Ping Identity Tuesday added to its tools for supporting single sign-on to online services by acquiring appliance-based technology from Sxip Identity for integrating hosted applications and corporate directories.
The Access appliance, which itself can run as a hosted service (Workgroup Edition) or within corporate firewalls, lets users integrate their corporate directories with applications running in the cloud.
When a user is added to the corporate directory, Access detects the change and provisions the user for the service. It also works in reverse; when the user is deleted from the directory, Access deprovisions the user.
Sxip uses something it calls “delegated authentication,” which essentially relies on the corporate network to provide credentials and be the authoritative source for user access control.
Salesforce.com and Google were Sxip’s two largest customers, using the Access appliance to secure their CRM and Apps applications, respectively.
There is some overlap in the product lines of the two companies in that Ping Federate has a Salesforce.com adapter for providing users with single sign-on using their corporate log-on credentials. But Ping had not developed major provisioning and deprovisioning capabilities in its platform.
“Sxip had done some good work on provisioning, deprovisioning we had not gotten to so that will accelerate [our efforts],” said Andre Durand, CEO of Ping. “Sxip’s hosted model, its feature set and its appliance form factor will also help accelerate our learning on those three things.”
Durand said Ping is working out a roadmap for its product portfolio, but he added that it is now apparent where Ping stands.
“It is crystal clear that when it comes to enterprise adoption of single sign-on and provisioning/deprovisioning of services we are it,” he said.
The goal is to help users build a platform for identity federation, which lets companies share user authentication across security boundaries, including their own corporate divisions or those of partners.
Like Ping Federate, Sxip Access supports the use of tokens based on the Security Assertion Markup Language (SAML).
Experts say the model is advantageous for companies because they can provide credentials in the form of a SAML token, which means a user’s true corporate authentication/authorization credentials never move outside the firewall.
In the acquisition, Ping gets all the intellectual property, existing customer support agreements and employees around the Access product.
Ping plans to open a Vancouver office to house the former Access development team.
Ping has nearly 200 enterprise customers and staff across the United States and Europe. The Sxip acquisition brings approximately 25 additional customers.