Is Ping Identity Quantum Safe?
No. Ping Identity (owned by Thoma Bravo since 2022) uses classical RSA/ECDSA signatures across PingFederate and PingOne; production post-quantum support has not been announced.
Key Takeaway: Ping Identity is NOT quantum safe. Scan your Ping Identity infrastructure with QScout. Plan migration to ML-DSA signatures and ML-KEM key exchange. Monitor Ping Identity product announcements for PQC support.
- Modality
- Identity & Access
- Vulnerability
- Ping Identity SAML and OAuth use classical RSA/ECDSA signatures vulnerable to quantum attack. No production post-quantum support has been announced.
- NIST status
- Ping Identity has not publicly announced product-level PQC (ML-KEM/ML-DSA) support.
- Replaced by
- Ping Identity authentication will migrate to ML-DSA for signatures and ML-KEM for key exchange as post-quantum support is added
- Deprecation
- Ping Identity has not published product-specific PQC migration timelines.
Technical Analysis
Ping Identity is NOT quantum safe today.
Current State
PingFederate, PingOne, and PingAccess use classical TLS, SAML (RSA-SHA256), and OAuth/OIDC (RS256/ES256) — all vulnerable to quantum attack.
Ownership
Ping Identity has been owned by the private-equity firm Thoma Bravo since October 2022 (~$2.8B) and was combined with ForgeRock in 2023. Thoma Bravo is a financial owner and does not provide post-quantum cryptographic capabilities to the products.
PQC Progress
- PingFederate: No public announcement of PQC signature support for SAML or OAuth tokens.
- PingOne: Cloud identity platform uses classical cryptography.
HNDL Risk
Same cascading identity risk as Okta and Auth0. Compromised SAML/OAuth signing keys enable forgery of authentication tokens across all federated applications.
What Organizations Should Do
Audit all Ping Identity deployments, SAML configurations, and OAuth/OIDC integrations. Use QScout to discover all identity cryptographic dependencies, and plan migration to ML-DSA signatures and ML-KEM key exchange as Ping adds support.
At a glance
| Full Name | Ping Identity |
| Category | identity |
| Quantum Vulnerability | Ping Identity SAML and OAuth use classical RSA/ECDSA signatures vulnerable to quantum attack. No production post-quantum support has been announced. |
| NIST Status | Ping Identity has not publicly announced product-level PQC (ML-KEM/ML-DSA) support. |
| Deprecation Timeline | Ping Identity has not published product-specific PQC migration timelines. |
| Replaced By | Ping Identity authentication will migrate to ML-DSA for signatures and ML-KEM for key exchange as post-quantum support is added |
Migration Guidance
Scan your Ping Identity infrastructure with QScout. Plan migration to ML-DSA signatures and ML-KEM key exchange. Monitor Ping Identity product announcements for PQC support.
How Qtonic Quantum Can Help
Don’t Know Where Ping Identity Lives in Your Stack?
QScout discovers instances of Ping Identity across your infrastructure in 7 days — designed to minimize operational disruption. 72-hour time to first findings.