---
title: Overview of the SSO flow
description: With the Jamf Integration Kit, PingFederate parses identifying attributes from the X.509 certificate on the user's Apple device. The Jamf IdP Adapter uses these attributes to get the device's security posture from Jamf Pro.
component: jamf
page_id: jamf::pf_jamf_ik_overview_of_the_sso_flow
canonical_url: https://docs.pingidentity.com/integrations/jamf/pf_jamf_ik_overview_of_the_sso_flow.html
revdate: June 21, 2024
section_ids:
  description: Description
---

# Overview of the SSO flow

With the Jamf Integration Kit, PingFederate parses identifying attributes from the X.509 certificate on the user's Apple device. The Jamf IdP Adapter uses these attributes to get the device's security posture from Jamf Pro.

The following figure illustrates a single sign-on (SSO) *(tooltip: \<div class="paragraph">
\<p>The process of authenticating an identity (signing on) at one website (usually with a user ID and password) and then accessing resources secured by other domains without reauthenticating.\</p>
\</div>)* scenario in which PingFederate retrieves the security posture of a user's device during authentication.

![A diagram showing the authentication flow using the X.509 and Jamf integration kits.](_images/jamf-ik-sso-flow-overview-diagram.png)

## Description

1. The user initiates sign on with the service provider (SP) *(tooltip: \<div class="paragraph">
   \<p>In SAML, an entity that receives and accepts an authentication assertion issued by an IdP, typically for the purpose of allowing access to a protected resource.\</p>
   \</div>)* using a device enrolled with Jamf Pro.

2. The SP redirects the request to PingFederate. The browser provides the user's X.509 certificate.

3. The PingFederate X.509 Certificate identity provider (IdP) *(tooltip: \<div class="paragraph">
   \<p>A service that manages identity information and provides authentication services to relying clients or SPs within a federated or distributed network.\</p>
   \</div>)* Adapter validates the certificate against a specified list of issuers or the server's list of trusted certificate authorities, then parses the device information from the certificate.

4. The X.509 Certificate IdP Adapter provides the device type (mobile device or computer) and device identifier to the Jamf IdP Adapter.

5. The Jamf IdP Adapter provides the device identifier to Jamf Pro and requests the device's security posture.

6. Jamf Pro returns the device's security posture and a collection of other attributes.

7. PingFederate completes the sign-on flow or branches the authentication policy to a different result depending on the security posture result.