Back to Integrations

PingIdentity Integration

Integrate TigerAccess with PingIdentity for enterprise-grade SSO, adaptive authentication, and comprehensive identity federation across all infrastructure access.

View DocumentationRequest Demo
Features

Enterprise Identity Platform

Secure access to all infrastructure with PingIdentity's comprehensive identity and access management platform.

PingFederate SSO

Seamless SAML and OIDC federation with PingFederate for unified single sign-on across all infrastructure.

PingOne Integration

Cloud-based identity platform integration with automatic user provisioning and directory synchronization.

Adaptive MFA

Context-aware multi-factor authentication with PingID for risk-based access control and threat detection.

SCIM Provisioning

Automatic user lifecycle management with SCIM 2.0 for real-time user provisioning and deprovisioning.

Capabilities

Comprehensive PingIdentity Support

SAML 2.0 federation
OIDC/OAuth 2.0 support
PingFederate integration
PingOne cloud identity
PingDirectory sync
PingID adaptive MFA
SCIM 2.0 provisioning
Risk-based authentication
Session management
Policy engine integration
API access control
Directory synchronization
Setup

Get Started in Minutes

Follow these simple steps to integrate TigerAccess with your PingIdentity infrastructure.

1

Configure SAML in PingFederate

Create a SAML 2.0 service provider connection in PingFederate for TigerAccess with appropriate attribute mapping.

# SAML Configuration
Entity ID: https://tigeraccess.example.com/saml/metadata
ACS URL: https://tigeraccess.example.com/saml/acs
Single Logout URL: https://tigeraccess.example.com/saml/slo

# Required Attributes:
- email (required)
- name (required)
- groups (optional)
- department (optional)
2

Add PingIdentity Connector

Configure the PingIdentity SAML connector in TigerAccess with your IdP metadata and attribute mappings.

tacctl sso add pingidentity \
  --type=saml \
  --entity-id=https://sso.pingidentity.com/idp \
  --sso-url=https://sso.pingidentity.com/idp/SSO.saml2 \
  --cert-path=/path/to/ping-cert.pem \
  --attribute-email=email \
  --attribute-username=name \
  --attribute-groups=groups
3

Enable SCIM Provisioning

Configure SCIM provisioning in PingOne to automatically sync users and groups to TigerAccess.

# SCIM Endpoint Configuration
SCIM Base URL: https://tigeraccess.example.com/scim/v2
Authentication: Bearer Token

# Create API token in TigerAccess
tacctl tokens add scim-provisioning \
  --type=provisioning \
  --scopes=scim:read,scim:write \
  --expires=never

# Configure in PingOne:
# 1. Add SCIM application
# 2. Enter SCIM endpoint and token
# 3. Map user/group attributes
# 4. Enable provisioning
Use Cases

Real-World PingIdentity Scenarios

Enterprise SSO Deployment

Leverage existing PingFederate infrastructure to provide seamless SSO to all privileged infrastructure access with centralized authentication and authorization.

Adaptive Authentication

Implement risk-based access controls using PingID adaptive MFA, requiring additional verification for high-risk access requests or unusual behavior patterns.

Automated User Provisioning

Synchronize users and groups from PingDirectory with SCIM provisioning, automatically granting and revoking access based on organizational changes.

Multi-Cloud Identity

Use PingOne as a centralized identity provider across multiple cloud environments, providing consistent authentication and authorization policies.

FAQ

Frequently Asked Questions

Does TigerAccess support both PingFederate and PingOne?

Yes. TigerAccess supports integration with both PingFederate (on-premises/hybrid) and PingOne (cloud) through SAML 2.0 and OIDC protocols. You can use either solution as your identity provider for SSO.

How does adaptive MFA work with PingID?

TigerAccess can trigger PingID adaptive MFA based on risk factors like user location, device trust, time of access, and resource sensitivity. When high-risk access is detected, users are automatically prompted for additional verification through PingID mobile app, SMS, or other configured methods.

Can I use PingDirectory as the user source?

Yes. TigerAccess can synchronize users and groups from PingDirectory using SCIM 2.0 provisioning or LDAP sync. This ensures that your infrastructure access control stays in sync with your authoritative directory source.

What happens if PingIdentity is unavailable?

TigerAccess caches authentication state and can continue to issue short-lived certificates for active sessions even if PingIdentity becomes temporarily unavailable. New logins will require PingIdentity to be available, ensuring security while maintaining operational resilience.

How are groups and roles mapped from PingIdentity?

TigerAccess can map SAML attributes or SCIM groups from PingIdentity to internal roles. You can configure flexible mapping rules to automatically grant appropriate access based on group membership, department, or custom attributes from your PingIdentity deployment.

Ready to Secure Your Infrastructure?

Join thousands of security-conscious teams using TigerAccess to protect their critical infrastructure and AI agents.

Start Free TrialContact Sales

No credit card required • 14-day free trial • Enterprise support available