Summary
ExtremeCloud applications will discontinue support for PingID-based Single Sign-On (SSO) at 4:00AM UTC on June 21, 2026. Customers currently using PingID must transition to the natively available (Self-service) SSO to maintain uninterrupted access to ExtremeCloud applications and authentication functionality.
Background
Extreme Networks is transitioning from the legacy PingID-based Single Sign-On (SSO) system to a new self-service SSO model to provide customers with a more modern, scalable, and customer-controlled authentication experience.
Customer stays in control
- Customers use their existing IdP (Okta, Azure AD, etc.) — no new vendor to procure or budget for
- Customer's IT/security team configures it themselves, no dependency on Extreme to make changes
- Customer's SSO policies (MFA, session timeout, conditional access) are enforced automatically — we don't override them
Security & compliance
- Customer's existing security controls extend to Extreme Platform ONE without any extra config
- Satisfies auditors — SSO + centralized IAM is a checkbox for SOC 2, ISO 27001, FedRAMP
- Reduces your attack surface — no Extreme Platform ONE-specific credentials to phish or breach
Operational efficiency
- No GTAC tickets to manage SSO
- Works across all your apps uniformly — Extreme Platform ONE is just another SAML app in your catalog
Impact
Customers currently using PingID for SSO will be unable to authenticate into ExtremeCloud applications once PingID support ends at 4:00AM UTC on June 21, 2026. Organizations that do not complete the migration to the natively enabled SSO will lose access to all applications.
This loss of access will prevent administrators and users from managing devices, viewing network insights, or performing day-to-day operational tasks until migration is completed.
This will also affect customers in private cloud configured with PingID SSO.
Products Affected
- ExtremeCloud IQ
- ExtremeCloud IQ New
- ExtremeCloud Intuitive Insights
- Extreme Platform ONE Networking
- Extreme Platform ONE Security
- ExtremeCloud SD-WAN
Symptoms
SSO authentication will not authenticate, resulting in the user being unable to login and manage devices.
Workaround
Migration to self-service SSO will prevent customers from losing access before 4:00AM UTC on June 21, 2026. If users lose access through SSO, they will have to login using their local username and password.
Solution
To maintain uninterrupted access to ExtremeCloud applications, customers using PingID for SSO must migrate to the in-house SelfService SSO before PingID support ends at 4:00AM UTC on June 21, 2026.
Customers can complete the migration by configuring SelfService SAML SSO with their preferred Identity Provider (e.g., Microsoft Entra ID, Okta, etc.) using the steps outlined in the official Extreme Networks documentation. These guides provide end-to-end instructions for setting up SSO, importing/exporting metadata, mapping attributes, assigning roles, and validating authentication flows.
Key Documentation Resources:
Additional notes:
Customers can have both PingID SSO and self-service SSO simultaneously configured. Upon completion and validation of self-service SSO, customers can migrate away from PingID.
Once the configuration is complete and validated, organizations will be fully migrated and no longer dependent on PingID.
Please see the full Field Notice here for more details and future updates.
