Licensable IAM Deployment Products
Production-grade IAM
in weeks, not months
Midships Accelerators are white-box, licensable deployment frameworks for Ping AIS, Ping AIC, and Keycloak. Built from seven years of regulated enterprise delivery. You get all the code. You own the platform. You do not start from scratch.
// Accelerator credentials
6min
IAM cluster spin-up
70M+
Identities on accelerators
0
Downtime on go-live
7+
Years regulated IAM delivery
Better Together Partner of the Year 2025 — Ping
Delivery Excellence Award — Ping Asia Pacific 2024
ForgeRock APAC Best Systems Integrator 2022/23
What Accelerators Are
Not templates. Not consulting. Proven production frameworks you own.
Every Midships Accelerator is a licensable, white-box deployment framework. You receive the complete source code. Your team can modify it for internal use. You are not locked in to Midships for ongoing changes.
Each accelerator packages the architecture decisions, infrastructure-as-code, configuration baselines, identity journeys, and operational patterns Midships has refined across seven years of zero-downtime IAM programmes at tier-one banks and regulated enterprises.
The result: production-grade deployments in your lower environments within weeks — not the 12 to 18 months it takes to build the same foundation from scratch, making the same mistakes Midships has already solved.
White box — full source code included
You receive all code and can modify it for internal use. No black-box vendor lock-in. Your team inherits a platform they can own and evolve independently.
Production-grade in lower environments within weeks
The same hardened, compliance-aligned configuration that runs in production is available in your dev and test environments from day one — enabling proper testing before go-live.
DevSecOps native
Infrastructure-as-code, GitOps pipelines, and automated testing are built in. Security is embedded in the delivery process, not added afterwards.
Zero downtime by design
Blue/green, canary, and rolling update patterns are embedded. Upgrades and go-lives do not require service windows.
Pre-hardened for regulated environments
PCI DSS, MAS TRM, PSD2, and SOC2 alignment built in. Audit trails, separation of duties, and compliance-ready logging from day one.
Connection to the Enterprise AI Agent Reference Architecture
Accelerators deploy the components you need
The Midships Enterprise AI Agent Reference Architecture defines the complete stack for governed autonomous AI. Accelerators provide the deployment path for the IAM components in that architecture — particularly the Identity and Metadata Context Layer and the Integration Layer.
// Reference architecture layer mapping
Governance Layer
AI Governance Engine — Icebreaker (separate product)
Identity Context
Identity Governance for Agents — deployed via AIS or Keycloak Accelerator
Integration Layer
Keycloak / Ping AIC / Ping AIS — deployed via Accelerators
Agent Platform
LLM / Model Platform — customer or partner provided
If you do not already have a production-grade IAM layer, Accelerators provide the fastest path to getting one in place — ready to support Icebreaker governance on top.
The Three Accelerators
Choose by platform
Each accelerator is purpose-built for its platform. All three share the same white-box model, DevSecOps approach, and zero-downtime delivery principles.
Ping AIS Accelerator
A production-ready, white-box deployment framework for PingAM, PingIDM, PingDS, and PingAuthorize on Kubernetes. Multi-region, multi-cloud active-active architectures. Full source code included — your team owns the platform.
Infrastructure as Code
Helm charts, Terraform modules, and GitOps pipelines for consistent, repeatable Ping deployments. No manual configuration drift across environments.
Multi-Region, Multi-Cloud Active-Active
Active-active architectures across AWS, Azure, GCP, Tencent, Alicloud, and private cloud simultaneously — not just redundancy within one provider. Tested DR with documented RTO/RPO.
Zero Downtime — Three Patterns
Blue/green deployments, canary releases, and rolling updates (Kubernetes-native) — all with pre-flight rehearsal and automatic rollback. Go-lives and upgrades without service windows.
Pre-Built Identity Journeys
Production-tested journeys for registration, login, MFA, passwordless, step-up, and progressive profiling — configured for regulated enterprise contexts and ready to customise.
Security Baseline
Pre-hardened OS, container, and Ping configurations. PCI DSS, MAS TRM, SOC2 alignment built in. Audit trails, SIEM integration, and separation of duties as standard.
Migration Patterns
Tested patterns for migrating from legacy IAM, ForgeRock (on-prem), or other platforms to Ping AIS — including identity data migration, co-existence periods, and zero-downtime cutovers.
Covers
Ping AIC Accelerator
A DevSecOps-native configuration and deployment framework for PingOne Advanced Identity Cloud. Solves the problems AIC customers cannot solve today — local development, parallel working, and failover to on-premise AIS. Full source code included.
Midships Cube — included with AIC Accelerator
Local development and parallel working for AIC
Out of the box, AIC customers cannot develop locally or work in parallel without overwriting each other's code. Midships Cube solves this — enabling multiple developers to work simultaneously, test locally before merging, and deploy to AIC with confidence. This capability does not exist elsewhere in the market.
Local AIC environment — develop and test before pushing to master
Parallel development — multiple developers without conflict
Merge to master branch triggers automated deployment to AIC
Full DevSecOps pipeline — security checks embedded in the build
Works with both AIC SaaS and on-premise AIS in hybrid setups
Tenant Configuration Framework
Version-controlled AIC tenant configuration — realms, OAuth clients, federation, social login, and service accounts — deployable consistently across all environments.
Journey Library
Ready-to-deploy CIAM and workforce journeys — passwordless, MFA, eKYC, account recovery, step-up — validated against AIC's journey engine.
PingOne Protect and Verify Integration
Pre-built integration for PingOne Protect (risk and fraud) and PingOne Verify (identity verification) — policy-driven step-up only when risk is detected.
AIC to AIS Failover
Failover to on-premise AIS if the AIC SaaS platform is unavailable — addressing the resilience concern that blocks AIC adoption in regulated enterprises with strict availability requirements.
SaaS to On-Prem Bridging
Integration patterns for connecting AIC to on-premise directories, legacy core banking systems, and enterprise API gateways without disrupting existing infrastructure.
Migration Patterns — AIS to AIC
Tested patterns for migrating from Ping AIS (on-prem) to PingOne AIC — including journey translation, identity data migration, co-existence, and zero-downtime cutover.
Covers
Keycloak Accelerator
A production-grade, white-box deployment framework for enterprise Keycloak and Red Hat Build of Keycloak (RHBK) — solving the HA, upgrade, and advanced journey problems that out-of-the-box Keycloak leaves unresolved. Vendor independence without sacrificing enterprise reliability.
High Availability and Multi-Cluster
Proven HA and multi-cluster topologies on Kubernetes — including serverless-ready options (EKS Fargate, GKE Autopilot, ACA) with durable external database layers.
Extended Authentication Flow API
Midships' proprietary API that exposes any Keycloak authentication flow programmatically — enabling headless IAM and enterprise journeys without coupling to the Keycloak UI.
Zero Downtime Upgrades
Blue/green and canary releases with pre-flight rehearsal and automatic rollback. Proven upgrade procedures keeping customer journeys live during Keycloak version upgrades.
Security Hardening
Encryption, access controls, device trust, SIEM integrations, and security event logging as standard. Keycloak configured to meet stringent regulated environment requirements.
Data Safety and Recovery
Encrypted backups, point-in-time recovery (PITR), immutable snapshots, and tested RTO/RPO objectives with documented restore procedures.
Ping Interoperability
Integration patterns connecting Keycloak with Ping universal services — combining open-source flexibility with Ping's advanced identity, risk, and verification capabilities.
Covers
Licensing Model
Licence the accelerator. Deploy with confidence.
Accelerators are available as standalone licensed products. You receive all source code. Deployment is handled by Midships or a qualified partner.
01
Licence the accelerator
Purchase a licence for the relevant accelerator. You receive the complete framework — infrastructure-as-code, configuration baselines, journey libraries, operational patterns, and full source code that you can modify for internal use.
02
Deploy via Midships or a partner
Deployment is handled by Midships' consulting team or a qualified partner certified on the accelerator. This ensures correct deployment and full knowledge transfer to your team.
03
Own and operate the platform
You own all the code. Your team can operate, extend, and modify the platform independently. Optionally, engage Midships Guardian for 24x7 managed operations alongside your internal team.
Accelerator vs building from scratch
Team independence
Security hardening
Zero downtime delivery
DevSecOps pipeline
Source code ownership
Time to production-grade lower environments
Months — hardening, compliance config, and pipelines all built from scratch
You own what your team builds
Built during delivery — often deferred or incomplete
Bespoke engineering — blue/green, rolling updates often skipped
Post-deployment retrofit — inconsistent and often incomplete
Knowledge in people, not in documented, reproducible patterns
✓ Full source code and documentation — team can own and evolve independently
✓ PCI DSS, MAS TRM, SOC2 aligned from day one
✓ Three patterns included — blue/green, canary, rolling updates
✓ GitOps, IaC, and automated security checks embedded from day one
✓ You receive all source code — white box, modifiable for internal use
✓ Weeks — production-grade configuration available in dev/test from day one
Midships Accelerator
Building from scratch
Factor
Platform Consolidation
Running multiple identity vendors? Midships can consolidate them.
Many enterprises have accumulated fragmented identity stacks — Ping alongside DAON, Transmit Security, or other vendors. Midships can help you consolidate onto a single, rationalized Ping platform, reducing cost and operational complexity.
Platform sprawl is expensive — multiple vendor contracts, multiple support relationships, multiple operational teams, and integration complexity between systems that were never designed to work together. Consolidation onto Ping eliminates this overhead while giving you a single, enterprise-grade identity platform with the governance controls regulated industries require.
Midships has the accelerators and the delivery experience to make consolidation programmes low-risk and zero-downtime — migrating users, journeys, and integrations without disrupting live services.
Related Product
Once your IAM layer is in place — add Icebreaker for AI governance
Icebreaker is Midships' runtime governance product for autonomous AI. It sits above your IAM layer as the Governance and Control Layer in the Enterprise AI Agent Reference Architecture. Accelerators deploy the foundation. Icebreaker governs what runs on top of it.
Frequently Asked Questions
Accelerators — common questions
What is a Midships Accelerator?
A Midships Accelerator is a licensable, white-box deployment framework built from seven years of regulated enterprise IAM delivery. You receive the complete source code, including infrastructure-as-code, configuration baselines, identity journeys, and operational patterns. You can modify the code for internal use. Deployment is handled by Midships or a qualified partner.
Are accelerators white box — do we get all the source code?
Yes. Every Midships Accelerator is fully white box. You receive all source code as part of the licence. Your team can read, modify, and extend it for internal use. You are not dependent on Midships for ongoing changes to the platform — your team owns what is deployed.
How quickly can we get a production-grade environment?
Production-grade deployments in your lower environments — with the same hardening, compliance configuration, and DevSecOps pipelines as production — are achievable within weeks. This is a key differentiator from building from scratch, where it typically takes months just to reach a properly configured non-production environment.
What is Midships Cube?
Midships Cube is a local development environment included with the Ping AIC Accelerator. It solves a fundamental problem for AIC customers: out of the box, developers cannot work locally or in parallel without overwriting each other's code. Cube enables each developer to run a local AIC environment, develop and test changes locally, and merge to the master branch — which triggers automated deployment to AIC. This capability does not exist in standard AIC tooling.
Do accelerators support zero downtime deployments and upgrades?
Yes. Zero downtime is a design principle in every accelerator. The AIS Accelerator includes blue/green, canary, and rolling update (Kubernetes-native) patterns. The Keycloak Accelerator includes blue/green and canary releases. All include pre-flight rehearsal procedures and automatic rollback. Midships has a track record of upgrading production Ping and Keycloak environments with no service interruption.
Does the AIC Accelerator support failover to on-premise Ping?
Yes. The AIC Accelerator includes failover patterns to on-premise Ping AIS — addressing a core concern for regulated enterprises with strict availability requirements that are considering the move to AIC SaaS. If the AIC platform is unavailable, identity services can fail over to the on-premise AIS deployment.
Can Midships help consolidate multiple identity vendors onto Ping?
Yes. Midships has delivery experience consolidating enterprises running Ping alongside DAON, Transmit Security, and other vendors onto a single Ping platform. The accelerators provide the deployment foundation, and Midships' consulting team manages the migration and consolidation programme with zero downtime.
How do accelerators relate to the Midships Enterprise AI Agent Reference Architecture?
Accelerators deploy the IAM components that form the Identity and Metadata Context Layer and Integration Layer of the Midships Enterprise AI Agent Reference Architecture. If you are implementing the reference architecture and do not already have a production-grade Ping or Keycloak deployment, accelerators provide the fastest and lowest-risk path to getting the foundation in place — ready to support Icebreaker governance on top.