Both PingOne SaaS and PingOne Advanced Services use PingDirectory as the identity repository for their platforms. Not only does PingDirectory simplify administration, reduces costs, and secures information in systems that scale for large numbers of users, but it also acts as your single source of identity truth across your organization.

Although both cloud solutions use PingDirectory, the ways in which it can be used differ between them. See the following for details regarding those differences.

Data modeling is a process that you use to define the structure of a database prior to implementing it. This could be for a simple database where you’re storing information about customers and products, or it could be for something much more complicated, such as a system that’s used to track sales trends across a global network of stores.

  • PingOne SaaS uses PingDirectory as its database, which is only used to manage user identities.
  • With PingOne Advanced Services, you can use data modeling to manage:
    • Structured and unstructured data
    • Any type of object, such as devices, tokens, and consents
    • Custom data requests

Schemas are sets of rules that define the directory structures, which guarantee that new data entries and modifications meet and conform to these predetermined rules and definitions:

  • PingOne SaaS comes with a standard extendable schema for all of your environments, which you can build upon and customize to meet your needs.

    You can add single-valued, multi-valued, and custom attributes, which are all validated, including regex and enumerated values. See About the schema for details.

  • The PingOne Advanced Services schema uses LDAP v3. Schemas and global ACIs are completely customizable.

    Simply submit a schema or ACI service request to your Ping Identity support team, who will build the schema and customize global ACIs to best meet your needs.

In each PingOne Saas environment, you can have a maximum of:

  • 20 million identities without incurring additional costs
  • 100 declared attributes (200 attributes by the end of Q2, 2023)
  • 100 JSON attributes

With PingOne Advanced Services, there is no limit to the number of identities or attributes you can have in each environment. The largest number of identities currently supported is 170 million.

With PingOne SaaS, you can manage your users, user groups, and attributes through the administrative console or through the REST or Identity Access APIs.

PingOne DaVinci, an orchestration platform that lets you create flows to guide users through defined tasks, can be connected to PingOne.

An administrative console is not available for PingOne Advanced Services, but Delegated Admin is. You can also use LDAP to directly manage your users, groups, and attributes within the directory, and submit a PingDirectory service request to request additional customization.

PingOne DaVinci can also be connected to PingOne using an LDAP gateway.

Password policies are sets of rules that user passwords must adhere to. For example, a password policy might require that passwords contain at least 5 characters and include at least one special character. With PingDirectory, you can also specify:

  • Whether passwords should expire
  • Whether users are allowed to modify their own passwords
  • Whether too many failed authentication attempts should result in an account lockout

To help get you started quickly, PingDirectory provides three different out-of-the-box password policies that you can apply to your entries or as templates for configuring customized policies. See Viewing password policies for details.

  • With PingOne SaaS, password policies are highly customizable and assigned at the population level. They can also be used with a wide variety of password validators, except regex.
  • PingOne Advanced Services provides more flexibility and can be assigned at the group or user level.

    Not only can this platform be integrated with most password validators, including Dictionary, Haystack, and regex, but it can also be integrated with Have I Been Pwned?, which is an application that allows users to check and see if their personal data has been compromised in a data breach.

Passthrough authentication allows your users to sign on to both on-premises and cloud-based applications using the same passwords. This feature provides your users a better experience because there’s one less password to remember, which reduces IT help desk costs.

With PingOne SaaS, passthrough authentication is performed using either:

With PingOne Advanced Services, passthrough authentication can be performed using either:

Replication is a data synchronization mechanism that ensures that updates made to a database are automatically duplicated to other servers. Replication improves data availability when unforeseen or planned outages occur and improves search performance by allowing client requests to be distributed across multiple servers.

With PingOne SaaS, PingDirectory handles replication and redundancy, but with PingOne Advanced Services, you can use any replication system you choose.

Data synchronization is the ongoing process of synchronizing data between two or more devices and updating changes automatically between them to maintain consistency between systems.

Synchronization and replication are not the same thing. With replication, exact replicas of the data are created and stored in a variety of different locations. Synchronization can:

  • Transform data between two different directory information tree (DIT) structures.
  • Map attribute types.
  • Synchronize subsets of branches and specific object classes.

With PingOne SaaS, inbound and outbound AD and LDAP directory synchronization is performed using the PingOne gateway.

With PingOne Advanced Services, inbound and outbound synchronization is performed using PingDataSync.

Encryption is a way of scrambling data so that only authorized parties can understand the information, which is standardized across PingOne SaaS and PingOne Advanced Services environments. Entry and attribute-level encryption is also available with PingOne Advanced Services.

  • PingOne SaaS uses the standard hashing algorithm, SSHA-512, to ensure that the data is stored in a scrambled state so it's harder to steal.

    A variety of other password hashing algorithms can also be used, but are rehashed after the initial authentication.

  • PingOne Advanced Services supports additional password hashing algorithms including SSHA, PBKDF2, bcrypt, msCrypto, and Argon2.