PingOne

Configuring an adapter instance

To get started with the integration, deploy the PingOne Risk Integration Kit files to your PingFederate directory.

Steps

  1. In the PingFederate administrative console, go to Authentication → Integration → IdP Adapters. Click Create New Instance.

  2. On the Type tab, set the basic adapter instance attributes:

    1. In the Instance Name field, enter a name for the adapter instance.

    2. In the Instance ID field, enter a unique identifier for the adapter instance.

    3. From the Type list, select PingOne Risk IdP Adapter. Click Next.

  3. On the IdP Adapter tab, in the Additional User Attributes section, configure additional information to send to PingOne Risk.

    1. Click Add a new row to 'Additional User Attributes'.

    2. In the Incoming Attribute Name field, enter the name of an attribute from any authentication source that appears earlier in your PingFederate authentication policy than the PingOne Risk IdP Adapter.

    3. In the PingOne Risk Attribute list, select the PingOne attribute that you want to populate.

    4. In the Action column, click Update.

    5. To add more attributes, repeat Steps a-d.

  4. Optional: On the IdP Adapter tab, map any custom risk predictors.

    For more information, see Using custom risk predictors.

    1. Click Add a new row to 'Additional Risk Predictors (optional)'.

    2. In the Incoming Attribute Name field, enter the name of an attribute from any authentication source that appears earlier in your PingFederate authentication policy than the PingOne Risk IdP Adapter.

    3. In the PingOne Risk Attribute list, select the PingOne attribute that will be assessed in the risk policy, for example $\{event.isManaged}.

    4. In the Action column, click Update.

    5. To add more attributes, repeat steps a - d.

      PingOne Risk IK IdP Adapter screenshot.
  5. Optional: On the IdP Adapter tab, in the PingOne Risk API Response Mappings section, map attributes from PingOne Risk Evaluation API response to the attribute contract.

    These attributes become available in your PingFederate authentication policy.

    1. Click Add a new row to 'PingOne Risk API Response Mappings'.

    2. In the Local Attribute field, enter a name of your choosing for an attribute.

    3. In the PingOne Risk API Attribute Mapping field, enter the JSON Pointer syntax for the source PingOne attribute as shown in JSON pointer syntax reference.

      For example, the JSON pointer /details/ipAddressReputation/level will return the IP address repuation level, such as LOW.

    4. In the Action column, click Update.

    5. To add more attributes, repeat steps a-d.

  6. On the IdP Adapter tab, configure the adapter instance by referring to PingOne Risk IdP adapter settings reference. Click Next.

  7. On the Actions tab, test your connection to PingOne Risk. Resolve any issues that are reported, and then click Next.

  8. On the Extended Contract tab, add any attributes that you included in the PingOne Risk API Response Mappings section of the IdP Adapter tab. Click Next.

  9. On the Adapter Attributes tab, set pseudonym and masking options as shown in Set pseudonym and masking options in the PingFederate documentation. Click Next.

  10. On the Adapter Contract Mapping tab, configure the contract fulfillment details for the adapter as shown in Define the IdP adapter contract in the PingFederate documentation. Click Next.

  11. On the Summary tab, check and save your configuration. Click Save.