Adding device postures to your authentication policy
Create an authentication policy to pass the Workspace ONE device ID from the X.509 Certificate Adapter instance to the Workspace ONE IdP Adapter instance.
About this task
These steps are designed to help you add to an existing authentication policy. You can find general information about configuring authentication policies in PingFederate Authentication API in the PingFederate documentation.
Steps
-
In the PingFederate admin console, go to the Policies tab.
-
For PingFederate 10.1 or later, go to Authentication > Policies > Policies.
-
For PingFederate 10.0 or earlier, go to Identity Provider > Authentication Policies > Policies.
-
-
Select the IdP Authentication Policies checkbox.
-
Open an existing authentication policy, or click Add Policy.
You can find help in Defining authentication policies in the PingFederate documentation.
-
In the Policy area, in the Select list, select the X.509 Certificate Adapter instance that you created in Create an X.509 Certificate Adapter instance.
-
In the X.509 Fail section, configure the failure result.
-
In the X.509 Success section, select the Workspace ONE IdP Adapter instance that you created in Configuring a Workspace ONE IdP Adapter instance. Click Options.
-
On the Incoming User ID modal, in the Source list, select the X.509 Certificate Adapter instance.
-
In the Attribute list, select the attribute that you added to the extended contract of the X.509 Certificate Adapter instance. Click Done.
-
In the Workspace ONE IdP Adapter Fail section, configure the failure result.
-
In the Workspace ONE IdP Adapter Success section, select the policy contract that you created in Create a policy contract.
-
Click Contract Mapping.
-
On the Contract Fulfillment tab, in the Source list, select the X.509 Certificate Adapter instance.
-
In the Value list, select the attribute that contains the Workspace ONE device ID.
-
Click Done. In the Policies window, click Save.