ForgeRock and Ping Identity Capability Comparison Matrix

In light of the recent integration of ForgeRock into Ping Identity, The Cyber Hut has received numerous inquiry calls regarding potential integrations, feature overlap, next steps and existing deployment advice with respect to the merger.

It is a topic we have covered in several episodes of The Week in Identity podcast over recent months:

Episode 37 Community feedback and discussion; customer advice
Episode 36 Public announcement of deal complete – what is means for the market
Episode 13 Thoma Bravo announce intention to acquire – first thoughts

To that end, we’re making available a basic feature comparison matrix that highlights the basic capabilities each vendor has in each of the main identity areas of B2E and B2C. This matrix was compiled using publicly available references with peer review by those who have implemented ForgeRock or Ping technologies in the last 3 years.

Note this is not a comment on the strength of said features, but more to highlight existing go to market strategies.

B2E Workforce:

Identity Type Capability ForgeRock Ping Identity
B2E Workforce Identity Life Cycle Management IDM. Homegrown solution focused on data connectivity.
B2E Workforce Identity Storage ForgeRock Directory Services. Based on the OpenDS project from Sun. Ping Directory and Directory Proxy.
B2E Workforce Identity Governance and Administration AI lead aspect for permissions analysis. known as Autonomous Identity. Based on technology developed by Accenture. Access request/review component known as ForgeRock IGA. Partner with likes of Sailpoint or You Attest.
B2E Workforce Authentication Falls under ForgeRock Access Management. Previously OpenAM (OpenSSO) from Sun Microsystems. Broad array of modular options Ping Authentication Authority. Out of the box modules and policies that powers SSO
B2E Workforce Multi Factor Authentication Falls under ForgeRock Access Management. Previously OpenAM (OpenSSO) from Sun Microsystems. Push notifications, HOTP, OTP and numerous strong auth partners via Trust Network Numerous OOTB integrations for Ping MFA (OTP, Push, FIDO2). Also partner with likes of Yubico.
B2E Workforce Passwordless Falls under ForgeRock Access Management. Previously OpenAM (OpenSSO) from Sun Microsystems. Push notifications, HOTP, OTP, WebAuth native support. Plus partners Ping Zero marketing. Leverage FIDO2, device and risk analysis.
B2E Workforce Biometric Authentication Falls under ForgeRock Access Management. Previously OpenAM (OpenSSO) from Sun Microsystems. Mobile lead capabilities. Specialist biometry via Trust Network partners Numerous OOTB integrations for Ping MFA (OTP, Push, FIDO2). Also partner with likes of Yubico.
B2E Workforce Authorization Falls under ForgeRock Access Management. Policy based access with agent and API lead enforcement. Ping Dynamic Authorization Powered by acquisition of Symphonic software in 2020
B2E Workforce Authorization Enforcement Policy agents, Identity Gateway and native APIs Integration with third party gateways.
B2E Workforce Federation SAML Falls under ForgeRock Access Management. SAML provider/relying partner support Ping Federate historic product. Multi-function
B2E Workforce Federation OAuth2/OIDC Falls under ForgeRock Access Management. OAuth2 provider/relying party support. Many profiles/extensions. Via Ping Federate as OAuth2 provider
B2E Workforce Gateway Lightweight reverse proxy called ForgeRock Identity Gateway Integration with third party gateways. Also have API Security Enforcer. AI based analysis (based on Elastic Beam acquisition in 2018?)
B2E Workforce Connectors Identity Connector Framework. Small yet powerful collection
B2E Workforce SDK iOS, Android and JavaScript. Primarily for authentication integration. API Toolkit Ping One (cloud) mobile native SDKs.
B2E Workforce Mobile App Basic app for Android (100k downloads) and IoS Basic app for Android (5M downloads) and iOS
B2E Workforce Single Sign On Falls under ForgeRock Access Management Ping SSO with range of SAML/OAuth2 capabilitites and session management

B2C Customer:

Identity Type Capability ForgeRock Ping Identity
B2C Customer Identity Proofing Partner network Native via Ping Verification service.
B2C Customer Fraud / ATO ForgeRock Autonomous Access. Organic development of AI/ML activity analysis Ping Protect
B2C Customer Registration / Progressive Profiling Via ForgeRock IDM integrated with Intelligent Access Modular components (see fraud, verification and DaVinci orchestration). Dedicated microsite.
B2C Customer Multi Factor Authentication Falls under ForgeRock Access Management. Previously OpenAM (OpenSSO) from Sun Microsystems. Push notifications, HOTP, OTP and numerous strong auth partners via Trust Network Modular components (see fraud, verification and DaVinci orchestration). Dedicated microsite.
B2C Customer Passwordless Falls under ForgeRock Access Management. Previously OpenAM (OpenSSO) from Sun Microsystems. Push notifications, HOTP, OTP, WebAuth native support. Plus partners Modular components (see fraud, verification and DaVinci orchestration). Dedicated microsite.
B2C Customer Biometrics Falls under ForgeRock Access Management. Previously OpenAM (OpenSSO) from Sun Microsystems. Mobile lead capabilities. Specialist biometry via Trust Network partners Modular components (see fraud, verification and DaVinci orchestration). Dedicated microsite.
B2C Customer BYOI Via ForgeRock IDM integrated with Intelligent Access Modular components (see fraud, verification and DaVinci orchestration). Dedicated microsite.
B2C Customer Privacy Preservation Partner for vaulting and encryption. Support for UMA for consent and data sharing. Soverienty via directory. Privacy microsite. Modular cpaabilties. Storage via Unbound acquisition. OAuth2 sharing. Consent capture
B2C Customer IoT Integration OAuth2 Device Flow support. Some edge SDK capabilities. 


Identity Type Capability ForgeRock Ping Identity
General Orchestration Historically known as Authentication Trees, Intelligent Access, Orchestration Trees. Ping DaVinci (via acquisition of Singular Key in 2021)
General Deployment On-prem and more recently cloud. Cloud is same on-prem components, containerized and hosted by ForgeRock. Ping One is cloud model for B2E and B2C
General Scale Known for large multi-million storage of identities. Transactions per second for authZ/authN 1000+ SEC Filings refer to mid-market focus with more repeatable project focus.
General Other IoT. Open Banking / PSD2 7 acquistions since 2016

Please contact us for any corrections of comments.

The post ForgeRock and Ping Identity Capability Comparison Matrix appeared first on The Cyber Hut.

*** This is a Security Bloggers Network syndicated blog from The Cyber Hut authored by Simon Moffatt. Read the original post at: