The following sections describe the methods that PingAccess uses to control access and perform system
functions. For more information on how you can use PingAccess, see:
The main functionality of PingAccess enables you to
protect an application or API. You can:
- Use PingAccess to protect the application and
API resources to which client requests are forwarded.
- Partition applications for tighter access control through the use of resources.
- Customize the configuration of site authenticators and authentication requirements
to suit the security needs of your organization.
- Incorporate legacy authentication mechanisms through token mediation.
- Apply policies to define how and when a client can access target resources.
Customize your identity access management configuration with the following
features:
- Apply policies
- Use policies, made up of rules, set of rules, or groups of rule sets applied
to an application and its resources, to define how and when a client can
access target sites. Rules are the building
blocks for access control and request processing.
- Backup and restore
- Backup or restore a PingAccess configuration with just a few
clicks.
- Configure a token provider
- You can configure PingAccess to use
PingFederate as the token provider or to
use a common token provider through the OAuth 2.0 or
OpenID Connect (OIDC) protocols.
- For more information on how to configure a token provider in the
PingAccess administrative
console, see Token provider.
- For more information on how to set up a connection between a token
provider and PingAccess, see
Token Providers.
Note:
This section of the documentation provides information on how
to configure a few common token providers as the token
provider for PingAccess, while the previous link includes information on how to
set up PingAccess to
connect with the token provider.
- Configure administrator authentication
- Allow administrators to authenticate with a simple username and password or
configure them to authenticate using single sign-on (SSO) or an
API in conjunction with PingFederate. For
more information, see Admin authentication.
- Configure advanced network settings
- Create an availability profile to
determine how you want to classify a target server as having failed,
configure listener ports, define a load
balancing strategy, or use HTTP requests to match a served
resource with the originating client.
- Configure logging
- Capture several log types, including those for the engine, security
auditing, and cookies. Store logs in Splunk, in an Oracle, PostgreSQL, or
SQL Server database, or in a file. For more information, see Log configuration.
- Configure single logout (SLO)
- End PingAccess sessions easily when
used in conjunction with PingFederate
managed sessions or compatible third-party OIDC providers. For more information, see Configuring a PingFederate runtime or Configuring OpenID Connect token providers.
- Create clusters
- Deploy PingAccess in a clustered
environment to provide higher scalability and availability for critical
services. Place a load balancer in front of the cluster to distribute
connections to the nodes in the cluster. For more information, see Clustering in PingAccess.
- Customize PingAccess look and feel
- Customize and localize the PingAccess pages that your users see,
including those for error messages and logout confirmation.
- Customize with SDKs
- Customize development with SDKs to extend the functionality of the PingAccess server. For more information, see
PingAccess Add-on SDK for Java.
- Manage certificates and key pairs
- Import certificates to establish
trust with certificates presented during secure HTTPS sessions. Import or
generate key pairs that include the
private key and X.509 Attribute Sharing Profile (XASP) certificate required for
HTTPS communication.
- Manage sessions
- Use web sessions to define the
policies for web application session creation, lifetime, timeout, and scope. Use multiple web sessions to scope the session to
meet the needs of a target set of applications. Web sessions improve the
security model of the session by preventing unrelated applications from
impersonating the end user.
- Manually configure runtime parameters
- Use a text editor to modify configuration file settings used by PingAccess at runtime. For more information,
see Configuration file reference.
- Protect an application or API
- Use PingAccess to protect the
application and API resources to which client requests are forwarded.
Partition applications for tighter
access control through the use of resources. Customize configuration of site authenticators and authentication requirements to suit the
security needs of your organization.
The developers
page contains additional resources for developing
applications to work with PingAccess.
- Tune performance
- Optimize a wide variety of PingAccess
components for maximum performance. For more information, see Performance tuning.
- Upgrade an existing installation
- Upgrade an existing installation using the installer or selectively manage
the upgrade process with the PingAccess
upgrade utility. For more information, see Installing and Uninstalling PingAccess.
- Use APIs
- Use the PingAccess APIs to provide a
powerful configuration and management experience outside the PingAccess user interface. For more
information, see Accessing the PingAccess administrative API.