Overview
Ping Identity provides a hybrid identity platform spanning the PingOne cloud service and the long-standing PingFederate, PingAccess, and PingDirectory on-premises products. Following Thoma Bravo's 2022 take-private and the 2023 ForgeRock acquisition, Ping is positioned as the principal enterprise alternative to Microsoft Entra ID and Okta for organisations that require deep federation, customer identity at scale, and the ability to run identity services in their own infrastructure or VPC.
Ping is the default choice for banks, insurers, and government agencies that already run PingFederate for SAML and OIDC federation and need a managed cloud overlay. The PingOne service offers SSO, MFA, risk evaluation, and identity verification, while PingOne Advanced Identity Cloud (the former ForgeRock platform) targets very large CIAM deployments. The platform is commonly chosen when other suites cannot meet data residency, customisation, or transaction-volume requirements.
Key Features
- PingFederate SAML, OIDC, OAuth, and WS-Fed federation server
- PingOne cloud SSO and MFA delivered as multi-tenant SaaS
- PingID adaptive MFA with risk policies and device posture
- PingDirectory high-performance LDAP and SCIM directory
- PingAccess web access gateway for header-based and API authentication
- PingOne DaVinci no-code orchestration for identity journeys
- PingOne Verify identity proofing with document and biometric checks
- PingOne Fraud behavioural risk detection
- PingOne Authorize policy decision point for dynamic authorisation
- PingOne Advanced Identity Cloud (formerly ForgeRock) for large CIAM
- Self-hosted, single-tenant cloud, and multi-tenant cloud deployment options
- FIDO2 passkey and certificate-based authentication
Pricing
| Edition | Model | Typical Cost |
|---|---|---|
| PingOne for Workforce Essential | Per user / month | $3 (5,000-user minimum) |
| PingOne for Workforce Plus | Per user / month | $6 |
| PingOne for Customers | Annual subscription | From $35K / year (MAU-based) |
| PingFederate self-hosted | Annual licence | Custom quote |
Pricing verified from pingidentity.com May 2026. Workforce SKUs require an annual contract with a 5,000-user minimum on Essential. Customer identity pricing is based on monthly active users and selected modules.
Strengths
- Deepest federation feature set in the market; PingFederate is widely embedded in financial services
- Hybrid deployment model supports on-premises, single-tenant cloud, and multi-tenant cloud
- PingOne DaVinci provides a no-code orchestration layer that is among the best for complex identity journeys
- Combined with ForgeRock, Ping now covers the largest CIAM deployments in banking and telecom
- Strong support for regulated industries with FedRAMP and FAPI compliance
Limitations
- Pre-built SSO app catalogue is smaller than Okta's, requiring more custom federation work
- Pricing model is opaque and minimums make Ping unsuitable for organisations under 1,000 users
- Integration between PingOne and the former ForgeRock platform is still in progress as of 2026
- Implementation typically requires Ping-certified consultants, increasing total cost of ownership
- Administrative UX is split across several consoles (PingOne, PingFederate admin, ForgeRock console)