Edge Security

Use the Edge Security module to integrate web applications, APIs, microservices, Internet of Things devices, and cloud-based services with the Ping Identity Platform.

Edge Security module:

Edge Security (PingGateway)

Dependencies

The Edge Security module is not dependent upon any other modules.

Edge Security (PingGateway) module

PingGateway helps you integrate web applications, APIs, and microservices with the Ping Identity Platform, without modifying the application or the container where it runs. Based on reverse proxy architecture, it enforces security and access control in conjunction with the PingAM modules.

PingGateway software provides the following capabilities:

Protection for IoT services, microservices, and APIs
Policy enforcement
Adaptable throttling, monitoring, and auditing
Secure token transformation
Support for identity standards such as OAuth 2.0, OpenID Connect, SAML 2.0, and UMA 2.0
Password capture and replay
Rapid prototyping

Required modules: none.

Feature	Description	Documentation
Studio	User interface for rapid development and prototyping.	Studio guide
Single sign-on	Single sign-on in a single domain and across domains.	Single sign-on and Cross-domain single sign-on
Password replay	Secure replay of credentials to legacy applications or APIs.	Password replay from AM, Password replay from a database, and Password replay from a file
Policy enforcement	Enforcement of centralized authorization policies for applications requiring PingAM.	Enforce policy decisions from AM and Harden authorization with advice from AM
Federation	OpenID Connect 1.0.	OpenID Connect
OAuth 2.0.	IG as an OAuth 2.0 client and IG as an OAuth 2.0 resource server
SAML 2.0.	SAML
SAML resources for mobile applications.	Transform OpenID Connect ID tokens into SAML assertions
Finance APIs	Support for OAuth 2.0 Mutual TLS and Financial-Grade APIs.	Validate certificate-bound access tokens and FapiInteractionIdFilter
WebSocket protocol	Detection of requests to upgrade from HTTPS to the WebSocket protocol, and creation of a secure, dedicated tunnel to send and receive WebSocket traffic.	WebSocket traffic
Throttling	Throttling to limit access to protected applications.	Throttling
UMA resource server	Protection for resources and services according to the UMA 2.0 standard.	UMA support
DevOps tooling	Deployment of basic and customized configurations through Docker.	Deployment guide
Integration with Advanced Identity Cloud	Protection and integration of APIs and applications with PingOne Advanced Identity Cloud for authentication and authorization.	Identity Cloud guide
Microgateway	PingGateway standalone deployed as a microgateway, securing microservices with OAuth 2.0.	PingGateway as a microgateway
Token Validation Microservice	Platform satellite for introspection of stateful and stateless OAuth 2.0 access tokens.	Token Validation Microservice User Guide

Feature

Description

Documentation

Studio

User interface for rapid development and prototyping.

Studio guide

Single sign-on

Single sign-on in a single domain and across domains.

Single sign-on and Cross-domain single sign-on

Password replay

Secure replay of credentials to legacy applications or APIs.

Password replay from AM, Password replay from a database, and Password replay from a file

Policy enforcement

Enforcement of centralized authorization policies for applications requiring PingAM.

Enforce policy decisions from AM and Harden authorization with advice from AM

Federation

OpenID Connect 1.0.

OpenID Connect

OAuth 2.0.

IG as an OAuth 2.0 client and IG as an OAuth 2.0 resource server

SAML 2.0.

SAML

SAML resources for mobile applications.

Transform OpenID Connect ID tokens into SAML assertions

Finance APIs

Support for OAuth 2.0 Mutual TLS and Financial-Grade APIs.

Validate certificate-bound access tokens and FapiInteractionIdFilter

WebSocket protocol

Detection of requests to upgrade from HTTPS to the WebSocket protocol, and creation of a secure, dedicated tunnel to send and receive WebSocket traffic.

WebSocket traffic

Throttling

Throttling to limit access to protected applications.

Throttling

UMA resource server

Protection for resources and services according to the UMA 2.0 standard.

UMA support

DevOps tooling

Deployment of basic and customized configurations through Docker.

Deployment guide

Integration with Advanced Identity Cloud

Protection and integration of APIs and applications with PingOne Advanced Identity Cloud for authentication and authorization.