Using custom risk predictors
The PingOne Protect IdP Adapter lets you use attributes from your PingFederate authentication flow as risk predictors in PingOne Protect.
About this task
For an overview of risk predictors, see Predictors in the PingOne Protect documentation.
The following steps provide an example that shows how to include the device security state from a mobile device management (MDM) service in the PingOne Protect risk evaluation.
Steps
-
Make the predictor available as an attribute in your PingFederate authentication policy.
-
Add the source of the predictor data to your authentication policy.
MDM example: Add a mobile device management adapter. On the Extended Contract tab of the configuration for that adapter instance, the attribute that holds the security state of the user’s device is called
ComplianceStatus
. -
Later in the flow, add the PingOne Protect IdP Adapter that you configured in Configuring an adapter instance.
-
-
In PingOne Protect, add the risk predictor and include it in your risk policy.
For help, see Predictors in the PingOne Protect documentation.
MDM example: Add a predictor with the JSON pointer
$\{event.ComplianceStatus}
. -
In the Risk Predictors table of your PingOne Protect IdP Adapter configuration, map the predictor attribute from your PingFederate authentication policy to the JSON pointer you defined in PingOne Protect.
For help, see Configuring an adapter instance.
MDM example: Map the PingFederate
ComplianceStatus
attribute to the PingOne Protect predictor in your PingOne Protect IdP Adapter configuration.During the authentication flow, the PingOne Protect IdP Adapter gets the predictor attribute from the PingFederate authentication policy and passes it to PingOne Protect. Next, PingOne Protect compares the value to the risk levels you defined and includes it in the risk evaluation.