PingOne

Credential management method comparison

The PingOne Credentials service offers Automated and API credential management options.

Automated credential management relies on the PingOne platform to automatically issue, edit, and revoke credentials. For example, if you configure a credential to issue to everyone in your PingOne population, a new user added to the PingOne directory automatically receives a credential. If a user is removed from the population, the credential is revoked. Learn more in Creating a credential.

API credential management uses the Credential APIs to issue, edit, and revoke credentials. API credential management requires you to set up listeners to respond to lifecycle events that happen in their external data source to know when to take the appropriate action on the user credential. Learn more in User Credentials.

Definition Integration Pros Cons Choose if

Automated credential management

Automatically handles interactions between the directory of PingOne and the credential service to issue, edit, or revoke a credential.

Low integration level.

Data sync is required to use attributes stored outside of PingOne Directory.

Automated credential management eliminates implementation complexity. PingOne takes care of all credential lifecycle events.

  • Personal identifiable information (PII) is stored in PingOne.

  • Not suited if you have strict data residency or on-prem data residency needs.

You rely on the PingOne platform as your system of record.

API credential management

Uses APIs to issue, edit, or revoke a credential.

Complex integration level

Personal identifiable information (PII) is not stored in PingOne or subject to data residency concerns.

  • More complex integration.

  • Credential lifecycle policy logic is the responsibility of the customer to maintain.

You have strict data residency requirements or existing data stores outside of PingOne