Overview of the SSO flow
The following figure shows a basic SSO scenario in which a PingFederate server authenticates users to an SP application using the MobileIron Adapter.
Processing Steps
-
A user with an MobileIron enrolled device requests access to an SP resource. The request is redirected to PingFederate to perform X.509 Authentication.
-
The browser requests the user’s X.509 certificate. The PingFederate X.509 Certificate Adapter validates the certificate against a list of issuers. If no issuers are specified in the Adapter setup, it uses the server’s list of trusted CAs instead.
-
The certificate is validated and the Device Identifier is parsed from the certificate. The Device Identifier is then passed to the MobileIron Adapter.
-
The Device Identifier is used to contact the MobileIron Device API to retrieve the device’s posture.
-
The result of the authentication is returned, and if successful, the user is redirected to the requested resource.