End-user UX options for authentication journeys and account management
When you integrate your applications with PingOne Advanced Identity Cloud, you must provide your end users with a UX (user experience) that handles authentication journeys and account management.
Advanced Identity Cloud provides these end-user UX options:
Advanced Identity Cloud hosted pages
Use Advanced Identity Cloud’s built-in and fully-featured UIs with no development work.
ForgeRock Login Widget
Use a widget to integrate authentication journeys easily into your client-side JavaScript web applications.
ForgeRock SDKs
Use SDKs for web, Android, or iOS applications. Integrate the SDK into Advanced Identity Cloud using the REST API.
Advanced Identity Cloud REST API
Build your own custom UIs without any Ping Identity prebuilt components and integrate with Advanced Identity Cloud REST API.
The options are not mutually exclusive, and you may need a combination of them to meet your company’s requirements. For a quick take on which option is most suitable for you, learn more in Compare end-user UX options.
UX options
Advanced Identity Cloud hosted pages
Advanced Identity Cloud hosted pages provide OOTB UIs for the following:
-
End-user authentication journeys, such as login, registration, and password reset
-
End-user account activities, such as managing profile information, viewing application access, and viewing roles and entitlements
This is the most straightforward end-user UX option since all the necessary capabilities are readily available.
The UI layouts are fixed but can be themed per realm. You can add company logos and change button, link, and background colors. The UIs support web applications but not native applications.
Hosted pages are useful if you have limited theming needs or want to quickly try new registration or authentication flows without integrating them into an application.
This UX option only lets you use centralized journey flows in your applications, with embedded journey flows not supported. Specifically, Ping Identity does not support embedding hosted pages in HTML frames.
This is the only UX option that supports SAML journey flows that use Advanced Identity Cloud as the IDP.
Learn more in Advanced Identity Cloud hosted pages.
ForgeRock Login Widget
The ForgeRock Login Widget provides an OOTB UI for end-user authentication journeys, such as login, registration, and password reset. It does not provide a UI for account management.
The Login Widget is low-code and framework-agnostic; it can be initiated with a few lines of code and can be easily integrated into any modern JavaScript application. It does not currently support server-side rendering (SSR), including Node.js.
The Login Widget provides OOTB support for localization, social login, WebAuthn, passkey, device profile, token management, and compliance with WCAG standards. It is highly themeable and customizable with CSS and Javascript.
Learn more in Ping Identity Login Widget.
ForgeRock SDKs
The ForgeRock SDKs let you develop your own custom UI for web, Android, or iOS applications. You then integrate it with your Advanced Identity Cloud tenant using the REST API.
Each SDK provides an OOTB UI module that allows you to prototype your custom UI; however, it is only provided as a starting point, and it is not intended for production use.
This option offers a lot of flexibility if you want to customize the behavior, layout, and theming of the UI, or want to support Android and iOS applications. Using it requires a higher level of technical skill than the previous options.
SDKs can use centralized and embedded journey flows.
Learn more in ForgeRock SDKs.
Advanced Identity Cloud REST API
The most flexible UX option is to build your own custom UIs and integrate with the Advanced Identity Cloud REST API. However, this is also the most complex and time-consuming UX option, as you need to build everything yourself without any Ping Identity prebuilt components.
In addition, you will also need deep identity implementation experience, including an understanding of how to securely store tokens locally.
Learn more in Advanced Identity Cloud REST API.
Ping Identity Platform login and end-user UIs (deprecated)
Ping Identity no longer recommends or supports this UX option due to the complexity of configuring the distributable packages. For a quick take on alternative options, learn more in Compare end-user UX options. |
Ping Identity also provides the hosted pages UIs as distributable packages, known as the platform login and end-user UIs. You can self-host one or both of the UIs and configure them to use your Advanced Identity Cloud tenant.
This UX option offers flexibility if you want to customize the layout of the UIs or customize the theming beyond what the hosted pages provide. The UIs support web applications but not native applications.
This UX option also lets you use both centralized and embedded journey flows in your applications.
For background information about the platform end-user and login UIs, learn more in Platform UIs.