer privacy and trust expenditures and losses
6) Time between IAM team and digital team.
7) Call center costs
What are the 3 why’s?
3
1) Why change?
2) Why now?
3) Why Ping?
Name a BPO orchestration provider.
ServiceNow
*can orchestrate IAM use cases as well
How does Ping reach across digital transformation efforts?
3
1) Do it yourself Cloud
2) Hosted Privat Cloud
3) Identity-as-a-Service
Ping Major Competitors?
5
1) ForgeRock
2) Okta
3) Auth0
4) Transmit
5) Microsoft
What is least privilige?
Limits users’ access rights to only what are required to do their jobs.
What is Zero Trust?
1) Its where trust is constantly evaluated and reasserted.
Adaptive Authentication
Before?
Inconsistent authentication policies, password sprawl, MFA fatigue.
Adaptive Authentication
After Ping?
Consistent central authentication & SSO that intelligentily steps up based on risk signals.
Dynamic Authorization
Before?
Users being given more static, role-based access privileges than they need.
Dynamic Authorization
Before?
Users being given more static, role-based access privileges than they need.
Dynamic Authorization
Before?
Users being given more static, role-based access privileges than they need.
Dynamic Authorization
Before?
Users being given more static, role-based access privileges than they need.
Dynamic Authorization
Before?
Users being given more static, role-based access privileges than they need.
Dynamic Authorization
After Ping?
Real-time, fine-grained access that enables Zero Trust security, but is invisible to users.
1) Protect URLs
2) Filter data coming back from API requests
3) Have RBAC
4) Have ABAC
Single View of Customer
Before?
User data scattered across the enterprise, disjointed multi-channel experience.
Single View of Customer
After Ping?
A unified profile through bi-directional synchronization helps you delight users.
Account Registration & Protection
Before?
Fraudsters imprersonating legitimate users before and after account creation.
Account Registration & Protection
After Ping?
Detect fraud and add extra verification, even before a user has registered or logged in.
First Meeting Goals Building Blocks?
4
1) Which part of the user lifecycle is their focus?
2) Workflows that currenlty exist(users, directories,applications,sizes)
3) Impact
4) Business value
Workforce Identity Business Value
3
1) Productivity
2) Assets Secure
3) More Agility
Where is PingOne for Enterprise deployed?
It is cloud based.
What is PingOne for Enterprise?
1) A cloud identity platform that orchestrates adaptive authentication and access to connect employees across any application, and directory and any device.
2) Provides a centrally managed authentication authority ( A hub that provides access controls to enable seamless, consistent experiences for your workforce, while paving the way to Zero Trust.
What are the key features of PingOne for Workforce/
1) Authentication Authority
2) Orchestration that lets you design frictionless, secure employee access by integrationg all your chosen identity vendors and business apllications with workflows.
3) SSO and MFA for employees, partners and more
4) Centralized management portal
5) Single source of truth cloud directory
Business value of PingOne for Workforce?
1) SSO - frictionless, passwordless, and consistent authentication experience across all app environments.
2) Enable Zero Trust Security - limit account comprimise with MFA. Add adaptive and contextual policies to assess risk in the background to reduce login friction.
3) Keep Pase With Business Needs - rapidly onboard apps and quickly respond to business needs with centralized management, self-service and delegated authentication capabilities.
PingOne for Workforce Capabilities and Benefits
1) No-code Identity Orchestration
2) SSO
3) Adaptive Multi-Factor Authentication
4) Single Source of Truth
5) Centralized Access Security
6) Employee Dock
7) Unified Administration
What type of connections to applications for PingOne for Workforce?
1) SAML
2) OIDC
3) Mobile
4) Singlepage apps
5) API’s
What can PingOne for Enterprise be for Ping Access?
A token provider
What is PIngFederate?
Software deployed in your own data center or cloud that provides user authentication and SSO.
What can PingFederate integrate with?
1) All major web application servers and virtualization platforms.
2) Office 365 and Azure AD Connect
3) LDAP enabled applications
4) Legacy web access mamagement solutions
5) Directory servers
6) MDM providers
7) Multi-factor services
What is authentication with intelligence?
What did PingOne SSO used to be called?
PingOne for Customers
What is PingOne SSO?
1) Both workforce and customer use cases
2) Identity Provider
3) SAML, OIDC and OpenID Connect capabilities
4) Own Directory
5) Some MFA
6) Integrates with MFA, Risk, Authorize, PingID, Verify
7) Application catalog is coming
8) Front end for any SAML or OIDC provider
9) Can be a token provider for PingAcces
With PingOne SSO you can deliver?
1) Better user experience (SaaS, mobile, cloud, and enterprise apps with one set of credentials)
2) Stronger security (one password)
3) Lower IT Costs (help desk)
With PingOne Verify you can deliver?
What is PingOne Verify?
Is a cloud-based customer identity verification service.
What can I do with PingOne Verify mobile SDK?
What capabilities does Ping API Intelligence offer?
1) API traffic visibility and automated API discovery
2) Artificial intelligence to learn traffic on each API
3) Automated attack blocking
4) Dashboards and in-depth reports for audits, plus forensic and governance reports
How does API Intelligence work?
1) In-depth traffic visibility
2) Learn API traffic behavior
3) Detect and block attacks
How does Registration help?
1) Make it easy to acquire and add new customers
2) Make it easy to get started
3 Give customers best-in-class, self services
4) Allow your users to register and sign on using social media providers
What does PingOne Risk deliver?
1) Make more intelligent authentication decisions
2) Deliver a frictionless user experience while thwarting bad actors from gaining access
3) Real-time risk signals and behaviors help you achieve stronger authentication
4) Aggregates signals to determine if access should be approved, denied or stepped up
How does PingOne Authorize help?
1) Centrally enforce contextual, fine-grained access policies
2) Enable real-time, continuous authorization based on ever-changing attributes instead of static ones
3) Protect consumer PII for regulatory compliance, privacy management and user consent
4) Externalize authorization policies for data owners and stakeholders
With PingOne Fraud you can deliver?
1) Online fraud detection in real-time
2) Catch previously undetected fraud attacks such as bots, account takeover and new account fraud
3) Behavior biometrics improve customer experience by reducing security events like CAPTCHA
4) Prevent losses by detecting suspicious behavior before the transaction, even without login
What are the primary features of PingAccess?
Name 3 of Ping’s on premise services that can act as a policy/decision maker.
1) PingFederate
2) PingAuthorize
3) PingAccess
How does PingOne DaVinci deliver rapid deployment?
1) Collapse thousands of lines of code into a single API call
2) Enable business & IT teams to collaborate on a single canvas
3) Run test in your actual customer environment via an embeddable widget
How does PingOne DaVinci deliver coverage for all identity use cases?
1) It includes fraud detection, verification, authentication, authorization, and more
2) Vender agnostic support for various applications, including IGA, IAM, SIEM and more
How does PingOne DaVinci deliver a seamless, secure user experience?
1) Library of 100+ out-of-the box connectors
2) Low-code flows with a drag-and-drop interface
3) Rapid A/B testing to determine optimal user journeys
What is PingOne?
An IDAAS SSO offering that enables enterprises to give their users federated access to any application with a single click from a secure, cloud-based dock, accessible from any browser or mobile device.
Protocol HTTPS
Browser speak
Protocol API
1) Software speak
2) Can be used instead of other protocols to look up users, get attributes, authenticate and authorize
Protocol LDAP
Directory
Protocol SQL
Database
Protocol SCIM
Provisioning
Protocol SAML
Open standard for authentication and attribute delivery. Asserts the end user is authenticated and send attributes. Will always be between an authetication service and a service provider (SP)
Protocol WS-FED/WS-Trust
Microsoft’s SAML - Authentication and attribute delivery
Protocol OAUTH
Authorization
Protocol OIDC (OpenID Connect)
OAuth, but also with authentication and attribute delivery
Protocol Kerberos
PC login is used for SSO
Protocol Radius
VPN authentication
Protocol FIDO2
Passwordless authentication
What is an IDP?
Identity Provider, a service that authenticates the user and provides attributes, in an assertion, to the service provider (SP) or application.
What is a SP?
Serive Provider/Relying Party, a service that receives assertion and extracts the attributes for application use
Describe a common SAML flow
1) User enters credentials
2) IDP confirms credentials against available identity sources
3) IDP issues token for SAML assertion
4) User is provided access to the Service Provider (SP)
Describe the steps to create an accurate Ouath flow
1) Client sends request to Auth Server
2) Server verifies identity (Authentication) and provides AuthZ for user
3) Tokens returned and sent to resource server
4) Appropriate APIs or information is made available to the user
What does an authorization server offer?
Its a service that prompts for permission to access and is responsible for granting access tokens after the user authorizes the application
What is JSON?
1) JavaScript Object Notation
2) Its a way to organize data and is used a lot in APIs
What is REST?
1) Representational State Transfer
2) A set of guidelines that can be implemented as needed, making Rest APIs faster and more lightweight, with increased scalability
What is SOAP?
1) Simple Object Access Protocol
2) Has specific requirements like XML messaging, and built-in security and transaction compliance that make it slower and heavier
What is JIT (Just in Time) provisioning?
1) Extends SAML protocol
2) If an authenticated user doesnt have an account at the application side, the application can automatically add them with the attributes from the IDP.
3) JIT provisioning automates account creation
What is SCIM (System for Cross-domain Identity Management)?
1) SCIM automates provisioning, deprovisioning, and management
What is an Access Gateway?
Think of it as a real gate with a guard who only allows people in who are authorized
What is an authorization service?
Think of it as a filter that only lets data you’re allowed to see through.
What is the correct order of the user journey?
1) Unknown
2) Known
3) Authenticated
4) Authorized
5) Terminated
What are the principal use cases?
6
1) Orchestration
2) Account Registration & Protection
3) Adaptive Authentication
4) Dynamic Authorization
5) Single View of the Customer
6) Cloud Migration
What entities impact user experience by giving information about the user to a decision maker?
Services
What are the steps in a common SAML flow?
1) User enters credentials
2) IdP confirms credentials against available identity sources
3) IdP issues token for SAML assertion
4) User is provided access to the service provider
What are the steps for a accurate OAuth flow?
1) Client sends request to Auth Server
2) Server verifies (AuthN) and provides AuthZ for user
3) Tokens returned and sent to a resource server
4) Appropriate APIs or information is made available to the user
What is a Token?
An object that shares information securely
What are APIs traditionally used for?
Allows two applications to talk to each other and send requests
What is LDAP used for?
A protocol for accessing directories
Why would you use MFA?
1) Extra security for user login
2) Require step-up based on geography
3) Further secure apps with additional policies
What are the advantages to having an orchestration tool?
1) Less work for developers
2) View the entire user experience in one place
3) Less custom code
4)
What are the advantages to having an orchestration tool?
1) Less work for developers
2) View the entire user experience in one place
3) Less custom code
4)
In the CIAM use case, how do users get entered into the directory?
3
1) . Self-service registration
2) Progressive Profiling
3) Synced from another directory
What are the steps for identity verification?
4
1) . Take a selfie
2) Take a picture of the government ID
3) Submit the images to Ping’s verification service for matching
4) Receive the verification status
When can fraud be detected?
All the time. Anywhere in the user journey.
What can make a decision based on a risk score?
3
1) An orchestration platform
2) A policy
3) An application
What are the most common authentication standards?
2
SAML and OIDC
What is the use case PingID is used for?
Its an MFA service for only CIAM
What can translate the scores from the PingOne services (Risk, Fraud, Verify) into action?
3
1) . The application
2) PingFederate (workforce solution)
3) PingOne DaVinci
What does Ping Access deliver?
1) Access policies by URL
2) Protect API endpoints
3) Works with JWT tokens
What does Ping Access deliver?
1) Access policies by URL
2) Protect API endpoints
3) Works with JWT tokens
What Ping products deliver SSO?
3
1) PingOne
2) PingOne for Enterprise
3) PingFederate
What Ping products provide MFA?
2
1) PingOne MFA
2) PingID
What does an identity provider do?
An identity provider (IdP) is a system component that provides an end user or internet-connected device with a single set of login credentials that ensures the entity is who or what it says it is across multiple platforms, applications and networks.
What is PingID most used for?
Workforce Users
What is PingOne MFA mostly used for?
CIAM
What are the features of PingOne DaVinci?
1) 100s of out of the box connectors
2) Can orchestrate non-identity flows not connected to Ping
3) Low-code platform to help facilitate API calls
4) Drag-and-drop interface for business and IT teams to collaborate on
What are features of PingDirectory?
1) . User management APIs
2) Consent APIs
3) LDAP-based
4) Software you can deploy anywhere
PingCentral
Delegated Admin for environment management.
It enables self-service, delegated administration for business users to integrate their own applications and APIs and consume centralized identity services.