Exporting amr as an additional attribute for PingID
If you plan to use PingID as an MFA factor, configure the PingID adapter to export amr
as an additional attribute.
Steps
-
In the PingFederate administrative console, open the PingID adapter configuration and go to the Extended Contract tab.
-
In the Extend the Contract field, enter
amr
. Click Add. -
Go to the Adapter Contract Mapping tab and click Configure Adapter Contract.
-
Convert PingID-specific
amr
values into Microsoft Entra ID-specificamr
values:-
Go to the Adapter Contract Fulfillment tab.
-
Find
amr
in the Contract column. -
In the corresponding Source list, select Expression.
-
In the corresponding Value field, enter the following OGNL expression:
#xref = #{ "FIDO2":"fido", "FIDO2_BIOMETRICS":"fido", "BYPASS":"bypass", "MOBILE_APP_BIOMETRICS":"bio", "MOBILE_APP_SWIPE":"swk", "NUMBER_MATCHING":"swk", "MOBILE_APP_OTP":"otp", "POLICY_APPROVE":"pop", "EMAIL":"otp", "SMS":"sms", "VOICE":"tel", "YUBIKEY":"hwk", "OATH_TOKEN":"hwk", "AUTHENTICATOR_APP":"otp", "DESKTOP_OTP":"otp", "SECURITY_KEY":"fido" }, #action = #this.get("pingid.authentication.type").toString(), #result = (#action != null) && (#xref[#action] != null) ? #xref[#action] : "no_mapping", #result
-
-
Click Done.