Overview of the SSO flow
With the Jamf Integration Kit, PingFederate parses identifying attributes from the X.509 certificate on the user’s Apple device. The Jamf IdP Adapter uses these attributes to get the device’s security posture from Jamf Pro.
The following figure illustrates a single sign-on scenario in which PingFederate retrieves the security posture of a user’s device during authentication.
Description
-
The user initiates sign on with the service provider using a device that is enrolled with Jamf Pro.
-
The SP redirects the request to PingFederate. The browser provides the user’s X.509 certificate.
-
The PingFederate X.509 Certificate identity provider Adapter validates the certificate against a specified list of issuers or the server’s list of trusted certificate authorities, then parses the device information from the certificate.
-
The X.509 Certificate IdP Adapter provides the device type (mobile device or computer) and device identifier to the Jamf IdP Adapter.
-
The Jamf IdP Adapter provides the device identifier to Jamf Pro and requests the device’s security posture.
-
Jamf Pro returns the device’s security posture and a collection of other attributes.
-
PingFederate completes the sign-on flow or branches the authentication policy to a different result depending on the security posture result.