Using custom risk predictors

The PingOne Risk IdP Adapter lets you use attributes from your PingFederate authentication flow as risk predictors in PingOne Risk.

About this task

You can find an overview of risk predictors in Predictors in the PingOne Risk documentation.

The following steps provide an example that shows how to include the device security state from a mobile device management (MDM) service in the PingOne Risk risk evaluation.

Steps

Make the predictor available as an attribute in your PingFederate authentication policy.
1. Add the source of the predictor data to your authentication policy.
  
  MDM example: Add a mobile device management adapter. On the Extended Contract tab of the configuration for that adapter instance, the attribute that holds the security state of the user’s device is called ComplianceStatus.
2. Later in the flow, add the PingOne Risk IdP Adapter that you configured in Configuring an adapter instance.
In PingOne Risk, add the risk predictor and include it in your risk policy.

Learn more in Predictors in the PingOne Risk documentation.

MDM example: Add a predictor with the JSON pointer $\{event.ComplianceStatus}.
In the Risk Predictors table of your PingOne Risk IdP Adapter configuration, map the predictor attribute from your PingFederate authentication policy to the JSON pointer that you defined in PingOne Risk.

Learn more in Configuring an adapter instance.

MDM example: Map the PingFederate ComplianceStatus attribute to the PingOne Risk predictor in your PingOne Risk IdP Adapter configuration.

During the authentication flow, the PingOne Risk IdP Adapter gets the predictor attribute from the PingFederate authentication policy and passes it to PingOne Risk. Next, PingOne Risk compares the value to the risk levels that you defined and includes it in the risk evaluation.