PingOne Advanced Identity Cloud

What is PingOne Identity Governance?

PingOne Identity Governance is a framework for centrally managing user identities and controlling access to resources within an organization. It ensures that the right individuals have the appropriate access to resources while maintaining compliance with corporate, regulatory, and security policies.

Advanced Identity Cloud add-on capability

Contact your Ping Identity representative if you want to add PingOne Identity Governance to your Advanced Identity Cloud subscription.

Ping Identity doesn’t support Identity Governance actions for users authenticated in the Bravo realm of a tenant. Configuring Identity Governance in both Alpha and Bravo realms can cause issues since Identity Governance is not realm-aware. This may result in users gaining unauthorized access to customer data across realms and features.

To avoid these issues, Ping Identity recommends setting up an Advanced Identity Cloud instance for your workforce/Identity Governance use cases using only the Alpha realm and another instance for your custom identity and access management (CIAM) use cases using one or both realms depending on application.

Contact your Ping Identity representative to discuss your particular deployment options.

Core capabilities of Identity Governance

By implementing Identity Governance, organizations can minimize security risks, prevent unauthorized access, and streamline compliance with industry regulations.

Identity Governance provides the following core capabilities:

  • Manage access requests: Provide a self-service catalog where users can request access to applications, and use automated workflows to route those requests for approval.

  • Certify user access: Schedule and run regular access certification campaigns. This requires managers to review and either approve or revoke their team members' permissions, which prevents the slow accumulation of unnecessary access.

  • Automate the identity lifecycle: Automate the entire user lifecycle, from granting "birthright" access to new hires on their first day to instantly revoking all access when they leave the organization.

  • Enforce security policies: Create and enforce segregation of duties (SoD) policies to prevent users from gaining conflicting combinations of permissions that could introduce risk.

  • Audit and report on access: Maintain a complete audit trail of all access-related activities, including requests, approvals, and changes, to ensure you can meet compliance requirements.

  • Manage the lifecycle of users and entitlements: Delegate user and entitlement administration to non-technical staff through a user-friendly interface, Using the interface, these users can manage the lifecycles (create, update, delete) of your users and entitlements.

  • Governance recommendations: Leverage machine learning to analyze peer access patterns, providing clear suggestions to help you make faster, more consistent, and secure access decisions.