Identity Security for the Digital Enterprise
Grade: A — Score: 95/100
The Ping Identity Platform offers unmatched flexibility, resilience, and security to meet your most demanding identity challenges. With advanced capabilities, it integrates seamlessly into existing technology stacks, ensuring that identity management is both efficient and effective.
Designed for ease of use, the platform allows organizations to orchestrate identity journeys through a no-code, drag-and-drop interface, enabling quick adaptation to changing business needs. This workflow-centric approach empowers teams to focus on innovation while maintaining robust security protocols.
In an era where cyber threats are increasingly sophisticated, Ping Identity helps organizations mitigate risks associated with identity management. By leveraging built-in intelligence and advanced fraud prevention measures, businesses can protect their digital assets and enhance user trust.
PingOne for Workforce Essential: $3/user (annual contract, 5,000 user minimum)
PingOne for Workforce Plus: $6/user (annual contract, 5,000 user minimum)
PingOne for Customers Essential: Starting at $35,000/year
PingOne for Customers Plus: Starting at $50,000/year
Consider switching to Okta: Okta is a well-known competitor in the IAM space, offering similar features and services.
Ping Identity and Okta are the two most commonly compared enterprise IAM platforms. Ping differentiates with flexible deployment options (cloud, on-premises via PingFederate, or hybrid), no-code orchestration through PingOne DaVinci (350+ connectors), and deeper support for complex B2B and government use cases. Okta is cloud-only, has a larger pre-built app integration catalog (7,000+ apps), and is generally considered faster to deploy for SaaS-first organizations. After absorbing ForgeRock in 2023, Ping added identity governance and lifecycle management capabilities that close the feature gap with Okta's Auth0-powered CIAM offering.
Private equity firm Thoma Bravo acquired Ping Identity for approximately $2.8 billion in October 2022, then completed its $2.3 billion acquisition of ForgeRock in August 2023 and merged ForgeRock into Ping Identity. The combined company operates under the Ping Identity brand with about 2,000 employees. Ping CEO Andre Durand has stated that core products from both companies will continue to be supported. ForgeRock Identity Cloud was renamed PingOne Advanced Identity Cloud, and ForgeRock's identity governance and lifecycle management capabilities are now available to Ping customers.
Yes. Ping offers four deployment models: multi-tenant SaaS (PingOne cloud), single-tenant SaaS (PingOne Advanced Identity Cloud), self-managed software (PingFederate, PingDirectory, PingAccess for on-premises or private cloud), and hybrid configurations that combine cloud services with on-premises components. This flexibility is a key differentiator over cloud-only competitors like Okta, and is particularly important for regulated industries that require on-premises identity infrastructure for compliance or data residency reasons.
PingOne DaVinci is Ping's no-code identity orchestration engine. It provides a visual drag-and-drop canvas where teams design identity journeys (registration, authentication, step-up MFA, account recovery) by connecting pre-built connectors and flow templates. DaVinci integrates over 350 connectors and 6,500+ orchestrated capabilities, spanning both Ping-native services and third-party tools. Every Ping pricing tier includes DaVinci for orchestrating Ping services. The full DaVinci product, which supports multi-vendor orchestration across the entire identity stack, is available as an add-on.
Ping Identity has been named a Leader in the Gartner Magic Quadrant for Access Management for nine consecutive years. It was also recognized as a Leader in the Forrester Wave for Customer Identity and Access Management (CIAM) in 2024, and a Leader in the KuppingerCole Leadership Compass for Identity Fabrics in 2025. Prior to the merger, ForgeRock was separately recognized as a Gartner Access Management Leader, meaning the combined company inherits leadership positions from both predecessor platforms.
Ping supports multiple passwordless methods including FIDO2 security keys, platform biometrics (Face ID, Touch ID, Android biometrics), mobile push notifications, and device-bound credentials. The PingOne for Customers Passwordless package provides pre-built flow templates for passwordless registration, authentication, and device enrollment via DaVinci. For workforce use cases, the Plus tier ($6/user) includes passwordless authentication with FIDO support. Ping also offers zero-knowledge biometrics through PingOne Neo, which verifies identity without transmitting biometric data to the server.
Yes. Ping sells separate editions for each use case. PingOne for Workforce (starting at $3/user) provides SSO, MFA, and directory services for employees. PingOne for Customers (starting at $35,000/year) provides CIAM capabilities including customizable registration, user profile management, consent management, and API access control. Both editions share the same PingOne DaVinci orchestration engine and PingOne Protect risk engine. Organizations can deploy both editions under a unified administration portal, making Ping one of the few IAM vendors that covers workforce, customer, and B2B identity from a single platform.
Ping has introduced Runtime Identity, a framework that treats every AI agent action as a security event requiring identity verification. The approach extends Ping's authentication and authorization controls to non-human identities, including AI agents, bots, and automated workflows. Ping's Helix AI engine provides the underlying intelligence, evaluating each interaction for anomalous behavior and assigning risk scores. This is a newer capability area for Ping, positioned alongside its existing support for machine-to-machine identity via OAuth 2.0 client credentials and API access management.