This Week's Top Ping Identity Blogs

[Ping Identity]( This Week's Top Ping Identity Blogs Blog Subscription Weekly Email ‌ Hello! Here's the latest and greatest from the Ping Identity blogosphere. [How Freddie Mac Overhauled Its Workforce Identity and Access Management]( Posted: Thursday, October 1, 2020 The Federal Home Loan Mortgage Corporation, better known as Freddie Mac, is the backbone of the United States housing sector. The government-sponsored public enterprise has provided more than $10 trillion to help more than 67 million homeowners and 11 million renters establish their homes since its inception 50 years ago, fulfilling its mission to provide liquidity, stability and affordability to the U.S. housing market. Recently, the Freddie Mac identity team determined it was time to [modernize their legacy web access management (WAM)]( infrastructure. The system was nearing end of life and presented numerous security vulnerabilities that weren’t easily remedied. But given the number of resources involved and the 400+ applications that had to be migrated, the switch to a modern identity and access management (IAM) platform would be a massive undertaking. [View article]( [Access Denied: Token Revocation]( Posted: Wednesday, September 30, 2020 Have you ever had a notification about a suspicious login attempt from a digital destination you’ve never been to? Hopefully it came with the option to say it wasn’t you, allowing you to deny access to that specific place and rebuff the user trying to sneak into your account or information. If so, you probably have token revocation to thank for the security measure. Token revocation means a token is no longer able to be used for access to a protected digital place, and it’s often behind the scenes in the denying process. It’s similar to session revocation in that you’re blocking access at some level, but there’s a key difference. With session revocation, you can deny one or more sessions and still access protected information. But token revocation is more permanent because it “kills” the token that might otherwise be reused for the duration of the token’s lifetime. Tokens play a big role in OAuth 2.0, which is designed to protect resources from wandering or malicious hands by using tokens to securely authorize users. You could build your own method of verifying access tokens and get a decent way there with open source packages, but a ready-made solution—token introspection—is easy to use and gives you the ability to offload the work from the app team to the identity platform’s team. PingOne for Customers handles the messy job of building a token verification system by giving you an API endpoint that does the work for you on our backend. In this blog post, I’ll walk you through how to use token revocation in PingOne for Customers. [View article]( [Ensuring the Security, Compliance and Agility of Digital Initiatives with Dynamic Authorization]( Posted: Tuesday, September 29, 2020 Even before 2020, digital transformation initiatives were monopolizing the attention of most enterprises. Lines of business were attempting to outmaneuver the competition with experiences that would win customer loyalty and steal market share. IT departments were focusing on access and data security and technical enablement of the initiatives. And compliance departments were striving to ensure adherence to GDPR, CCPA and other regulatory requirements. Then earlier this year the pandemic appeared. Suddenly, everyone was working from home and any customers still physically interacting with brands shifted to 100% digital—or very close to it. Organizations with five-year digital transformation plans have been forced to get their digital infrastructure in order much faster than previously anticipated. [View article]( ‌ CHECK THESE OUT! ‌ [Twitter]( [Facebook]( [Linked in]( [Youtube]( [CONTACT PING]( © Ping Identity. All Rights Reserved. 1001 17th Street, Suite 100 | Denver, CO 80202 | [+1 303-468-2900]( [Update preferences or unsubscribe »](