From a technical standpoint, what exactly does this kit do? First, strictly speaking, the name is a bit misleading. A more technically accurate name would be the "RFC 6238 Compliant Time-Based One-Time Password Integration Kit", but that's kind of a mouthful.
A One-Time Password (OTP) is used to augment password authentication (something you know) by prompting the user for a code generated by a token or other device that only the user possesses (something you have).
The code can only be used once, and even then it's useless outside of a specific time window. OTP-based authentication is nothing new for Ping. We've enabled integration with commercial OTP and other strong authentication solutions for years.
But now the Google Authenticator kit allows for the use of a mobile phone app to generate the requested code, making OTP authentication an option where traditional hardware tokens are too expensive or logistically challenging.
By the way, Google Authenticator integration has been available on ForgeRock OpenAM since 2 versions back. I have a blog on it - OpenAM with HOTP and OATH.