Software on demand is no longer a niche area. The cat-egory is established and growing. If you are in the soft-ware business, your organization is most likely consider-ing various alternatives to take advantage of the software on demand delivery model and, for some organizations, this may be your only delivery model. User and account management is one of the least-explored aspects of on demand software delivery. However, industry trends are driving more careful consideration.

Software on Demand Identity ChallengesThe benefits of software on demand to your organization and to your customers are well-documented. Here we will explore the identity and user account management challenges that result from software on demand.

Revenue Loss from Account SharingNearly every vendor with a software on demand delivery model will tell you that the recurring revenue stream from account subscriptions is one of the most attractive aspects of the business. One of the biggest problems that software on demand providers face is revenue loss resulting from account sharing.

According to research conducted by the Information Systems Security Association, 64% of survey respondents have shared a password with a colleague. Furthermore, according to research recently conducted by Ping Identity®, a remarkable 42% of employees with access to an on demand service share access to their accounts on a regular basis.

Customer IntegrationOrganizations no longer consider software on demand to be temporary or stop-gap solutions. Customers now view these relationships as strategic. According to IDC’s Software on Demand Adoption Study, 2006, 85% of respondents indicated that integra-tion into existing application environments was an important attribute of software on demand. Another important attribute to 75% of the respondents in the IDC survey was Web services and standards support.

Strategic relationships between customers and software on demand vendors are forcing providers to develop new ways of more tightly integrating services into customers’ identity management infrastructures. Many vendors have been forced to re-factor exist-ing proprietary integration interfaces and replace them with standards-based alternatives.

Federated Identity Management for Software on Demand Vendors

1

52% of office workers polled would download company information if asked to by a friend42% would tell a friend their password64% already gave their pass-word to a colleague2 out of 3 gave their company password to the pollster!

•

•

•

•

Information Systems Security Association

85% of respondents indicated that integration into existing application environments was an important attribute of Soft-ware on Demand 75% indicated that Web ser-vices standards support was an important attribute

•

•

Software on Demand Adoption Study IDC

2

SLA ComplianceThe majority of software on demand vendors establish Service Level Agreements (SLAs) with their customers. When SLAs are not met, the vendor is required to provide custom-ers with refunds or credits. As a result, software on demand vendors must carefully assess every aspect of their technical architecture to ensure that no components present a risk to SLAs. From the bottom up, the technical architecture, including the identity architecture, should support multi-tenancy, high availability and reliability.

Extending User Identities to Aggregated ServicesMany on demand services are comprised of aggregated Web services that span multiple service providers. Users must experience a seamless transition as they navigate through your on demand service. Securely sharing user information over the Internet amongst all the service providers is imperative.

Identity Management Suites Not Suited for On DemandMany of the Identity Management platforms available from software vendors like IBM, Oracle, CA, Sun, and RSA Security include some embedded Identity Federation capabilities. Most software on demand vendors have identity management capabilities that are tightly integrated into their on demand applications. Identity management suites are designed for managing employee accounts, contain a significant amount of unneeded functionality and are not designed for multi-tenancy or many of the other specialized requirements that are unique to software on demand vendors.

Homegrown and Open Source Alternatives Don’t Stack UpSome software on demand vendors have gone down the path of developing a proprietary solution for Web single sign-on or have relied on open source solutions. While a proprietary approach may have been necessary in the past, Web single sign-on standards like SAML 2 and WS-Federation are sufficiently mature that your customers will no longer accept a proprietary solution. Furthermore, with homegrown solutions, there is no way to test for conformance or standards-compliance.

Another approach to providing standards-based Web single sign-on is to develop an implementation of an open source toolkit. Here again, the particular needs of software on demand vendors are not accounted for in the fundamental design of these toolkits. A significant level of effort is required to adapt an open source project to meet your needs. Further, many organizations find that their deployments are not standards-compliant as a result of misinterpreting the complex specifications during the development process.

PingFederate® for Software on DemandFederated Identity Management addresses a number of needs shared by software on demand vendors. Providing Federated Identity Management capabilities like Web single sign-on and Web service single sign-on provides better user experiences, increases revenue assurance and establishes long-lasting relationships with customer organizations.

Reduce Account SharingFederated Identity Management capabilities like Web single sign-on reduces the op-portunities for users to manually log into your on demand service. As a result it becomes nearly impossible for users to share their account information with unauthorized colleagues. Users that require access to your on demand service must have new accounts established.

“We were looking for the smallest impact without requiring significant investment in our infrastructure. A lot of the solutions that we ended up looking at were full identity management systems when really we were looking for the best-of-breed SAML implementation.”

“We recognized early on that this wasn’t going to be the only client that was going to need federated identity, so immediately we said, ‘Who’s going to be a partner that can expand and grow with us as our business grows?’ Now we’re looking at two or three other clients that we’re bringing on board using this exact same federated identity solution from Ping Identity.”

Gary Pianosi Oracle Corporation

Andy Michaelis Allscripts Healthcare Systems

3

Increase Customer IntegrationYour customers made a strategic decision when they decided to subscribe to your service. Most organizations have implemented a centralized portal to provide access to enterprise systems. On premise enterprise software has been integrated to these portals to reduce user authentication requirements and increase worker productivity. Using identity federation standards like SAML and WS-Federation for Federated Web single sign-on, you can provide the same quality of service to your customers and their users. Adoption of these standards for Federated Identity Management has eliminated the need and desire to rely on proprietary mechanisms for sharing user identity information.

Extending User Identities to Aggregated ServicesThe combination of PingFederate and PingTrust™ provides a modular suite of federated identity management capabilities that result in the ability to extend user accounts to aggregated Web services. User identities and attributes can be securely transmitted to aggregated Web service providers to provide users with a rich and seamless experience as they traverse aggregated functionality. As an on demand service provider you will benefit from the ability to negotiate service models with aggregated providers that are based on discrete user transactions.

PingFederate

Software On Demand

Provider

Multi-Tenant Support

ClientContentPartner

Web Service Partner

On DemandApplication

Client

Client

Enterprise Identity Federation Without the OverheadPingFederate is designed from the ground up for high-availability and multi-tenant environments. PingFederate deployments can be configured in LAN and WAN clusters to deliver a highly reliable architecture. Virtualization capabilities enable integration with multiple identity sources from a single deployment.

PingFederate enables you to provide your customers with a best-in-class standards-based solution for Federated Web single sign-on without the investment in an enterprise identity management suite and without the risk of developing your own solution using open source toolkits. PingFederate is designed for multi-tenancy, high availability and ease-of-administration while maintaining a strict adherence to industry standards for federated identity management.

4

About Ping Identity CorporationPing Identity is uniquely dedicated to delivering Internet Identity Management software and services that are transforming how organizations work with employees, customers and business partners. Our open and flexible approach offers best-of-breed software complemented with best-in-class service that exceeds the ever-expanding needs of customers like Boeing, Comcast, E*TRADE, New York Life and the US Department of Justice.

For More Information +1 877.898.2905 | +1 303.468.2882 | www.pingidentity.com | sales@pingidentity.com

© 2007 Ping Identity Corporation. All Rights Reserved. Ping Identity, PingFederate, PingTrust, PingLogin and the Ping Identity logo are registered trademarks or trademarks of Ping Identity Corporation. All other trademarks or registered trademarks are the properties of their respective owners. 040107