Microsoft EAM Integration Kit

Configuring a PingFederate authentication policy

Configure a PingFederate authentication policy using the Microsoft EAM IdP Adapter and a downstream MFA adapter such as PingID.

Learn more in the Policies section of the PingFederate documentation.

Steps

  1. Go to Authentication > Policies and click Add Policy.

  2. In the Name field, give the policy a unique name.

  3. Configure the Microsoft EAM IdP Adapter as the first step and the PingID adapter as the second step in the policy:

    1. In the Policy list, select IdP Adapters, then select the EAM adapter instance you configured in Configuring an adapter instance.

    2. In the Fail section, click Done.

    3. In the Success list, select IdP Adapters, then select the PingID adapter instance you configured.

  4. Configure the PingID adapter step:

    1. In the Fail section, click Done.

    2. In the Success list, select Policy Contracts, then select a policy contract you’ve configured.

      Learn more in Applying policy contracts or identity profiles to authentication policies in the PingFederate documentation.

  5. If the PingID adapter follows the Microsoft EAM IdP Adapter in the authentication policy, set the Microsoft EAM IdP Adapter’s sub attribute as the User ID Authenticated for PingID:

    1. On the PingID adapter step, click Options.

    2. In the Source list, select the Microsoft EAM IdP Adapter.

    3. In the Attribute list, select sub.

    4. Select the User ID Authenticated checkbox.

    5. Click Done.

  6. If the PingID adapter follows the Microsoft EAM IdP Adapter in the authentication policy and the flow ends in a policy contract, select PingID’s amr attribute as the Source for the Contract Mapping:

    1. On the policy contract step, click Contract Mapping.

    2. On the Attribute Sources & User Lookup tab, click Next.

    3. On the Contract Fulfillment tab:

      1. For the acr attribute, in the Source list, select the EAM adapter instance. In the Value list, select acr.

      2. For the amr attribute, in the Source list, select the PingID adapter instance. In the Value list, select amr.

      3. For the subject attribute, in the Source list, select the EAM adapter instance. In the Value list, select sub.

    4. On the Issuance Criteria tab, click Next.

    5. On the Summary tab, click Done.

    Learn more in configuring contract mapping.

  7. Check your configuration, then click Done.