Making sense of the Ping Identity + ForgeRock CIAM roadmap
If you missed the Ping Identity Chief Product Officer’s recent roadmap update, we suspect you’re not alone. The 10-minute video outlines Ping’s strategy for bringing together the overlapping product suites they now own as a result of their acquisition of ForgeRock.
We applaud Ping Identity’s transparency as they share some of the decisions they’ve made, though we can understand why they might not want a lot of fanfare. The video states that Ping will “be supporting both platforms indefinitely into the future,” but if you’re a CIAM prospect or customer you’ve likely still got some questions on your mind … especially when you see the detailed product roadmap at 9:26 in the video. There’s a lot of migration and integration planned through 2025 but where’s the innovation around CIAM?
Our 5 key takeaways about Ping’s CIAM strategy
We like to think of ourselves as being customer obsessed – no matter whose customers they are. In that spirit, we’re sharing our takeaways from the Ping roadmap presentation.
- Ping won. When the merger was announced, we pondered which would be the platform of choice. For virtually all of the major decisions that were up in the air Ping chose … wait for it …Ping’s products. It’s not surprising given that Thoma Bravo, the PE firm that acquired both Ping and ForgeRock, appointed Ping CEO, Andre Durand, to lead the new company.
What this means for CIAM customers: While this Ping-centric product direction makes business sense for Ping, we think it will spark more than a few questions from ForgeRock’s CIAM customers as they try to figure out how and when the ForgeRock capabilities they’re using will migrate into the newly emerging Ping-branded portfolio.
- PingOne is the go-forward cloud platform. In the video, Ping Identity’s Chief Product Officer, Peter Barker, makes it clear that PingOne will be the cloud platform moving forward. An IAM vendor only needs one cloud platform, and it makes sense Ping would choose PingOne. However, left unsaid is what will happen to ForgeRock’s Identity Cloud? Presumably, it has no long-term future.
What this means for CIAM customers: In the video Barker explains that “Ping came from a strength in workforce,” referring to their IAM offerings. But the scale and performance required for workforce IAM is quite different from what’s required for customer IAM. CIAM solutions need to scale to support millions of users globally. PingOne wasn’t designed to do that. Also notable is that PingOne is a multi-tenant solution. If you want the control that comes from a single dedicated cloud instance you’ll have to pay Ping extra for professional services from PingOne Advanced Services.
- Innovation = integration. While the video talks a lot about innovation, all of the examples are from the past. And all of the future roadmap items are focused on integration, unification, and migration – not new capabilities. From a migration standpoint, all paths point to PingOne as the north star. Also front and center is the massive undertaking of unifying two different directory stores, creating “migration tools” and “unifying” everything from authentication apps to admin portals. We don’t envy the position Ping is in right now.
What this means for CIAM customers: While there are now bullets on a roadmap slide, there are still lots of outstanding “how” questions we suspect Ping is still figuring out. If you’re a Ping or ForgeRock CIAM customer, it’s fair to ask: is “migration” just a nicer word for “new implementation?” Either way, it’s unlikely to be “free,” so it’s also worth thinking about how much it will cost in terms of new budget asks and your team’s time.
- Workforce IAM is at the center of the new roadmap. This makes sense since Workforce IAM was Ping Identity’s bread and butter. The roadmap calls out how ForgeRock Identity Governance and ForgeRock Lifecycle Management will now be used for workforce use cases in combination with PingOne. But CIAM innovations are nowhere to be found in the 2-year roadmap.
What this means for CIAM customers: Requirements are changing rapidly and – as expected – this roadmap looks pretty crowded with workforce-centric requirements. Can you afford to wait for new innovations (and migration of existing features)?
- CIAM customers need to make a choice – speed vs control: The video says that when it comes to SaaS deployment models “customers typically come at the situation from one of two angles – either from speed or control.” It goes on to say that for customers that want “speed” – think time to go-live – they’ll be offered the multi-tenant PingOne solution. But if they want “control” –think data residency and compliance requirements – they will need PingOne Advanced Services.
What this means for CIAM customers: Why should you have to choose between speed and control? Why can’t you have both? In this case, it’s because PingOne’s architecture isn’t built for it. There’s a reason that ForgeRock (and Strivacity) chose single-instance cloud architectures. The security and performance requirements of CIAM demand it. But with ForgeRock Identity Cloud seemingly marching into the sunset, Ping only has a multi-tenant offering. Making it work as a single-instance deployment requires lots of professional services to round out the rough edges.
Questions CIAM customers should ask
While the new info that Ping has shared about the roadmap is good progress, there’s obviously still a lot to sort out. That will take more time and will no doubt leave many existing and future CIAM customers wondering what it means for their business. Both ForgeRock and Ping customers have tough decisions ahead of them and for different reasons. Here are a few questions we think they should be considering as they wait for more news:
- What does “supporting both platforms indefinitely into the future” really mean? Put another way, what’s the deadline for making a decision on your CIAM tech stack?
- Apart from the migration and integration, what new CIAM features is Ping planning and how will these be supported across both platforms?
- How will the roadmap affect the support and maintenance of existing products? Will there be any changes in customer support and response times?
- Will there be assistance (besides tools) with data migration? Is “migration” really a re-install? And how will compatibility between Ping Identity and ForgeRock products be ensured?
- Will there be any changes to licensing models or pricing structures for the merged products? How will existing contracts and pricing agreements be honored or modified as they come up for renewal?
- What measures will be in place to ensure the security of customer data during and after migration? How will compliance with data protection and privacy regulations be maintained?
Again, we applaud Ping Identity for releasing more details of their migration roadmap, but let’s not confuse migration with innovation.
You need secure, accessible CIAM solutions. Don’t let off the gas pedal when it comes to pushing your CIAM vendor on innovation and timelines.
Note: For a more in-depth review check our our blog post: A cheat sheet for Ping Identity's product roadmap.
Looking for other CIAM options and want to learn more?
If you’re feeling fatigued by the tangled web of migrations ahead and want to consider other options we hope you’ll keep Strivacity in mind.
We are the only other CIAM vendor positioned as a Leader in The Forrester Wave™: Customer Identity and Access Management, Q4 2022 (no form).
When compared to other large CIAM vendors, our customers experience the following benefits.
If you’re an existing ForgeRock or Ping Identity customer or just trying to make sense of what your options are in the market, we’re here to help. Check us out, get in touch, or book a demo.