Skip to content

Enterprise Mobility + Security


Howdy folks,

Today I am thrilled to share the news that Ping Identity and Microsoft are partnering to provide secure access to on-premises web applications through the Azure AD Application Proxy and PingAccess. This partnership will expand the reach of Azure AD for customers and is a key proof point of our vision that “Identity is the new control plane.”

Branded Identity Control Plane

If you follow our blog, you know that Azure Active Directory is used by tens of thousands of enterprise customers, and millions of users to deliver secure single sign-on (SSO) to thousands of cloud SaaS applications. And you probably also know that the Azure AD Application Proxy extends cloud-based SSO and secure remote access to on-premises based web applications that support any of the key open standards (SAML, OAuth 2.0, Kerberos, etc.) based authentication methods.

Many of our customers use the Application Proxy extensively and have told us that they’d like to be able to use it with their applications that do not support these standards. That’s why we’re partnering with Ping Identity.

Ping and Microsoft

Ping Identity, a leader in on-premises identity management, has developed PingAccess, a product which is an awesome complement to the Azure AD Application Proxy. In my opinion, PingAccess is the best enterprise solution available today for managing access to all kinds of legacy applications that don’t support these open standards.

The Ping identity and Azure AD teams have worked together to integrate PingAccess and the Azure AD Application Proxy to provide SSO and secure remote access to a huge set of non-standards based on-premises web applications including those that use header-based authentication or are protected by Web Access Management (WAM) systems.

The result of this collaboration is “PingAccess for Azure AD”, which will be available in public preview in early 2017. Our Azure AD Premium customers will be able to use this solution to connect to 20 on-premises web applications at no additional cost. And for organizations that need to use it for more than 20 applications, a full license will be available from Ping.

So now your cloud SaaS apps and your on-premises web applications can benefit from the unique machine learning-based identity protection and advanced risk-based conditional access capabilities of Azure Active Directory. Your users will be protected while they access all their apps from everywhere and every device.

In addition, as part of this partnership, we will also be adding support for PingFederate into Azure AD Connect.

Every day, more and more enterprise customers are adopting Office365 and Azure AD. As that happens, we’re seeing increasing usage of PingFederate with Azure AD. Last week alone over 1.6M unique users logged into Azure AD using PingFederate. That makes it the largest 3rd party federation server or cloud service used with Azure AD at 2X the size of any other 3rd party federation provider.

By adding this kind of support into Azure AD Connect, we’re going to make it super simple for our customers who use PingFederate to get up and running quickly and smoothly with Azure AD.

(Note: Because someone is bound to ask in the comments section, for comparison, ADFS was used by 42M unique users to login to Azure AD last week, and It continues to be a key part of our overall identity story and offering.)

For more information on the partnership you can watch this video where Loren Russon, VP of product management from Ping Identity and I discuss the many customer benefits of this new partnership.

And for those of you that are going to be at Ignite, we will be demonstrating this new integration in our Azure Active Directory sessions and at our booth. Make sure to stop by and check out the demo!

If you’re one of our enterprise customers, I hope you’ll find this new partnership as exciting as we do. It’s going to make Azure AD even more powerful and useful than it already was.

And as always, we would love to receive any feedback or suggestions you have.

Best regards,

Alex Simons (Twitter: @Alex_A_Simons)

Director of Program Management

Microsoft Identity Division