PingAccess

PingAccess for Azure AD Overview

PingAccess for Azure AD is a free version of PingAccess for users of Microsoft Entra ID (formerly Microsoft Azure AD) that allows you to protect up to 20 applications.

The PingAccess for Azure AD program ends on December 31, 2025. To continue using PingAccess, you must upgrade to a commercial PingAccess license. Learn more in:

The goal of this solution is to allow for greater control over access to legacy on-premise applications through the use of PingAccess identity mapping functionality.

Learn more about configuring PingAccess for Azure AD in PingAccess for Azure AD.

PingAccess for Azure AD requires a premium license for Microsoft Entra ID. Learn more about licensing in https://learn.microsoft.com/en-us/azure/active-directory/app-proxy/application-proxy-ping-access-publishing-guide in the Microsoft documentation.

This free version of PingAccess includes a limited feature set that’s intended to support the basic requirements for application protection using this solution. Users of PingAccess for Azure AD can upgrade to a full license allowing the use of the full PingAccess feature set.

When your PingAccess for Azure AD license expires, you won’t be able to access the PingAccess administrative application programming interface (API) or configure the product. Though managed access to configured applications continues, you must upload a new license file before you can make any additional configuration changes.

PingAccess for Azure AD provides a limited feature set that may not be compatible with existing PingAccess configurations. For this reason, upgrading from an earlier full version of PingAccess to PingAccess for Azure AD isn’t supported.

The following table details the capabilities of PingAccess for Azure AD compared to a full version of PingAccess. These capabilities are available in both the PingAccess administrative console and administrative API.

Capability PingAccess PingAccess for Azure AD

Create applications

Yes

Limited to 20 web session applications.

Create site authenticators

Yes

Limited to Basic and Mutual TLS.

Configure identity mappings

Yes

Limited to Header and JSON Web Token (JWT).

Create load balancing strategies

Yes

Limited to Header-Based and Round Robin.

Configure web sessions

Yes

Limited to web sessions with OpenID Connect (OIDC) sign-on type CODE.

Configure token provider

Yes

Limited to Microsoft Entra ID authentication source.

Export/Import configuration

Yes

Limited to configurations that include only the features permitted by your license type.

Configure policies

Yes

No

Specify authentication requirements

Yes

No

Create and configure custom plugins using the SDK

Yes

No

Configure sites

Yes

Yes

Configure agents

Yes

Yes

Create virtual hosts

Yes

Yes

Configure unknown resource handling

Yes

Yes

Configure availability profiles

Yes

Yes

Configure HTTP request handling

Yes

Yes

Configure listeners

Yes

Yes

Configure forward proxy settings

Yes

Yes

Manage certificates

Yes

Yes

Manage key pairs

Yes

Yes

Configure administrator authentication

Yes

Yes

Configure clustering

Yes

Yes

Manage licenses

Yes

Yes