This week I’m travelling to Washington, D.C., for Identiverse 2019, the identity management conference put on by Ping Identity. It’s really an industry-wide show—just about everybody is here, including plenty of vendors that could be considered their competitors. Either way, given that EUC has been bending towards identity management, it’s a good place to be this week.
(This article was originally published on Tuesday, June 25, and updated on Wednesday, June 26th.)
What’s here at Identiverse
Identiverse has plenty of sessions on all the EUC topics we’re interested in, like federating to SaaS and web apps with SAML, and making conditional access and zero trust work.
But in addition, there are a lot of other topics on the agenda, like decentralized ID and BlockChain; identity for APIs, IoT, and other situations where a user isn’t involved; customer identity management; FIDO and authentication and verification; and open banking. This is also a show where you can meet the people that help define the standards and protocols that we all use.
I’m interested in all of these topics, because invariably some of them will affect EUC in the future. Ever since the first wave of IT consumerization, part of our mission at BrianMadden.com has been to keep an eye on disruptive technology heard our way.
On the more practical front, now is the time to be figuring out how to bring technologies like FIDO and WebAuthn into EUC. And, of course, we’re only a few weeks removed from Apple WWDC, so SSO Extensions, Sign In with Apple, and User Enrollment are going to be the talk of the hallway track.
Ping news at Identiverse
Ping Identity is starting out the show with a couple of announcements.
Last week, they announced an integration with Iovation, a product that can identify devices associated with fraudulent activity.
On Tuesday, Ping announced a bunch of upgrades to PingOne for Customers (their product for customer identity management), including an SDK for doing push-based MFA in third-party apps; support for social logins via Facebook; more flexible federation options; and a new EU datacenter.
Wednesday news at Identiverse
Ping made some more enterprise-focused announcements on Wednesday, covering updates to PingID, their MFA product. PingID now supports impossible travel detection; IP reputation policies; Windows Hello as a FIDO mechanism (with facial, fingerprint, or hardware security key authentication); and more administrative policies.
Another interesting announcement came from the FIDO Alliance. FIDO is having a big year, with the adoption of WebAuthn, many more FIDO-certified devices, and widespread recognition of just how fishing-resistant it is. On Wednesday at Identiverse, the FIDO Alliance announced two new initiatives, the Identity Verification & Binding Working Group and the IoT Technical Working Group. Identity verification will help with things like account recovery when a user has lost their enrolled FIDO credential. The FIDO Alliance described example techniques such as using a photo of a government-issued ID and a photo of the user for verification. The end result could help enable accounts that don’t involve any shared secrets at all, a desire that Kyle happened to write about the very same day as the announcement.
Questions I’ll be asking during Identiverse
The last time we wrote about Ping Identity was during Citrix Synergy, when Citrix announced integration between Citrix Workspace and Ping Identity.
One thing that’s been on my mind is the interplay between unified endpoint management platforms and identity management products. As I wrote, the question is When you have both IDaaS and UEM, where do you build your conditional access policies? In this case, Citrix laid out the integration in a blog post, saying:
“At the time of the user login, Ping as the authenticator will communicate with Citrix Analytics to identify the user risk profile and then enforce appropriate authentication policy such as a step up multi-factor authentication (MFA) to grant access to ‘risky’ users and rules to restrict usage of sensitive resources based on activities.”
This is just one example of the many integrations that Ping and many others will be doing over the course of transitioning the enterprise to a zero trust and conditional access world. There will be a lot more to talk about and do here.
Another big topic in the industry and question for Ping is machine learning for user behavior analytics. Ping talked about this at Ping Identify 2018, a smaller customer-centric conference that Kyle covered last October. At the time, they indicated that there would be more of this in their roadmap.
I’ll update this post with any additional announcements during the week, and follow up next week with more of my notes, impressions, and ideas. If you’re at the show, come find me and say hello.
Update: Read more about the show in What I learned about identity management at Identiverse 2019.