Microsoft, Ping Identity Team Up for Remote Access to Legacy Apps

The two companies are extending Azure Active Directory's user identity and access capabilities to on-premises web applications.

Microsoft, Ping collaboration

Microsoft and Ping Identity on Sept. 14 announced a new collaboration that will soon allow Azure Active Directory (AD) customers to stretch the cloud-based user identity and access management platform's reach into their legacy web application environments.

Dubbed PingAccess for Azure AD, the solution uses Azure Active Directory's (AD) Application Proxy technology and the PingAccess identity-based access control platform to provide secure, cloud-based remote access and single sign-on capabilities to legacy web applications. The Azure AD Application Proxy already offers similar functionality to standards-based applications that businesses host locally, but the new integration extends it to non-standards-based applications that employ web access management systems or header-based authentication to govern access.

"This collaboration brings together two leaders in Identity to expedite enterprises' digital transformation, and the way they connect users to mobile, web, on-prem and IoT apps," Andre Durand, CEO and founder of Ping Identity, said in a statement. "Ping uniquely provides Microsoft Azure AD customers with the ability to configure web single sign-on directly within their control panel."

Andrew Conway, general manager of product marketing at Microsoft Enterprise Mobility and Security, told eWEEK the solution fills a gap that many customers have been encountering. Although Azure AD provides secure single sign-on for more than 3,000 software-as-a-service (SaaS) applications, which "was great for applications that live in the cloud," organizations were "still using legacy apps that customers weren't able to bring to this cloud control point," he said.

Integrating PingAccess with Azure AD not only opens the platform up to a "broader spectrum of on-premises web apps," but it also can help organizations enhance application security, added Conway.

Arguing that in an age of blended app environments (cloud and traditional) existing approaches like "firewalls, VPNs and inspecting on-premises network traffic is no longer enough," he said. Azure AD's built-in security capabilities can provide practically all types of web apps with many of the same protections that guard Microsoft's own enterprise cloud software and services slate.

"Now your cloud SaaS apps and your on-premises web applications can benefit from the unique machine learning-based identity protection and advanced risk-based conditional access capabilities of Azure Active Directory," Alex Simons, director of program management at Microsoft's Identity Division, stated in a Sept. 14 blog post. "Your users will be protected while they access all their apps from everywhere and every device."

The companies plan to kick off a public preview of PingAccess for Azure AD in early 2017. Currently, it is available to select customers as part of a private beta, Conway said. Azure AD Premium customers will be entitled to licenses for up to 20 applications as part of their subscriptions when the solution becomes available.

Microsoft and Ping Identity also announced Sept. 14 that PingFederate support is coming to Azure AD Connect. "By adding this kind of support into Azure AD Connect, we're going to make it super simple for our customers who use PingFederate to get up and running quickly and smoothly with Azure AD," stated Simons.

Pedro Hernandez

Pedro Hernandez

Pedro Hernandez is a contributor to eWEEK and the IT Business Edge Network, the network for technology professionals. Previously, he served as a managing editor for the network of...