Azure AD Identity Protection Integration Kit
The Azure AD Identity Protection Integration Kit allows PingFederate to communicate with Azure AD Identity Protection for risk-based authentication.
By sending a Microsoft user ID to Azure AD Identity Protection when a user signs on, PingFederate can get a security risk level based on the user’s history. You can use this to dynamically adjust the authentication requirements. For example, you could configure your PingFederate authentication policy to require multi-factor authentication (MFA) when a user with a high risk level signs on.
Features
-
Uses the Azure AD Identity Protection "riskyUsers" resource
-
Supports the PingFederate Authentication API
-
Supports the JavaScript Widget for the PingFederate Authentication API
Components
-
Azure AD Identity Protection IdP Adapter:
-
When a user signs on through PingFederate, the adapter sends the user ID to Azure AD Identity Protection.
-
The adapter receives the user’s risk level and makes it available in the PingFederate authentication policy.
-
Intended audience
This document is intended for PingFederate administrators.
If you need help during the setup process, see the following resources:
-
The following sections of the PingFederate documentation:
-
The following sections of the Azure AD Identity Protection documentation:
System requirements
-
PingFederate 9.3 or later.
-
A valid Azure AD Identity Protection license. For details, see .microsoft.com/en-us/azure/active-directory/identity-protection/overview-identity-protection//[License requirements] in the Azure AD Identity Protection documentation.
-
This integration uses the Microsoft Cloud Identity Connector to get Microsoft user IDs. Setup details are provided in Setting up the Microsoft Cloud Identity Connector.