PingAccess for Azure AD Overview
PingAccess for Azure AD is a free version of PingAccess for users of Microsoft Entra ID (formerly Microsoft Azure AD) that allows you to protect up to 20 applications.
The PingAccess for Azure AD program ends on December 31, 2025. To continue using PingAccess, you must upgrade to a commercial PingAccess license. Learn more in: |
The goal of this solution is to allow for greater control over access to legacy on-premise applications through the use of PingAccess identity mapping functionality.
Learn more about configuring PingAccess for Azure AD in PingAccess for Azure AD.
PingAccess for Azure AD requires a premium license for Microsoft Entra ID. Learn more about licensing in https://learn.microsoft.com/en-us/azure/active-directory/app-proxy/application-proxy-ping-access-publishing-guide in the Microsoft documentation.
This free version of PingAccess includes a limited feature set that’s intended to support the basic requirements for application protection using this solution. Users of PingAccess for Azure AD can upgrade to a full license allowing the use of the full PingAccess feature set.
When your PingAccess for Azure AD license expires, you won’t be able to access the PingAccess administrative application programming interface (API) or configure the product. Though managed access to configured applications continues, you must upload a new license file before you can make any additional configuration changes. |
PingAccess for Azure AD provides a limited feature set that may not be compatible with existing PingAccess configurations. For this reason, upgrading from an earlier full version of PingAccess to PingAccess for Azure AD isn’t supported. |
The following table details the capabilities of PingAccess for Azure AD compared to a full version of PingAccess. These capabilities are available in both the PingAccess administrative console and administrative API.
Capability | PingAccess | PingAccess for Azure AD |
---|---|---|
Create applications |
Yes |
Limited to 20 web session applications. |
Create site authenticators |
Yes |
Limited to Basic and Mutual TLS. |
Configure identity mappings |
Yes |
Limited to Header and JSON Web Token (JWT). |
Create load balancing strategies |
Yes |
Limited to Header-Based and Round Robin. |
Configure web sessions |
Yes |
Limited to web sessions with OpenID Connect (OIDC) sign-on type CODE. |
Configure token provider |
Yes |
Limited to Microsoft Entra ID authentication source. |
Export/Import configuration |
Yes |
Limited to configurations that include only the features permitted by your license type. |
Configure policies |
Yes |
No |
Specify authentication requirements |
Yes |
No |
Create and configure custom plugins using the SDK |
Yes |
No |
Configure sites |
Yes |
Yes |
Configure agents |
Yes |
Yes |
Create virtual hosts |
Yes |
Yes |
Configure unknown resource handling |
Yes |
Yes |
Configure availability profiles |
Yes |
Yes |
Configure HTTP request handling |
Yes |
Yes |
Configure listeners |
Yes |
Yes |
Configure forward proxy settings |
Yes |
Yes |
Manage certificates |
Yes |
Yes |
Manage key pairs |
Yes |
Yes |
Configure administrator authentication |
Yes |
Yes |
Configure clustering |
Yes |
Yes |
Manage licenses |
Yes |
Yes |