---
title: Configuring Microsoft Intune for PingID
description: Manage the PingID app using Microsoft Intune.
component: pingid
page_id: pingid:pingid_service_management:pid_configuring_microsoft_intune
canonical_url: http://docs.pingidentity.com/pingid/pingid_service_management/pid_configuring_microsoft_intune.html
revdate: January 28, 2024
section_ids:
  mdm-maintenance: MDM maintenance:
  installing-an-apns-certificate-for-ios-in-microsoft-intune: Installing an APNs certificate for iOS in Microsoft Intune
  before-you-begin: Before you begin
  steps: Steps
  result: Result:
  result-2: Result:
  next-steps: Next steps
  configuring-android-for-work-for-microsoft-intune: Configuring Android for Work for Microsoft Intune
  before-you-begin-2: Before you begin
  about-this-task: About this task
  steps-2: Steps
  result-3: Result:
  result-4: Result:
  result-5: Result:
  result-6: Result:
  result-7: Result:
  result-8: Result:
  result-9: Result:
  result-10: Result:
  next-steps-2: Next steps
  adding-the-pingid-app-for-ios-in-microsoft-intune: Adding the PingID app for iOS in Microsoft Intune
  steps-3: Steps
  result-11: Result:
  result-12: Result:
  result-13: Result:
  result-14: Result:
  result-15: Result:
  next-steps-3: Next steps
  adding-the-pingid-app-for-android-in-microsoft-intune: Adding the PingID app for Android in Microsoft Intune
  before-you-begin-3: Before you begin
  about-this-task-2: About this task
  steps-4: Steps
  result-16: Result:
  result-17: Result:
  result-18: Result:
  next-steps-4: Next steps
  setting-pingid-app-configuration-policies-for-microsoft-intune: Setting PingID app configuration policies for Microsoft Intune
  steps-5: Steps
  result-19: Result:
  result-20: Result:
  result-21: Result:
  updating-a-pingid-token-in-microsoft-intune: Updating a PingID token in Microsoft Intune
  before-you-begin-4: Before you begin
  steps-6: Steps
  result-22: Result:
  result-23: Result:
---

# Configuring Microsoft Intune for PingID

Manage the PingID app using Microsoft Intune.

|   |                                                                                                                                                                                                                                                                                                                                                         |
| - | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
|   | The following steps are for use cases where PingID MFA authenticating devices are managed by Microsoft Intune mobile device management (MDM). In cases where PingFederate is used to apply policies on accessing devices managed by Microsoft Intune, see [Intune Integration Kit](http://docs.pingidentity.com/integrations/intune/pf_intune_ik.html). |

1. In Microsoft Intune, install an Apple Push Notification service (APNs) certificate for iOS. For more information, see [Installing an APNs certificate for iOS in Microsoft Intune](pid_installing_apns_certificate_for_ios_microsoft_intune.html).

2. If your organization has iOS devices, add the PingID app for iOS. For more information, see [Adding the PingID app for iOS in Microsoft Intune](pid_adding_pid_app_ios_in_microsoft_intune.html).

3. If your organization has Android devices, add the PingID app for Android. For more information, see [Adding the PingID app for Android in Microsoft Intune](pid_adding_app_for_android_in_microsott_intune.html).

4. Configure PingID configuration policies for Microsoft Intune. For more information, see [Setting PingID app configuration policies for Microsoft Intune](pid_setting_app_configuration_policies_for_microsoft_intune.html).

## MDM maintenance:

As part of MDM maintenance activities for the PingID app, you can generate new tokens and revoke old tokens. For more information, see the following:

* In PingID:

  * [Configuring Mobile Device Management (MDM)](pid_configuring_mobile_device_management.html)

  * [Setting up MDM configuration in PingID for the first time](pid_setting_up_mdm_configuration_for_the_first_time.html)

  * [Adding a new MDM token](pid_adding_new_mdm_token.html)

  * [Revoking an MDM token](pid_revoking_an_mdm_token.html)

  * [Rotating MDM tokens](pid_rotating_mdm_tokens.html)

* In Microsoft Intune:

  * [Updating a PingID token in Microsoft Intune](pid_updating_token_in_microsoft_intune.html)

## Installing an APNs certificate for iOS in Microsoft Intune

To ensure that PingID app configurations can be pushed to iOS devices, install an Apple Push Notification service (APNs) certificate in Microsoft Intune.

### Before you begin

You will need your Apple ID for this procedure.

### Steps

1. As a Global Administrator in the Microsoft Azure portal, go to **Intune → Device Enrollment → Apple Enrollment**, and then click **Apple MDM Push Certificate**.

   #### Result:

   The **Configure MDM Push Certificate** window is displayed.

   ![A screen capture of the Configure MDM Push Certificate.](_images/dxx1564020685382.png)

2. In the **Configure MDM Push Certificate** window, complete the following fields.

   1. In section **1**, select the **I Agree** check box.

      ![A screen capture of section 1 in the Configure MDM Push Certificate window. The I Agree check box is highlighted.](_images/vcn1564020686243.png)

   2. In section **2**, click **Download Your CSR**.

      ![A screen capture of section 2 in the Configure MDM Push Certificate window. The link to Download Your CSR is highlighted.](_images/hxp1564020686788.png)

   3. In section **3**, click **Create Your MDM Push Certificate**.

      ![A screen capture of section 3 in the Configure MDM Push Certificate window. The link to Create your MDM push Certificate is highlighted.](_images/fip1564020687320.png)

      #### Result:

      The **Apple Push Certificates Portal** window opens in your browser.

3. Sign on to the Apple Push Certificates Portal.

   ![A screen capture of the Apple Push Certificates Portal window](_images/agx1564020687838.png)

4. In either the **Get Started** section or the **Certificates for Third-Party Servers** section, click **Create a Certificate**.

   |   |                                                                                                                                                                  |
   | - | ---------------------------------------------------------------------------------------------------------------------------------------------------------------- |
   |   | If your organization does not yet have any Apple Push certificates, the **Get Started** section is displayed. Otherwise, the **Certificates** list is displayed. |

   ![A screen capture of the Get Started section. The Create a Certificate button is highlighted.](_images/dqb1564020689783.png)

5. Click **Choose File** and browse for the certificate signing request (CSR) file you created previously, and then click **Upload**.

   ![A screen capture of the Create a New Push Certificate section. The Choose File button is highlighted..](_images/ydc1564020690628.png)

6. In the row of the new APNs certificate, click **Download**.

   ![A screen capture of the Certificates for Third-Party Servers list. The Download button is highlighted.](_images/cix1564020691914.png)

7. Return to the **Configure MDM Push Certificate** window and complete the following fields.

   1. In section **4**, enter your Apple ID.

      ![A screen capture of section 4.](_images/qmy1564020692601.png)

   2. In section **5**, from the **Apple MDM Push Certificate** list, select your APNs certificate.

   3. Click **Upload**, and then save your configuration.

      ![A screen capture of section 5.](_images/hmw1564020693124.png)

### Next steps

Add the PingID app for iOS. For more information, see [Adding the PingID app for iOS in Microsoft Intune](pid_adding_pid_app_ios_in_microsoft_intune.html).

## Configuring Android for Work for Microsoft Intune

To ensure that PingID app configurations can be pushed to Android devices, configure Android for Work for the organization's mobile device management (MDM).

### Before you begin

In the Intune dashboard, configure Android work profile devices. Find more information in the [InTune documentation](https://learn.microsoft.com/en-us/intune/intune-service/user-help/enroll-device-android-work-profile).

### About this task

This is an example configuration of Android for Work without G Suite. You can configure Android for Work for MDM with G Suite.

### Steps

1. Go to the Microsoft Azure portal at [https://portal.azure.com](https://portal.azure.com/).

2. Go to **Intune → Home → Client Apps → Managed Google Play**.

   #### Result:

   The **Managed Google Play** window opens.

3. Click **Open the Managed Google Play Store**.

   ![A screen capture of the Managed Google Play window, highlighting the Open the Managed Google Play Store link.](_images/kek1564020746340.png)

   #### Result:

   Google Play opens in a new browser tab or window.

4. Search for the PingID app and select it.

   ![A screen capture of Google Play search results, showing the PingID app.](_images/vks1564020747191.png)

5. Click **Approve**.

   ![A screen capture of the PingID app in Google Play.](_images/fsn1564020748917.png)

   |   |                                                                                 |
   | - | ------------------------------------------------------------------------------- |
   |   | You might be prompted to sign on as a managed Google Play administrator. Do so. |

   #### Result:

   The **Client Apps - Apps** window is displayed.

6. From the **Apps** list, click the PingID Google Play entry, and then from the left-hand menu, click **Assignments**.

   ![A screen capture of the Client Apps - Apps window.](_images/azj1564020749604.png)

   #### Result:

   The **PingID - Assignments** window is displayed.

7. In the **PingID - Assignments** window, assign the PingID Android app to user groups.

   To create, manage and assign apps to groups, see the relevant Intune documentation.

   ![A screen capture of the Assignments window.](_images/gby1564020750402.png)

8. Go to **Intune → Client Apps → App Configuration Policies**, and then click **Add**.

   #### Result:

   The **Add Configuration Policy** window is displayed.

9. In the **Name** field, enter a name for the policy.

10. In the **Description** field, add a description.

    ![A screen capture of the Add Configuration Policy window showing the Name field, the Description field, and the Device enrollment type list.](_images/zew1564020751584.png)

11. From the **Device Enrollment Type** list, select **Managed Devices**.

    ![A screen capture of the Device Enrollment Type list with the options for Managed devices and Managed apps.](_images/wkz1564020752154.png)

    #### Result:

    The **Platform** list is displayed.

12. From the **Platform** list, choose **Android**.

    ![A screen capture of the Platform list.](_images/fbg1564020752678.png)

13. At the bottom of the window, click **Add**.

    #### Result:

    The **Associated App** tab is displayed.

14. On the **Associated App** tab, click **PingID**.

    ![A screen capture of the Associated App tab. In this screen capture, the list of available apps include Intune Company Portal and PingID.](_images/ipq1564020753239.png)

    #### Result:

    The **Configuration Settings** tab is displayed.

15. From the **Configuration Settings Format** list, select **Use Configuration Designer**.

    ![A screen capture of the Configuration Settings tab showing the Configuration Settings Format list with the options Use Configuration Designer and Enter JSON Data.](_images/xyc1564020753910.png)

16. In the **Configuration Value** field, enter the PingID MDM token, and then click **Add**.

    For more information, see [Setting up MDM configuration in PingID for the first time](pid_setting_up_mdm_configuration_for_the_first_time.html).

    ![A screen capture of the Configuration Settings tab.](_images/exw1564020754692.png)

### Next steps

See [Adding the PingID app for Android in Microsoft Intune](pid_adding_app_for_android_in_microsott_intune.html).

## Adding the PingID app for iOS in Microsoft Intune

Configure PingID as an MDM-managed app for iOS devices in Microsoft Intune.

### Steps

1. Go to the Microsoft Azure portal at [https://portal.azure.com](https://portal.azure.com/).

2. Go to **Intune → Client Apps → Apps → +Add → Add App**.

3. From the **App Type** list, select **iOS**.

   ![A screen capture of the Add App window and the App Type list. The list has multiple sections of apps: Store App, which has Android, iOS, Windows Phone 8.1, and Windows; Office 365 Suite, which has Windows 10 and macOS; and Other, which has Web link, Built-in app, Line-of-business app, and Windows app (Win32) - preview.](_images/xhb1564020693727.png)

4. In the **Search the App Store** section, click **Select App**.

   ![A screen capture of the Add App window and the Search the App Store section.](_images/wsh1564020694371.png)

   #### Result:

   The **Search the App Store** window opens.

   ![A screen capture of the Search the App Store window.](_images/cir1564020694939.png)

5. In the search field, enter th e PingID mobile app's iTunes App Store URL: <https://itunes.apple.com/us/app/pingid/id891247102?mt=8>.

   #### Result:

   The PingID app is displayed.

   ![A screen capture of the Search the App Store window showing the PingID app in the search results.](_images/lwh1564020695575.png)

6. Click the PingID app.

   #### Result:

   You are returned to the **Add App** window with the **Configure** option enabled.

7. To open the **App Information** window, click **Configure**.

8. In the **App Information** window, make any required changes, and then click **OK**.

   ![A screen capture of the App Information window. Required fields are marked by an asterisk.](_images/bpb1564020696261.png)

   #### Result:

   In the **Add App** window, the **Add** button is enabled.

9. In the **Add App** window, click **Add**.

   #### Result:

   Your app appears in the list of client apps.

   ![A screen capture of the Client Apps - Apps window, highlighting the PingID iOS store app.](_images/xqi1564020697024.png)

### Next steps

See [Setting PingID app configuration policies for Microsoft Intune](pid_setting_app_configuration_policies_for_microsoft_intune.html).

## Adding the PingID app for Android in Microsoft Intune

To ensure that PingID app configurations can be pushed to Android devices, configure Android for Work for the organization's mobile device management (MDM).

### Before you begin

In the Intune dashboard, configure Android work profile devices. Find more information on the [InTune documentation](https://learn.microsoft.com/en-us/intune/intune-service/user-help/enroll-device-android-work-profile).

### About this task

This is an example configuration of Android for Work without G Suite. You can configure Android for Work for MDM with G Suite.

### Steps

1. Go to the Microsoft Azure portal at [https://portal.azure.com](https://portal.azure.com/).

2. Go to **Intune → Home → Client Apps → Managed Google Play**.

3. In the **Client Apps - Managed Google Play** window, click **Open the Managed Google Play Store**.

   ![A screen capture of the Client Apps - Managed Google Play window, highlighting the Open the Managed Google Play Store app.](_images/kek1564020746340.png)

   #### Result:

   Google Play opens in a new browser tab or window.

4. Search for the PingID app and select it.

   ![A screen capture of Google Play search results, showing the PingID app.](_images/vks1564020747191.png)

5. Click **Approve**.

   ![A screen capture of the PingID app in Google Play.](_images/fsn1564020748917.png)

   |   |                                                                       |
   | - | --------------------------------------------------------------------- |
   |   | You might be asked to sign on as a managed Google Play administrator. |

   #### Result:

   The **Client Apps - Apps** window is displayed.

6. From the **Apps** list, select the PingID Managed Google Play app, and then from the left-hand menu, click **Assignments**.

   ![A screen capture of the Client Apps - Apps window, highlighting the PingID Managed Google Play App entry.](_images/azj1564020749604.png)

   #### Result:

   The **PingID - Assignments** window is displayed.

7. In the **PingID - Assignments** window, assign the PingID Android app to user groups.

   To create, manage and assign apps to groups, consult the relevant Intune documentation.

   ![A screen capture of the PingID - Assignments window.](_images/gby1564020750402.png)

### Next steps

See [Setting PingID app configuration policies for Microsoft Intune](pid_setting_app_configuration_policies_for_microsoft_intune.html).

## Setting PingID app configuration policies for Microsoft Intune

Configure the following procedure separately for iOS and Android.

### Steps

1. Go to the Microsoft Azure portal at [https://portal.azure.com](https://portal.azure.com/).

2. Go to **Intune → Client Apps → App Configuration Policies → +Add**.

   #### Result:

   The **Add Configuration Policy** window is displayed.

   ![A screen capture of the Add Configuration Policy window showing the Name field, the Description field, and the Device enrollment type drop-down list.](_images/cbz1564020697923.png)

3. In the **Name** field, enter a policy name. In the **Description** field, enter a description.

4. From the **Device Enrollment Type** list, select **Managed Devices**.

5. From the **Platform** list, select the relevant platform.

   ![A screen capture of the Add Configuration Policy window with the Platform list expanded to show the options for iOS and Android.](_images/wrt1564020698481.png)

6. Click the **Associated App** section, and then in the **Associated App** pane, select **PingID**.

   ![A screen capture of the Associated App pane showing the PingID app.](_images/igh1564020699901.png)

   #### Result:

   The **Associated App** section shows **PingID**.

   ![A screen capture of the Add Configuration Policy window, showing PingID in the Associated App section.](_images/vgt1564020700813.png)

7. Click the **Configuration Settings** section, and then follow the steps according to the relevant operating system.

   | Operating System | Steps                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                     |
   | ---------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
   | iOS              | 1. From the **Configuration Settings Format** list, select **Use Configuration Designer**.![A screen capture of the Configuration Settings pane.](_images/hjg1564020741583.png)1. In the **Configuration Key** field, enter `PING_MDM_TOKEN`.

   2. From the **Value Type** list, select **String**.

   3. In the **Configuration Value** field, enter your MDM string generated in the PingID admin portal. For more information, see [Setting up MDM configuration in PingID for the first time](pid_setting_up_mdm_configuration_for_the_first_time.html).![A screen capture of the Configuration Settings pane with the MDM string entered.](_images/dsm1564020743984.png)                                                                                                                                                                                |
   | Android          | 1) From the **Configuration Settings Format** list, select **Use Configuration Designer**.![A screen capture of the Configuration Settings Format drop-down list set to Use Configuration Designer.](_images/llu1564020742248.png)1) Click **Add**.

   2) To enable the **Value Type** field, click **OK**.![A screen capture of the Configuration Key list showing the Value Type set to string.](_images/pou1564020742813.png)1) From the **Value Type** list, select **String**.

   2) In the **Configuration Value** field, enter your MDM string generated in the PingID admin portal. For more information, see [Setting up MDM configuration in PingID for the first time](pid_setting_up_mdm_configuration_for_the_first_time.html).![A screen capture of the Configuration Settings pane with the MDM string entered.](_images/kdq1564020744648.png) |

8. Click **OK**.

   #### Result:

   You are returned to the **Add Configuration Policy** window.

## Updating a PingID token in Microsoft Intune

Configure the following procedure separately for iOS and Android.

### Before you begin

The PingID app is configured for both iOS and Android.

### Steps

1. Go to the Microsoft Azure portal at [https://portal.azure.com](https://portal.azure.com/).

2. Go to **Intune → Client Apps → App Configuration Policies**.

   #### Result:

   The **Client Apps - App Configuration Policies** window is displayed.

   ![A screen capture of the Client Apps - App Configuration Policies window](_images/ili1564020725361.png)

3. Click the relevant **Android PingID App** or **iOS PingID App** entry.

4. Click **Properties**.

   ![A screen capture of the PingID app menu for the chosen operating system.](_images/exd1564020726098.png)

5. Follow the steps according to the relevant operating system.

   | Operating System | Steps                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                       |
   | ---------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
   | iOS              | 1. Click the **Configuration Settings** tab.![A screen capture showing the Configuration Settings tab.](_images/aog1564020726665.png)1. Enter your MDM string between `<string>` and `</string>`. For more information, see [Setting up MDM configuration in PingID for the first time](pid_setting_up_mdm_configuration_for_the_first_time.html).![A screen capture of the Configuration Settings pane.](_images/pvc1564020727861.png)                                                                                                                                     |
   | Android          | 1) Click the **Configuration Settings** tab.![A screen capture showing the Configuration Settings tab.](_images/aog1564020726665.png)1) From the **Value Type** list, select **String**. In the **Configuration Value** field, enter your MDM string. For more information, see [Setting up MDM configuration in PingID for the first time](pid_setting_up_mdm_configuration_for_the_first_time.html).![A screen capture of the Configuration Settings tab showing the Configuration Key, Value Type set to string, and Configuration Value.](_images/twu1564020728539.png) |

6. Click **OK**.

   #### Result:

   You are returned to the app dashboard window.

7. Click **Save**.