Microsoft EAM Integration Kit

Exporting amr as an additional attribute for PingID

If you plan to use PingID as an MFA factor, configure the PingID adapter to export amr as an additional attribute.

Steps

  1. In the PingFederate administrative console, open the PingID adapter configuration and go to the Extended Contract tab.

  2. In the Extend the Contract field, enter amr. Click Add.

  3. Go to the Adapter Contract Mapping tab and click Configure Adapter Contract.

  4. Convert PingID-specific amr values into Microsoft Entra ID-specific amr values:

    1. Go to the Adapter Contract Fulfillment tab.

    2. Find amr in the Contract column.

    3. In the corresponding Source list, select Expression.

    4. In the corresponding Value field, enter the following OGNL expression:

      #xref = #{
      "FIDO2":"fido",
      "FIDO2_BIOMETRICS":"fido",
      "BYPASS":"bypass",
      "MOBILE_APP_BIOMETRICS":"bio",
      "MOBILE_APP_SWIPE":"swk",
      "NUMBER_MATCHING":"swk",
      "MOBILE_APP_OTP":"otp",
      "POLICY_APPROVE":"pop",
      "EMAIL":"otp",
      "SMS":"sms",
      "VOICE":"tel",
      "YUBIKEY":"hwk",
      "OATH_TOKEN":"hwk",
      "AUTHENTICATOR_APP":"otp",
      "DESKTOP_OTP":"otp",
      "SECURITY_KEY":"fido" },
      #action = #this.get("pingid.authentication.type").toString(),
      #result = (#action != null) && (#xref[#action] != null) ? #xref[#action] : "no_mapping",
      #result
  5. Click Done.