A company with a radical -- and radically simple -- way to deal with identity management and single sign-on is betting on the smartphone as a replacement for everything from passwords to token fobs.
Ping Identity's PingID allows enterprise users' smartphone to be a second- or even a single-factor authentication device. When authentication is needed, a one-time token is transmitted to the device, and users swipe the display with a finger as if unlocking it.
Normally, this might be deployed as a cloud service, but PingID can be implemented either through Ping Identity's own cloud services or as an on-premise application. The provided SDK includes connectors for many common enterprise apps -- Oracle, SAP, Siteminder, and Citrix among them -- but it's also designed to allow apps to be connected to it via REST calls. Pricing for the system is $3 per user per month (although a spokesperson for the company says "pricing is also a function of what products a customer is subscribing to").
To Andre Durand, chairman and CEO of Ping Identity, enterprises are not like small businesses when it comes to handling identity. Based on his experience with Ping Identity's existing enterprise customer base, they are not willing to outsource single sign-on to a cloud provider, as small businesses are.
"At the end of the day," said Durand in a phone conference, "identity is more than an app. It's an infrastructure."
Other initiatives have endeavored to reduce identity management to as few moving parts as possible. Okta, an Andreessen Horowitz-backed startup, provides a cloud-based identity service to integrate with various other services, such as Salesforce.com. But in a conversation late last year with InfoWorld's Eric Knorr, the company didn't hint at anything like Ping Identity's smartphone solution on the way.
Ping Identity also wants to stand out by being a supporter and user of open standards, in particular OAuth and OpenID Connect, upon which much of PingID is built. "We believe open standards are the only way to truly scale identity to Internet scale," Durand said. "We simply can't do it with a proprietary protocol or infrastructure."
Ping Identity currently doesn't have the brand-name recognition of, say, RSA -- a familiar presences for those who have carried its number-generating fobs on a keychain -- but claims to have made significant inroads into enterprises. Durand states the company currently serves around 1,200 enterprises, including 50 of the Fortune 100. And InfoWorld's Andrew C. Oliver has mentioned the company's PingOne service as a possible escape from the looming cloud identity crisis, where enterprises using disparate cloud services have to either cobble together a single-sign-on solution for all of them or turn to a third party.
One possible obstacle for PingID is platform support. iOS and Android are supported out of the box, but BlackBerry, Windows Phone, and other platforms are currently only supported via SMS. If the idea proves anywhere nearly as seamless and useful in execution as it does in theory, full support for Blackberry users seems mandatory.
This story, "Ping Identity wants to replace sign-ons with smartphones," was originally published at InfoWorld.com. Get the first word on what the important tech news really means with the InfoWorld Tech Watch blog. For the latest developments in business technology news, follow InfoWorld.com on Twitter.