PingOne Advanced Identity Cloud

What is PingOne Identity Governance?

PingOne Identity Governance is a framework for centrally managing user identities and controlling access to resources within an organization. It ensures that the right individuals have the appropriate access to resources while maintaining compliance with corporate, regulatory, and security policies.

Advanced Identity Cloud add-on capability

Contact your Ping Identity representative if you want to add PingOne Identity Governance to your Advanced Identity Cloud subscription.

Don’t configure Identity Governance in the Bravo realm of a tenant. Identity Governance doesn’t recognize realms, which can cause issues when you configure Identity Governance in both Alpha and Bravo realms. For example, users might gain unauthorized access to customer data and features across realms. The Bravo realm also doesn’t support delegated administration, which Identity Governance requires to function.

Ping Identity recommends that you set up a dedicated Advanced Identity Cloud tenant for your workforce/Identity Governance use cases in the Alpha realm only. You can set up a separate tenant for your custom identity and access management (CIAM) use cases using either the Alpha or Bravo realm depending on application.

Contact your Ping Identity representative to discuss your particular deployment options.

Core capabilities of Identity Governance

By implementing Identity Governance, organizations can minimize security risks, prevent unauthorized access, and streamline compliance with industry regulations.

Identity Governance provides the following core capabilities:

  • Manage access requests: Provide a self-service catalog where users can request access to applications, and use automated workflows to route those requests for approval.

  • Certify user access: Schedule and run regular access certification campaigns. This requires managers to review and either approve or revoke their team members' permissions, which prevents the slow accumulation of unnecessary access.

  • Automate the identity lifecycle: Automate the entire user lifecycle, from granting "birthright" access to new hires on their first day to instantly revoking all access when they leave the organization.

  • Enforce security policies: Create and enforce segregation of duties (SoD) policies to prevent users from gaining conflicting combinations of permissions that could introduce risk.

  • Audit and report on access: Maintain a complete audit trail of all access-related activities, including requests, approvals, and changes, to ensure you can meet compliance requirements.

  • Manage the lifecycle of users and entitlements: Delegate user and entitlement administration to non-technical staff through a user-friendly interface, Using the interface, these users can manage the lifecycles (create, update, delete) of your users and entitlements.

  • Governance recommendations: Leverage machine learning to analyze peer access patterns, providing clear suggestions to help you make faster, more consistent, and secure access decisions.