Items to keep in mind:

PingFederate

  • PingFederate integration kits that load third-party libraries are not supported.
  • Integration kits that add an application (war file) are not supported, however, JavaScript or other scripts are allowed.
  • PingFederate provisioning is only available from the primary region with no failover.
  • The PingFederate Agentless Integration Kit cannot use dots in header names (only dashes).
  • The OAuth Playground is not supported in Production environments.
  • The persistent session data store for PingFederate can only be PingDirectory.
  • The X509/mTLS uses the alternate Hostname format (not the alternate port format).
  • There is no self-service report or way to view administrator-level permissions (roles) for admin users.
  • An administrator audit log file is not available.

PingDirectory

  • The number of customer-specific directory backends is limited to five.
  • HSMs that require extra libraries are not supported.
  • Automatic certificate management in a truststore is not supported.
  • Certain privileges are not available to PingOne Advanced Services, including config-read, and bypass-acl.
  • There is no access to backends other than customer backends and no privileges or configuration changes that would impact those backends (e.g., no access to the default password policy or virtual attributes that impact non-customer backends).
  • No changes can be made to root users or root privileges.
  • DataSync only supports LDAP-to-LDAP sync pipes.
  • DataSync is unable to make outbound connections to Kafka.

PingAccess

  • Cannot be used as a proxy for PingFederate.
  • There is no self-service report or way to view administrator-level permissions (roles) for admin users.
  • An administrator audit log file is not available.
  • Customers can only use port 443 for PingAccess-protected application URLs (virtual hosts).

General platform features

  • Customer-managed PingFederate and PingAccess admin accounts are not supported.
  • PingProxyServer is not currently available, but coming soon.
  • If you have many internal certificate authorities (CAs), more than 20 virtual hosts must be created in PingOne Advanced Services. Application code will also need to be updated to reflect the virtual hosts for agentless drop-off and pick-up.