PingAccess self-service

Applications represent the protected web applications and APIs to which client requests are sent. Applications are composed of one or more resources and have a common virtual host and context root, and correspond to a single target site. Applications can be protected by the PingAccess Gateway or PingAccess Agent. In a gateway deployment, the target application is specified as a site. In an agent deployment, the application destination is an Agent.

Authentication requirements are policies that dictate how users must authenticate before access is granted to protected web applications. Authentication methods are string values and ordered in a list by preference. At runtime, the type of authentication attempted is determined by the order of the authentication methods.

Identity mappings make user attributes available to backend sites that use them for authentication. There are multiple types of identity mappings, each with different behavior and a distinct set of fields to specify the identity mapping behavior.

Rules are the building blocks for access control and request processing. There are many types of rules, each with different behavior and a distinct set of fields to specify the rule behavior. Rule sets allow you to group multiple rules into re-usable sets, which can be applied to applications and resources. Rule set groups can contain rule sets or other rule set groups, allowing you to create hierarchies of rules to any level of depth. Rule sets and rule set groups can be applied to applications and resources, as required.

Web sessions define the policy for web application session creation, lifetime, timeouts, and scope. Multiple web sessions can be configured to scope the session to meet the needs of a target set of applications. This strategy improves the security model of the session, as it prevents unrelated applications from impersonating an end user.