Ping Identity

Identity/IAM Visit website →
Best for: Enterprises needing flexible identity deployment options with strong hybrid and API security capabilities
Pricing: Contact for pricing

What Ping Identity actually does

PingOne is the cloud platform encompassing SSO, MFA, directory, and API intelligence. PingFederate is the enterprise federation server that handles complex SAML, OIDC, and OAuth deployments — still the product that wins deals in environments with hundreds of federated connections.

Following the ForgeRock merger, Ping now offers PingOne Advanced Identity Cloud (the ForgeRock Identity Cloud rebrand) for CIAM and complex identity orchestration. PingAccess manages API and web application access. PingDirectory is a high-performance LDAP directory that scales to hundreds of millions of entries.

The combined Ping/ForgeRock portfolio is the most complete enterprise identity platform outside of Microsoft. It handles workforce identity, customer identity, API security, and directory services with deployment flexibility — cloud, hybrid, or fully on-prem.

Who it’s best for

  • Large enterprises with complex federation requirements across hundreds of partners
  • Organizations needing on-prem or hybrid identity deployment that Okta can’t satisfy
  • Companies building customer identity experiences that need deep customization beyond Auth0
  • API-heavy architectures needing integrated identity and API access management
  • Financial services and healthcare organizations with strict data residency requirements

Pricing reality check

Ping pricing varies significantly by product and deployment. PingOne cloud services start around $3-5/user/month for basic SSO, scaling with advanced features. PingFederate on-prem is licensed by connection or transaction volume. Enterprise agreements bundling multiple products typically run mid-six to low-seven figures annually.

The ForgeRock merger has created pricing complexity. Legacy ForgeRock customers and legacy Ping customers may be on different models. New customers should push for PingOne platform pricing across the full suite. Professional services for PingFederate deployments are often significant — the product is powerful but configuration-heavy.

Alternatives to consider

  • Okta — Simpler to deploy. Broader SaaS integration catalog. Cloud-only, which is a limitation for some.
  • Microsoft Entra ID — Bundled with M365. Good enough for many enterprises. Weaker in CIAM and API security.
  • Auth0 — Developer-friendly CIAM. Now part of Okta. Simpler but less enterprise flexibility.
  • IBM Security Verify — Enterprise identity with on-prem options. Stronger in mainframe and legacy environments.

The Charting Cyber take

Ping Identity is the right choice when Okta’s cloud-only model doesn’t work or when your identity requirements are genuinely complex. Large banks, healthcare systems, and government agencies with strict deployment requirements, massive federation needs, or deep CIAM customization — this is Ping’s sweet spot.

For most mid-market organizations with standard SaaS-heavy environments, Okta is simpler and faster to deploy. Don’t buy Ping because you think you’ll need the complexity — buy it when you actually need it. The ForgeRock acquisition strengthened the CIAM story considerably, but the integration is still ongoing. Ask pointed questions about product roadmap and which products are getting investment versus maintenance.

Get a quote for Ping Identity

Related vendors

1Password
Organizations that need a password manager employees will actually use, with solid developer secrets management bolted on.
Identity/IAM
Attivo Networks (SentinelOne)
Enterprises dealing with identity-based attacks and lateral movement that want deception-based detection layered into their endpoint security.
Identity/IAMMDR/MSSP
BeyondTrust
Organizations needing PAM, endpoint privilege management, and secure remote access in one vendor
Identity/IAMPAM