Sold by: Ping Identity
The PingOne Advanced Identity Cloud, formerly ForgeRock Identity Cloud, is a comprehensive IAM platform for applications that can be deployed anywhere - on
premises, in your own private cloud, or in your choice of public cloud.
4.1
Overview
Planning for the Future - Digital transformation requires a comprehensive IAM solution that aligns with your priorities - whether its cloud migration or maintaining a hybrid model with a simplified infrastructure footprint. To plan for your organizations future in the cloud, you need a comprehensive, enterprise-grade identity platform that supports your priorities with a combination of usability, customizability, and operational cost savings. You need a range of configuration options so that you can choose the functionality you need. As your organization grows, your IAM solution should grow along with it. You might find you need to secure identity for employees and, later, workforce, consumers, citizens, and things. You will need to manage access to cloud and on-premises apps, on-premises legacy systems, and a wide range of resource objects such as files, data in databases, and buttons or tabs in web pages and application programming interfaces (APIs). Customizing your IAM solution is also important. If you are in a regulated industry, you will need a cloud IAM solution that can provide true data isolation, enable fine grained transactional authorization, and integrate with leading anti-fraud solutions. If you are in healthcare, you will need to manage identity relationships (such as parent and child and doctor and patient) and incorporate these relationships into access and authorization decisions.
Highlights
- Elevate Experience and Security - Use a drag-and-drop interface to deliver great experiences, such as low-friction registration, self-service, and passwordless authentication. Secure all identities with Zero Trust risk assessment and transaction-level protection.
- Take Control of Your Hybrid World - Living in a hybrid world? Manage all your IAM needs across on-prem, cloud, mobile, and web. Deploy PingOne Advanced Identity Cloud alongside our self-managed software using the industrys most flexible deployment options..
- Eliminate Costly Surprises - Say goodbye to overage charges that often come as an unwelcome surprise. With PingOne Advanced Identity Cloud, you get simple and flexible subscriptions with predictable pricing.
Details
New
Introducing multi-product solutions
You can now purchase comprehensive solutions tailored to use cases and industries.
Features and programs
Buyer guide
Gain valuable insights from real users who purchased this product, powered by PeerSpot.
Financing for AWS Marketplace purchases
AWS Marketplace now accepts line of credit payments through the PNC Vendor Finance program. This program is available to select AWS customers in the US, excluding NV, NC, ND, TN, & VT.
Pricing
Pricing is based on the duration and terms of your contract with the vendor. This entitles you to a specified quantity of use for the contract duration. If you choose not to renew or replace your contract before it ends, access to these entitlements will expire.
Additional AWS infrastructure costs may apply. Use the AWS Pricing Calculator to estimate your infrastructure costs.
Dimension | Description | Cost/12 months |
|---|---|---|
PingOne CIAM Plus | Starting Price - PingOne for Customers Plus (AuthN, SSO, Adaptive MFA) | $40,000.00 |
Vendor refund policy
All fees are non-cancellable and non-refundable except as required by law.
Legal
Vendor terms and conditions
Upon subscribing to this product, you must acknowledge and agree to the terms and conditions outlined in the vendor's End User License Agreement (EULA) .
Content disclaimer
Vendors are responsible for their product descriptions and other product content. AWS does not warrant that vendors' product descriptions or other product content are accurate, complete, reliable, current, or error-free.
Delivery details
Software as a Service (SaaS)
SaaS delivers cloud-based software applications directly to customers over the internet. You can access these applications through a subscription model. You will pay recurring monthly usage fees through your AWS bill, while AWS handles deployment and infrastructure management, ensuring scalability, reliability, and seamless integration with other AWS services.
Support
Vendor support
At Ping, we know that without our customers, we wouldn't exist. This is why we put our customers at the heart of everything we do. Our support centers are strategically located in three major metropolitan areas around the world. Denver, London, Melbourne. This allows us to provide global support, 24-7. So even if your employees, partners and customers are all in separate time zones, we're on call and ready to get you back up and running. Access our Support Portal to get help, read documentation, engage in our online product communities and more.
AWS infrastructure support
AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.
Updated weekly
By Ping Identity
By One Identity
By Okta, Inc
Top
10
In Infrastructure as Code, Application Development, Security
Sentiment is AI generated from actual customer reviews on AWS and G2
Functionality
Ease of use
Customer service
Cost effectiveness
Positive reviews
Mixed reviews
Negative reviews
AI generated from product descriptions
Multi-Deployment Architecture
Supports deployment across on-premises, private cloud, and public cloud environments with flexible hybrid deployment options.
Zero Trust Risk Assessment
Implements Zero Trust risk assessment and transaction-level protection for identity security.
Passwordless Authentication
Enables passwordless authentication mechanisms as part of the authentication framework.
Fine-Grained Authorization
Provides fine-grained transactional authorization capabilities for granular access control.
Drag-and-Drop Configuration Interface
Offers a drag-and-drop interface for configuring identity workflows and user experiences without requiring extensive coding.
Centralized Cloud Identity Store
Unified cloud directory that centrally manages identities across the environment with capability to capture profile data and synchronize user information from external directories.
Multi-Factor Authentication
MFA implementation with risk-based, context-aware authentication using SmartFactor to protect against account takeover threats across all devices and touchpoints.
Social Authentication Integration
Support for social login via Google, Facebook, LinkedIn and other providers, along with SAML and OIDC protocols to reduce friction in registration and authentication processes.
Automated Identity Lifecycle Management
Automated user provisioning and identity lifecycle management capabilities integrated with external directory synchronization.
API and SDK Customization
Developer-friendly APIs and SDKs for customizing login pages, email domains, and other customer journey touchpoints to deliver personalized identity experiences.
Fine-Grained Authorization
Fine Grained Authorization (FGA) capability that extends beyond role-based access control for granular permission management
Universal Login
Central authorization server with Universal Login that redirects users to a unified login domain, preventing credential transmission across sources and enabling Single Sign-On (SSO)
Multi-Identity Support
Authentication and authorization for web, mobile, legacy applications, devices, users, and non-human identities including AI agents
OAuth 2.0 Compliance
Standards-based authentication flows compliant with OAuth 2.0 recommendations for secure native application authentication using external user agents
Pre-built Integrations
Over 7,000 pre-built partner integrations across the Okta Integration Network and pre-built integrations with AWS for centralized access management and entitlement management across AWS accounts
Standard contract
No
No
No
Customer reviews
Prakash Mantha
Centralized sign-on has improved secure access while customization now supports complex user flows
Reviewed on May 10, 2026
Review from a verified AWS customer
What is our primary use case?
Ping Identity Platform provides federation services for third-party applications, which is essential for organizations with high-security needs to manage all logins with a single sign-on, making it easy to onboard third-party applications.
What is most valuable?
Ping Identity Platform's most valuable feature compared to other tools is its extensive customization capabilities. Unlike some competitors that are cloud-only, Ping Identity Platform can be accessed both on-premises and in the cloud, allowing for high flexibility in creating user flows and policies tailored to client requirements. However, a drawback is that it does not manage users directly in the interface, requiring interaction with third-party entities or LDAP gateways.
What needs improvement?
Ping Identity Platform needs to improve user management capabilities so it can be easier to maintain users and their access, as well as enhance flexibility in logging into multiple applications seamlessly through PingOne, as some organizations restrict access to their data.
When I mention better user management in Ping Identity Platform, I refer to its lack of features similar to those in IGA platforms such as Okta, where users can be modified without needing to check logs repeatedly. In Ping Identity Platform, it requires checking Active Directory for user issues, which can pose challenges, especially since SSO teams often do not have complete access to user data.
For how long have I used the solution?
I have been using Ping Identity Platform for the last four years, specifically since 2019, and I stick mostly to PingFed with four years of experience, while I also have one year of experience with PingAxis and two years with PingOne and PingID. Currently, I am learning PingOne DaVinci.
What do I think about the stability of the solution?
Ping Identity Platform demonstrates strong stability, as it is not prone to bugs, with the development team consistently fixing issues, making it highly recommended by many clients.
How are customer service and support?
I have contacted the support team of Ping Identity Platform for help before, and my experience with them varies depending on the situation at hand; I would rate their assistance as a seven out of ten based on my experiences.
How was the initial setup?
The installation, setup, and deployment of Ping Identity Platform are easy to manage without significant complications.
Which other solutions did I evaluate?
If a customer inquires about using Ping Identity Platform for the first time, I would advise them to consider their budget, license costs, and how many applications they have before proceeding. I also compare Ping Identity Platform with other products such as Okta or JumpCloud to ensure it meets their needs.
What other advice do I have?
In my company, many people use Ping Identity Platform, especially among banking and retail customers, with at least five out of ten clients utilizing it for access management.
Ping Identity Platform is expensive. However, I believe it is worth the investment despite its high cost because of the value it provides.
For beginners, learning to use Ping Identity Platform for the first time is manageable; I can say that if one dedicates one to two months to it, they would grasp the tool effectively, rating ease of learning around six out of ten. I would give Ping Identity Platform an overall rating of eight out of ten.
Which deployment model are you using for this solution?
Public Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Amazon Web Services (AWS)
AmitRathod
Single sign-on has simplified access while adaptive authentication protects complex user journeys
Reviewed on Apr 30, 2026
Review from a verified AWS customer
What is our primary use case?
The use case I mentioned, particularly for Single Sign-On , is that we have used it for Single Sign-On . It allows users to access multiple applications with one set of credentials. Users don't need to remember different kinds of credentials. Single Sign-On comes into the picture where Ping Identity Platform provides the Single Sign-On feature.
Another thing is that Ping Identity Platform provides adaptive multi-factor authentication. It uses context-based security, based on things such as location, device, and different networks, which triggers extra authentication only when the risk is detected. That is what we call adaptive multi-factor authentication.
Then comes Identity Orchestration. It is one of the great features that Ping Identity Platform has. It provides a no-code, drag-and-drop interface which builds complex, personalized user journeys, from start to bottom, from when a user starts, then their updates such as transfers, then when a user leaves. All of these things are managed by Identity Orchestration. If we need to define it, we can define it as per the client's requirements. It is completely feasible as per client requirement. As well as it provides complete API security. We have secure data flow which protects APIs through OAuth and OpenID Connect protocols. These are the SSO protocols.
Again, it has great features such as Ping One Protect, which is a real-time AI-driven threat detection that prevents bot attacks, account takeovers, and fraudulent activity. Ping Identity Platform is also used for IGA ; we have SailPoint, we have Okta. Ping Identity Platform is useful for IGA , that is Identity Governance, which is helpful for user lifecycle management, which includes provisioning, deprovisioning, and compliance, as well as for recertification.
I utilize analytics tools for Autonomous Identity within Ping Identity Platform. This product uses machine learning for Identity Governance, specifically for auto-provisioning access, analyzing access patterns which reduces roles, then identifying high-risk access outliers, where it will be used for Autonomous Identity. Then comes PingHelix, which is an AI product used for Ping Identity Platform. It is a strategic initiative that embeds AI at the core of Ping One platform which creates a more intelligent, proactive identity secure posture. Finally, there's Ping Intelligence, which is used to detect anomalies and threats specifically against APIs, identifying potential data breaches in real-time. That is the use for advanced analytics.
What is most valuable?
With Ping Identity Platform, I was using it in my previous organization, which is the Great Software Laboratory, which is an India-based organization. It is a completely comprehensive hybrid capable Identity and Access Management feature which provides features such as multi-factor authentication, Single Sign-On, then Identity Orchestration, centralized authorizations such as ABAC. As well as it provides directory services, then API security, and fraud detection.
Personally, I appreciate Identity Orchestration the most about Ping Identity Platform. We don't need to define too much code. It is just a simple drag-and-drop interface. With the correct drag-and-drop options, we can build a complex and personalized process very efficiently and effectively for registration, for login, for profile management. Another thing I appreciate is that it provides great Identity Governance features. We don't need to define too much. It will take very less time for deployment. One of the great features of Ping Identity Platform is Ping One Protect, which protects against bot attacks, account takeover, and other fraudulent and misleading activities.
The platform's API security features, particularly with Ping Gateway, are one of the great features in Ping Identity Platform that help protect my API. Ping Gateway provides the secure data flow and also it protects the API that is used by OAuth, OpenID, and SAML, which is used by their API connector tool. It integrates with multiple Workday applications and multiple contractor applications. With Ping Gateway, it will be completely secured and all the APIs are secured by the help of Ping Gateway.
What needs improvement?
Regarding areas for improvement in Ping Identity Platform, there is not much. In terms of licensing and implementation costs, it has premium pricing, and it has a very complex implementation. It provides greater feasibility, but it takes a very long time in terms of complete building. There is a very limited number of legacy support, which can pose potential difficulties in integrating with certain older or legacy systems. Additionally, issue troubleshooting can be difficult at times. Sometimes issues can be difficult to diagnose and require extensive technical expertise. There is also a very steep learning curve for administrative purposes and potential difficulties with offline authentication scenarios.
For how long have I used the solution?
My experience with Ping Identity Platform is that I worked previously for about three years.
What do I think about the stability of the solution?
In terms of stability for Ping Identity Platform, we haven't faced any issues till now. It depends on the workload. It may take some time, but there have been no crashes till now. However, it takes time to load all of these things, so I would recommend or give a rate of around nine out of ten.
What do I think about the scalability of the solution?
I find that it has great scalability, so I will rate it ten out of ten. There are no issues at all.
How are customer service and support?
I would rate the technical support for Ping Identity Platform seven out of ten because of their limited support and late availability.
What about the implementation team?
Maintenance for Ping Identity Platform depends on the technical support you require and the license you obtain. For these elements, we require maintenance support yearly.
What's my experience with pricing, setup cost, and licensing?
Regarding pricing for Ping Identity Platform, I would rate it eight out of ten.
Which other solutions did I evaluate?
My advice for others looking to implement Ping Identity Platform is that if you are looking for a cloud-first company, you can prefer other platforms such as OneLogin or Okta. If a customer wants a hybrid environment where they can use on-premises applications and cloud-based applications while requiring advanced compliance and customization, then I would recommend the client to prefer Ping Identity Platform.
What other advice do I have?
I assess the Single Sign-On capabilities of Ping Identity Platform in streamlining user access as providing almost 200 to 300 pre-built applications. It provides Single Sign-On based on SAML 2.0, OAuth, and OIDC. It has a very great feature, but as compared to other applications such as Okta, it has a very low number of pre-built applications. However, when it comes to customization, it is very good. It provides greater flexibility. A client can define it in their own way. There is no limitation in customization. We can do a lot of customization in Ping Identity Platform. That is where it provides greater feasibility over Okta.
In terms of the flexibility of integration with Ping Identity Platform, I have a couple of applications for cloud-based, a few based on on-demand, and several on-premises applications. We have some real-time applications we use for user lifecycle management as well as provisioning. Depending on the client's requirement, we set it as a customization as per their need. We define their user interface, then user logout interface, and there is also a thing such as self-registration forms, and log in and log out timing sessions. We can do that kind of customization as per the client's requirements. That is the greatest feasibility for Ping Identity Platform.
Overall, I would rate Ping Identity Platform eight out of ten.
Which deployment model are you using for this solution?
Hybrid Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
KunwarNitesh
Converged identity journeys have simplified workforce and customer access management
Reviewed on Jan 09, 2026
Review provided by PeerSpot
What is our primary use case?
I run my own IT company where we work with multiple products. Nowadays, we are not doing a lot of Ping Identity Platform projects because there are other technologies like Ping and Okta and other options available which are better than Oracle. That is why we don't have a lot of Oracle projects these days.
We are working mostly with Ping technology and ForgeRock , and we do have some Oracle projects that we are running, but majorly we are running Ping and ForgeRock .
What is most valuable?
Ping Identity Platform can provide a solution for both workforce identity and access management and also for consumer identity and access management, which is CIAM .
There are many things that are better in Ping Identity Platform. First, it is a very lightweight product. Second, I would say it's a converged platform which can do both identity management, access management, and recently they are bringing privilege management capability as well. Another thing is that they also have something very unique, which is their user interface-based journeys, which provides their single sign-on experience. That is a very good thing. Ping Identity Platform also supports all the latest features such as passwordless and managing agentic identity. They also have AI capabilities within the product itself.
They provide out-of-box almost all the MFA options, including email OTP, text-based OTP, TOTP, HOTP, biometric, and passwordless. They can also integrate with any third-party MFA provider. From that perspective, it's a complete platform.
They support OAuth and OpenID. They also have this product called Ping Gateway, which you can use to implement API security. It provides features such as throttling, adding authentication, or everything you can do as part of Ping Gateway.
What needs improvement?
From the improvement perspective, they could bring IGA capability, which right now they only have in their SaaS offering. Other than that, Ping Identity Platform has multiple products for access management, identity management, a solution for API security, a solution for authorization, and a product for identity verification. From that perspective, it is complete, and they are improving it.
For how long have I used the solution?
I think a nine.
Which other solutions did I evaluate?
Ping Identity Platform can be compared with any other leader in the identity and access management space, but I would say it would be high because they have been the leader in all the analytics reports, whether it's Gartner or KuppingerCole or any other reports.
I would say Okta, and Okta and IBM from that perspective. IBM and even Oracle could be alternatives, but Oracle is a dying technology at this point in time.
What other advice do I have?
Ping Identity Platform has some analytic capability, but mostly it produces the logs which can be sent to any external SIEM tools such as QRadar or Grafana or anything similar. It basically produces the logs which can be consumed by any analytics tool.
It is very easy to integrate.
They have been the leader for the last eight or nine years according to Gartner and KuppingerCole or any other analyst reports.
I would rate Ping Identity Platform at a ten. Overall, I would rate my experience between nine and ten. My overall review rating for Ping Identity Platform is nine.
Shruthi R Varikoti
Generative AI automates access reviews and provides workflow efficiencies
Reviewed on Apr 24, 2025
Review provided by PeerSpot
What is our primary use case?
I work with Governance , Risk, and Compliance (GRC), IT Service Management (ITSM) , and Customer Service Management (CSM) modules of ServiceNow . My project is related to cybersecurity. I have touched on generative AI and integrations like SOAP APIs. I have used the Ping Identity Platform for seamless Single Sign-On (SSO) in enterprises, offering flexible integrations and federated identity management within a mid-sized enterprise environment.
What is most valuable?
I appreciate that the Ping Identity Platform does not require coding and offers flexible integrations and federated identity management. Generative AI helps to automate access review and streamline governance workflows. The platform enhances security measures by analyzing multi-factor authentication attempts, highlighting suspicious patterns, and generating compliance reports.
What needs improvement?
In SSO , I would like to enable ServiceNow Generative AI for auto-diagnosing PingFederate SSO failures and suggest remediation steps. I would like to see enhanced incident summarizations and awareness virtual agents driven by Generative AI.
For how long have I used the solution?
I have gained experience with the Ping Identity Platform for about two and a half years. My recent experience is interrelated with my core project on cybersecurity.
What was my experience with deployment of the solution?
During the initial setup, I faced challenges resolving high-volume authentication failures by using Generative AI to pinpoint PingFederate policies. However, I addressed delays in user onboarding by automating access provision through Generative AI workflows.
What do I think about the stability of the solution?
I have not experienced any stability issues personally. However, some colleagues have mentioned API connectivity, data security, and privacy issues.
How are customer service and support?
In Ping, I have reached out to technical support for troubleshooting SAML certificate mismatches and federated errors between Ping and enterprise apps. They have helped support incident resolution for authentication failures using ServiceNow incident workflows and Generative AI summary.
Which solution did I use previously and why did I switch?
I have not worked with any other SSO or IAM solutions before the Ping Identity Platform.
How was the initial setup?
The initial setup of PingFederate in a cloud environment using Generative AI took around one to two weeks. Once everything is set, it does not require much maintenance.
Which other solutions did I evaluate?
I evaluated ServiceNow and the Ping Identity Platform.
What other advice do I have?
I would recommend PingFederate as an IAM solution for its no-code environment, single sign-on, multi-factor authentication, bidirectional services, and advanced features. On a scale of one to ten, I would rate the Ping Identity Platform as ten out of ten.
Faiz Mohd
Deploy single sign-on and multi-factor authentication for customer-facing applications
Reviewed on Jul 24, 2024
Review from a verified AWS customer
What is our primary use case?
I usually deploy single sign-on and multi-factor authentication using PingOne for customer-facing applications to enhance security and user convenience. I use PingFederate to integrate with Kerberos-based systems, such as Salesforce , AWS , ServiceNow , and Google. I configure various OAuth grant types and set up Windows Service Federation and SAML 2.0 protocol service provider endpoints using PingOne and PingFederate.
What is most valuable?
It's convenient for users to log in through Ping using the Kerberos adapter because it doesn't require them to authenticate again. If a user is already logged into the organization's domain, the system automatically checks the Kerberos ticket in the background when they try to access another application through Ping. It logs them in without prompting for a password or reauthorization.
You don't need prior experience to use this; you need to understand how it works. Experience is only necessary when integrating it with systems. For instance, when using any application through Ping in your organization, it just needs to be connected to the organization's domain. This setup works seamlessly on a PC, automatically detecting the Kerberos ticket and logging you in. However, it won't work on a mobile device since the mobile doesn't have a Kerberos ticket. On a mobile phone, you'll be prompted to authenticate again.
What needs improvement?
It's important to keep learning and improving in every phase of life. There are instances when you need to use programming languages like Java and Python, especially when integrating systems or making code changes.
One significant challenge was ensuring smooth user migration during system upgrades in Ping. At my current company, based on successful authentication, I enabled secure user migration in the PingOne directory to maintain continuity in user access and minimize disruptions. Another challenge was troubleshooting and resolving issues related to PingID MFA flows, which I addressed through performance tuning, logging, and debugging.
For how long have I used the solution?
I have been using Ping Identity Platform for eight years.
What do I think about the scalability of the solution?
I manage the scale of integration across multiple applications, ensuring minimal disruption to ongoing business operations. This requires effective communication and coordination with the team and stakeholders to address issues and mitigate risks promptly.
In several projects, particularly when deploying Ping across large environments, I encountered challenges supporting many users during peak times, which strained the authentication infrastructure. To address this, I implemented PingID clustering to distribute the load across multiple servers, ensuring high availability and load balancing to prevent single points of failure. The multi-factor authentication process didn't introduce significant latency, especially for high-transaction applications. This involved thorough performance tuning, optimizing network configurations, and fine-tuning Ping settings. I regularly monitor system performance to identify and resolve any bottlenecks.
150-200 users are using this solution.
I rate the scalability as seven out of ten.
What's my experience with pricing, setup cost, and licensing?
The product is affordable and starts at 20,000 dollars/year, depending upon the license and maintenance requirement. It makes our work easier and saves a lot of time.
What other advice do I have?
I haven't faced any debugging issues. It was only during the testing that I faced.
I advise you to be extremely careful when integrating Ping with any application, especially during authentication. If an intruder manages to get authorized, they're just one step away from accessing all your organization's data. With PingFederate, users only need to log in once, so if an attacker gains access, it becomes tough to track and stop them. The critical takeaway is to be vigilant during integration and ensure that every security measure is thoroughly implemented.
Overall, I rate the solution a nine out of ten.