By sending transaction information and an optional device profile to PingOne when a user signs on, PingFederate can get a security risk evaluation for the sign-on event. Including the risk evaluation in your PingFederate authentication policy allows you to dynamically adjust the user's authentication requirements each time they sign on.

Download

To download the PingOne Protect Integration Kit, see PingFederate Downloads on the Ping Identity site.

Components

  • PingOne Protect IdP Adapter
    • When a user signs on through PingFederate, the adapter sends the transaction information to PingOne Protect, and retrieves a risk evaluation and other information about the user's current and previous transactions.
  • PingOne Protect Provider and SDK

    The provider works with the HTML Form adapter in your policy. The provider includes the SDK and can evaluate risk and detect bots before the password credential validator (PCV) is triggered. It can work together or separately with the PingOne Protect IdP Adapter. Like the adapter, the provider supports the authentication API and widget.

    The provider can be configured in the following ways:

    • The provider uses the SDK and performs risk evaluation without using the PingOne Protect IdP Adapter.
    • The provider uses the SDK and sends the payload to the PingOne Protect IdP Adapter, which checks the risk.
    • The provider is not used, such as in the case of an active session. The PingOne Protect IdP Adapter loads the device profiling page and checks the risk.
  • Template and script files
    • When a user signs on through PingFederate and device profiling is enabled, these files create a device profile for the adapter to send to PingOne Protect.

Intended audience

This document is intended for PingFederate administrators.

If you need help during the setup process, see the following resources:

System requirements

  • PingFederate 11.3 or later
    Note:

    If you have an older version of PingFederate, use the PingOne Risk Integration Kit.

  • To allow PingFederate to make outbound HTTPS connections, you might need to allow the following host names in your firewall:
    • https://api.pingone.com, https://api.pingone.asia, or https://api.pingone.eu
    • https://auth.pingone.com, https://auth.pingone.asia, or https://auth.pingone.eu
  • A PingOne Protect or PingOne Risk license

    To create a trial account, see Creating an organization and environment in PingOne.