Gateways

PingOne gateways act as a bridge between your on-premise infrastructure and PingOne.

You can create the following types of gateways:

Gateway type	Description
LDAP	Use LDAP gateways to: Authenticate users in PingOne when their credentials are stored in an external directory Migrate identities to the PingOne user store Authenticate users with Kerberos
RADIUS	Authenticate users that are authenticating to a remote network access server.
Authorize	Evaluate and enforce authorization decisions in your self-managed infrastructure while maintaining authorization policies centrally in PingOne.
PingGateway	Integrate web applications, APIs, and microservices with PingOne without modifying the application or the container where it runs. Built on a reverse proxy architecture, PingGateway enforces security and access control.

Gateway type

Description

LDAP

Use LDAP gateways to:

Authenticate users in PingOne when their credentials are stored in an external directory
Migrate identities to the PingOne user store
Authenticate users with Kerberos

RADIUS

Authenticate users that are authenticating to a remote network access server.

Authorize

Evaluate and enforce authorization decisions in your self-managed infrastructure while maintaining authorization policies centrally in PingOne.

PingGateway

Integrate web applications, APIs, and microservices with PingOne without modifying the application or the container where it runs. Built on a reverse proxy architecture, PingGateway enforces security and access control.

Monitoring gateways

Configure gateway alerts to deliver prompt email notifications regarding critical events or potential problems in the gateway environment.

Only LDAP, RADIUS, and Authorize gateways support alerts.

The different types of gateway alerts are:

Gateway alert type Description

Gateway alert type	Description
Gateway Version Deprecated	Provides an alert when a gateway instance is running on a deprecated version.
Gateway Version Deprecating	After a `supportEndsOn` date is set for the gateway version, monthly alerts are sent until 28 days remain. This is followed by weekly alerts for the next 3 weeks, and daily alerts during the final 7 days before its deprecation. To find the `supportEndsOn` date in the PingOne admin console: Go to Integrations > Gateways and click the appropriate gateway. On the API tab, find the `supportEndsOn` date in the JSON.
Gateway Info Alerts	Sent every 7 days when information that needs attention is detected, such as `Single Instance Connected`.
Gateway Warning Alerts	Sent every 4 days when a warning condition is detected, such as `No TLS Verification`.
Gateway Errors Alerts	Sent every 4 hours when an error condition is detected, such as `No Instances Connected` and `Bad Credentials`.

Gateway Version Deprecated

Provides an alert when a gateway instance is running on a deprecated version.

Gateway Version Deprecating

After a supportEndsOn date is set for the gateway version, monthly alerts are sent until 28 days remain. This is followed by weekly alerts for the next 3 weeks, and daily alerts during the final 7 days before its deprecation.

To find the supportEndsOn date in the PingOne admin console:

Go to Integrations > Gateways and click the appropriate gateway.
On the API tab, find the supportEndsOn date in the JSON.

Gateway Info Alerts

Sent every 7 days when information that needs attention is detected, such as Single Instance Connected.

Gateway Warning Alerts

Sent every 4 days when a warning condition is detected, such as No TLS Verification.

Gateway Errors Alerts

Sent every 4 hours when an error condition is detected, such as No Instances Connected and Bad Credentials.

To configure gateway alerts in the PingOne admin console, go to Monitoring > Alerts. Learn more in Alerts.

Troubleshooting gateway client applications

If a gateway client application is unhealthy, refer to the following troubleshooting topics:

Securing the gateway client application folder

Restrict folder-level access to only the user account executing the gateway client. Apply these permissions when running the gateway client application as a standalone program or as a Windows service.