Credential management method comparison
The PingOne Credentials service offers Automated and API credential management options.
Automated credential management relies on the PingOne platform to automatically issue, edit, and revoke credentials. For example, if you configure a credential to issue to everyone in your PingOne population, a new user added to the PingOne directory automatically receives a credential. If a user is removed from the population, the credential is revoked. Learn more in Creating a credential.
API credential management uses the Credential APIs to issue, edit, and revoke credentials. API credential management requires you to set up listeners to respond to lifecycle events that happen in their external data source to know when to take the appropriate action on the user credential. Learn more in User Credentials.
| Definition | Integration | Pros | Cons | Choose if | |
|---|---|---|---|---|---|
Automated credential management |
Automatically handles interactions between the directory of PingOne and the credential service to issue, edit, or revoke a credential. |
Low integration level. Data sync is required to use attributes stored outside of PingOne Directory. |
Automated credential management eliminates implementation complexity. PingOne takes care of all credential lifecycle events. |
|
You rely on the PingOne platform as your system of record. |
API credential management |
Uses APIs to issue, edit, or revoke a credential. |
Complex integration level |
Personal identifiable information (PII) is not stored in PingOne or subject to data residency concerns. |
|
You have strict data residency requirements or existing data stores outside of PingOne |