Adding Intune security posture results to your authentication policy
By modifying your PingFederate authentication policy to include the isManaged and isCompliant results from Intune, you can control access to resources based on the device’s security posture.
About this task
These steps are designed to help you add to an existing authentication policy. Learn more about configuring authentication policies in Policies in the PingFederate documentation.
Steps
-
Sign on to the PingFederate administrative console.
-
On the Identity Provider page, under Authentication Policies, click Policies.
-
Open an existing authentication policy, or create a new one. Learn more in Defining authentication policies in the PingFederate documentation.
-
In the Policy area, in the Select list, select an Intune IdP Adapter instance.
-
Map the
deviceId(shown as CN) oruserPrincipalNamefrom your X.509 Adapter instance into the Intune IdP Adapter instance.
-
Under the Intune IdP Adapter instance, click Options.
-
On the Options dialog, from the Source list, select your X.509 Adapter instance.
-
From the Attribute list, select CN or userPrincipalName. Click Done.
-
-
Define policy paths based on the two security posture attributes,
isCompliantandisManaged.
-
Under the Intune IdP Adapter instance, click Rules.
-
On the Rules dialog, in the Attribute Name list, select isCompliant.
-
In the Condition list, select equal to.
-
In the Value field, enter
trueorfalse. -
In the Result field, enter a name. This appears as a new policy path that branches from the authentication source.
-
Repeat steps b - e for isManaged.
-
Click Done.
-
-
Configure each of the authentication paths, including Fail, Success, and the paths that you defined in the Rules dialog.
-
Click Done.
-
In the Policies window, click Save.