Ping Advanced Identity Software

Edge Security

Use the Edge Security module to integrate web applications, APIs, microservices, Internet of Things devices, and cloud-based services with the Ping Advanced Identity Software.

Edge Security modules:

Edge Security (PingGateway)
Open Finance

Dependencies

The Edge Security module doesn’t depend on any other modules.

The Open Finance module depends on these modules:

Edge Security (PingGateway) module

PingGateway helps you integrate web applications, APIs, and microservices with Advanced Identity Software, without modifying the application or the container where it runs. Based on reverse proxy architecture, it enforces security and access control in conjunction with the PingAM modules.

PingGateway software provides the following capabilities:

  • Protection for IoT services, microservices, and APIs

  • Policy enforcement

  • Adaptable throttling, monitoring, and auditing

  • Secure token transformation

  • Support for identity standards such as OAuth 2.0, OpenID Connect, SAML 2.0, and UMA 2.0

  • Password capture and replay

  • Rapid prototyping

Required modules: none.

Feature Description Documentation

Studio

User interface for rapid development and prototyping.

Studio guide

Single sign-on

Single sign-on in a single domain and across domains.

Single sign-on and Cross-domain single sign-on

Password replay

Secure replay of credentials to legacy applications or APIs.

Password replay from AM, Password replay from a database, and Password replay from a file

Policy enforcement

Enforcement of centralized authorization policies for applications requiring PingAM.

Enforce policy decisions from AM and Harden authorization with advice from AM

Federation

OpenID Connect 1.0.

OpenID Connect

OAuth 2.0.

IG as an OAuth 2.0 client and IG as an OAuth 2.0 resource server

SAML 2.0.

SAML

SAML resources for mobile applications.

Transform OpenID Connect ID tokens into SAML assertions

Finance APIs

Support for OAuth 2.0 Mutual TLS and Financial-Grade APIs.

Validate certificate-bound access tokens and FapiInteractionIdFilter

WebSocket protocol

Detection of requests to upgrade from HTTPS to the WebSocket protocol, and creation of a secure, dedicated tunnel to send and receive WebSocket traffic.

WebSocket traffic

Throttling

Throttling to limit access to protected applications.

Throttling

UMA resource server

Protection for resources and services according to the UMA 2.0 standard.

UMA support

DevOps tooling

Deployment of basic and customized configurations through Docker.

Deployment guide

Integration with Advanced Identity Cloud

Protection and integration of APIs and applications with PingOne Advanced Identity Cloud for authentication and authorization.

Identity Cloud guide

Microgateway

PingGateway standalone deployed as a microgateway, securing microservices with OAuth 2.0.

PingGateway as a microgateway

Open Finance module

PingGateway Open Finance support overlays PingOne Advanced Identity Cloud and platform deployments for Financial-grade API (FAPI) compliance. Use the Open Finance module as a foundation for high security applications in trusted ecosystems.

The PingGateway Open Finance module provides the following capabilities:

  • Secure dynamic client registration (DCR)

  • Secure authorization server access to well-known metadata, authorization codes, pushed authorization requests (PAR), and access tokens

  • Secure resource server access

  • Trusted directory support

  • API client and client organization tracking

  • FAPI auditing

Feature Description Documentation

FAPI support

Tutorial demonstrating how the Open Finance module supports FAPI.

FAPI tutorial (evaluator’s guide)

Complete reference

Full reference documentation for Open Finance capabilities.

FAPI reference