In light of the recent integration of ForgeRock into Ping Identity, The Cyber Hut has received numerous inquiry calls regarding potential integrations, feature overlap, next steps and existing deployment advice with respect to the merger.
It is a topic we have covered in several episodes of The Week in Identity podcast over recent months:
| Episode 37 | Community feedback and discussion; customer advice |
| Episode 36 | Public announcement of deal complete – what is means for the market |
| Episode 13 | Thoma Bravo announce intention to acquire – first thoughts |
To that end, we’re making available a basic feature comparison matrix that highlights the basic capabilities each vendor has in each of the main identity areas of B2E and B2C. This matrix was compiled using publicly available references with peer review by those who have implemented ForgeRock or Ping technologies in the last 3 years.
Note this is not a comment on the strength of said features, but more to highlight existing go to market strategies.
B2E Workforce:
| Identity Type | Capability | ForgeRock | Ping Identity |
| B2E Workforce | Identity Life Cycle Management | IDM. Homegrown solution focused on data connectivity. | |
| B2E Workforce | Identity Storage | ForgeRock Directory Services. Based on the OpenDS project from Sun. | Ping Directory and Directory Proxy. |
| B2E Workforce | Identity Governance and Administration | AI lead aspect for permissions analysis. known as Autonomous Identity. Based on technology developed by Accenture. Access request/review component known as ForgeRock IGA. | Partner with likes of Sailpoint or You Attest. |
| B2E Workforce | Authentication | Falls under ForgeRock Access Management. Previously OpenAM (OpenSSO) from Sun Microsystems. Broad array of modular options | Ping Authentication Authority. Out of the box modules and policies that powers SSO |
| B2E Workforce | Multi Factor Authentication | Falls under ForgeRock Access Management. Previously OpenAM (OpenSSO) from Sun Microsystems. Push notifications, HOTP, OTP and numerous strong auth partners via Trust Network | Numerous OOTB integrations for Ping MFA (OTP, Push, FIDO2). Also partner with likes of Yubico. |
| B2E Workforce | Passwordless | Falls under ForgeRock Access Management. Previously OpenAM (OpenSSO) from Sun Microsystems. Push notifications, HOTP, OTP, WebAuth native support. Plus partners | Ping Zero marketing. Leverage FIDO2, device and risk analysis. |
| B2E Workforce | Biometric Authentication | Falls under ForgeRock Access Management. Previously OpenAM (OpenSSO) from Sun Microsystems. Mobile lead capabilities. Specialist biometry via Trust Network partners | Numerous OOTB integrations for Ping MFA (OTP, Push, FIDO2). Also partner with likes of Yubico. |
| B2E Workforce | Authorization | Falls under ForgeRock Access Management. Policy based access with agent and API lead enforcement. | Ping Dynamic Authorization Powered by acquisition of Symphonic software in 2020 |
| B2E Workforce | Authorization Enforcement | Policy agents, Identity Gateway and native APIs | Integration with third party gateways. |
| B2E Workforce | Federation SAML | Falls under ForgeRock Access Management. SAML provider/relying partner support | Ping Federate historic product. Multi-function |
| B2E Workforce | Federation OAuth2/OIDC | Falls under ForgeRock Access Management. OAuth2 provider/relying party support. Many profiles/extensions. | Via Ping Federate as OAuth2 provider |
| B2E Workforce | Gateway | Lightweight reverse proxy called ForgeRock Identity Gateway | Integration with third party gateways. Also have API Security Enforcer. AI based analysis (based on Elastic Beam acquisition in 2018?) |
| B2E Workforce | Connectors | Identity Connector Framework. Small yet powerful collection | |
| B2E Workforce | SDK | iOS, Android and JavaScript. Primarily for authentication integration. | API Toolkit Ping One (cloud) mobile native SDKs. |
| B2E Workforce | Mobile App | Basic app for Android (100k downloads) and IoS | Basic app for Android (5M downloads) and iOS |
| B2E Workforce | Single Sign On | Falls under ForgeRock Access Management | Ping SSO with range of SAML/OAuth2 capabilitites and session management |
B2C Customer:
| Identity Type | Capability | ForgeRock | Ping Identity |
| B2C Customer | Identity Proofing | Partner network | Native via Ping Verification service. |
| B2C Customer | Fraud / ATO | ForgeRock Autonomous Access. Organic development of AI/ML activity analysis | Ping Protect |
| B2C Customer | Registration / Progressive Profiling | Via ForgeRock IDM integrated with Intelligent Access | Modular components (see fraud, verification and DaVinci orchestration). Dedicated microsite. |
| B2C Customer | Multi Factor Authentication | Falls under ForgeRock Access Management. Previously OpenAM (OpenSSO) from Sun Microsystems. Push notifications, HOTP, OTP and numerous strong auth partners via Trust Network | Modular components (see fraud, verification and DaVinci orchestration). Dedicated microsite. |
| B2C Customer | Passwordless | Falls under ForgeRock Access Management. Previously OpenAM (OpenSSO) from Sun Microsystems. Push notifications, HOTP, OTP, WebAuth native support. Plus partners | Modular components (see fraud, verification and DaVinci orchestration). Dedicated microsite. |
| B2C Customer | Biometrics | Falls under ForgeRock Access Management. Previously OpenAM (OpenSSO) from Sun Microsystems. Mobile lead capabilities. Specialist biometry via Trust Network partners | Modular components (see fraud, verification and DaVinci orchestration). Dedicated microsite. |
| B2C Customer | BYOI | Via ForgeRock IDM integrated with Intelligent Access | Modular components (see fraud, verification and DaVinci orchestration). Dedicated microsite. |
| B2C Customer | Privacy Preservation | Partner for vaulting and encryption. Support for UMA for consent and data sharing. Soverienty via directory. | Privacy microsite. Modular cpaabilties. Storage via Unbound acquisition. OAuth2 sharing. Consent capture |
| B2C Customer | IoT Integration | OAuth2 Device Flow support. Some edge SDK capabilities. | |
Other:
| Identity Type | Capability | ForgeRock | Ping Identity |
| General | Orchestration | Historically known as Authentication Trees, Intelligent Access, Orchestration Trees. | Ping DaVinci (via acquisition of Singular Key in 2021) |
| General | Deployment | On-prem and more recently cloud. Cloud is same on-prem components, containerized and hosted by ForgeRock. | Ping One is cloud model for B2E and B2C |
| General | Scale | Known for large multi-million storage of identities. Transactions per second for authZ/authN 1000+ | SEC Filings refer to mid-market focus with more repeatable project focus. |
| General | Other | IoT. Open Banking / PSD2 | 7 acquistions since 2016 |
Please contact us for any corrections of comments.