PingOne Protect Integration Kit
The PingOne Protect Integration Kit allows PingFederate to communicate with PingOne Protect for risk-based authentication.
By sending transaction information and an optional device profile to PingOne when a user signs on, PingFederate can get a security risk evaluation for the sign-on event. Including the risk evaluation in your PingFederate authentication policy allows you to dynamically adjust the user’s authentication requirements each time they sign on.
Download
To download the PingOne Protect Integration Kit, see PingFederate Downloads on the Ping Identity site.
Components
-
PingOne Protect IdP Adapter
-
When a user signs on through PingFederate, the adapter sends the transaction information to PingOne Protect, and retrieves a Result and other information about the user’s current and previous transactions.
-
-
PingOne Protect Provider and SDK
The provider works with the HTML Form adapter in your policy. The provider includes the SDK and can evaluate risk and detect bots before the password credential validator (PCV) is triggered. It can work together or separately with the PingOne Protect IdP Adapter. Like the adapter, the provider supports the authentication API and widget.
The provider can be configured in the following ways:
-
The provider uses the SDK and performs risk evaluation without using the PingOne Protect IdP Adapter.
-
The provider uses the SDK and sends the payload to the PingOne Protect IdP Adapter, which checks the risk.
-
The provider is not used, such as in the case of an active session. The PingOne Protect IdP Adapter loads the device profiling page and checks the risk.
-
-
Template and script files
-
When a user signs on through PingFederate and device profiling is enabled, these files create a device profile for the adapter to send to PingOne Protect.
-
Intended audience
This document is intended for PingFederate administrators.
If you need help during the setup process, see the following resources:
-
PingOne Protect on the Ping Identity site
-
PingOne Protect in the PingOne documentation
-
The following sections of the PingFederate documentation:
System requirements
-
PingFederate 11.3 or later
If you have an older version of PingFederate, use the PingOne Risk Integration Kit.
-
To allow PingFederate to make outbound HTTPS connections, you might need to allow the following host names in your firewall:
-
https://api.pingone.com, https://api.pingone.asia, or https://api.pingone.eu
-
https://auth.pingone.com, https://auth.pingone.asia, or https://auth.pingone.eu
-
-
A PingOne Protect or PingOne Risk license
To create a trial account, see Creating an organization and environment in PingOne.