PingID Administration Guide

Configuring Microsoft Intune for PingID

Manage the PingID app using Microsoft Intune.

The following steps are for use cases where PingID MFA authenticating devices are managed by Microsoft Intune mobile device management (MDM). In cases where PingFederate is used to apply policies on accessing devices managed by Microsoft Intune, see Intune Integration Kit.

  1. In Microsoft Intune, install an Apple Push Notification service (APNs) certificate for iOS. For more information, see Installing an APNs certificate for iOS in Microsoft Intune.

  2. If your organization has iOS devices, add the PingID app for iOS. For more information, see Adding the PingID app for iOS in Microsoft Intune.

  3. If your organization has Android devices, add the PingID app for Android. For more information, see Adding the PingID app for Android in Microsoft Intune.

  4. Configure PingID configuration policies for Microsoft Intune. For more information, see Setting PingID app configuration policies for Microsoft Intune.

MDM maintenance:

As part of MDM maintenance activities for the PingID app, you can generate new tokens and revoke old tokens. For more information, see the following:

Installing an APNs certificate for iOS in Microsoft Intune

To ensure that PingID app configurations can be pushed to iOS devices, install an Apple Push Notification service (APNs) certificate in Microsoft Intune.

Before you begin

You will need your Apple ID for this procedure.

Steps

  1. As a Global Administrator in the Microsoft Azure portal, go to Intune → Device Enrollment → Apple Enrollment, and then click Apple MDM Push Certificate.

    Result:

    The Configure MDM Push Certificate window is displayed.

    A screen capture of the Configure MDM Push Certificate.
  2. In the Configure MDM Push Certificate window, complete the following fields.

    1. In section 1, select the I Agree check box.

      A screen capture of section 1 in the Configure MDM Push Certificate window. The I Agree check box is highlighted.

    2. In section 2, click Download Your CSR.

      A screen capture of section 2 in the Configure MDM Push Certificate window. The link to Download Your CSR is highlighted.

    3. In section 3, click Create Your MDM Push Certificate.

      A screen capture of section 3 in the Configure MDM Push Certificate window. The link to Create your MDM push Certificate is highlighted.

      Result:

      The Apple Push Certificates Portal window opens in your browser.

  3. Sign on to the Apple Push Certificates Portal.

    A screen capture of the Apple Push Certificates Portal window

  4. In either the Get Started section or the Certificates for Third-Party Servers section, click Create a Certificate.

    If your organization does not yet have any Apple Push certificates, the Get Started section is displayed. Otherwise, the Certificates list is displayed.

    A screen capture of the Get Started section. The Create a Certificate button is highlighted.
  5. Click Choose File and browse for the certificate signing request (CSR) file you created previously, and then click Upload.

    A screen capture of the Create a New Push Certificate section. The Choose File button is highlighted..

  6. In the row of the new APNs certificate, click Download.

    A screen capture of the Certificates for Third-Party Servers list. The Download button is highlighted.

  7. Return to the Configure MDM Push Certificate window and complete the following fields.

    1. In section 4, enter your Apple ID.

      A screen capture of section 4.

    2. In section 5, from the Apple MDM Push Certificate list, select your APNs certificate.

    3. Click Upload, and then save your configuration.

      A screen capture of section 5.

Next steps

Add the PingID app for iOS. For more information, see Adding the PingID app for iOS in Microsoft Intune.

Configuring Android for Work for Microsoft Intune

To ensure that PingID app configurations can be pushed to Android devices, configure Android for Work for the organization’s mobile device management (MDM).

Before you begin

In the Intune dashboard, configure Android work profile devices. For more information, see https://docs.microsoft.com/en-us/intune/android-enterprise-overview.

About this task

This is an example configuration of Android for Work without G Suite. You can configure Android for Work for MDM with G Suite.

Steps

  1. Go to the Microsoft Azure portal at https://portal.azure.com.

  2. Go to Intune → Home → Client Apps → Managed Google Play.

    Result:

    The Managed Google Play window opens.

  3. Click Open the Managed Google Play Store.

    A screen capture of the Managed Google Play window, highlighting the Open the Managed Google Play Store link.

    Result:

    Google Play opens in a new browser tab or window.

  4. Search for the PingID app and select it.

    A screen capture of Google Play search results, showing the PingID app.
  5. Click Approve.

    A screen capture of the PingID app in Google Play.

    You might be prompted to sign on as a managed Google Play administrator. Do so.

    Result:

    The Client Apps - Apps window is displayed.

  6. From the Apps list, click the PingID Google Play entry, and then from the left-hand menu, click Assignments.

    A screen capture of the Client Apps - Apps window.

    Result:

    The PingID - Assignments window is displayed.

  7. In the PingID - Assignments window, assign the PingID Android app to user groups.

    To create, manage and assign apps to groups, see the relevant Intune documentation.

    A screen capture of the Assignments window.
  8. Go to Intune → Client Apps → App Configuration Policies, and then click Add.

    Result:

    The Add Configuration Policy window is displayed.

  9. In the Name field, enter a name for the policy.

  10. In the Description field, add a description.

    A screen capture of the Add Configuration Policy window showing the Name field, the Description field, and the Device enrollment type list.
  11. From the Device Enrollment Type list, select Managed Devices.

    A screen capture of the Device Enrollment Type list with the options for Managed devices and Managed apps.

    Result:

    The Platform list is displayed.

  12. From the Platform list, choose Android.

    A screen capture of the Platform list.
  13. At the bottom of the window, click Add.

    Result:

    The Associated App tab is displayed.

  14. On the Associated App tab, click PingID.

    A screen capture of the Associated App tab. In this screen capture, the list of available apps include Intune Company Portal and PingID.

    Result:

    The Configuration Settings tab is displayed.

  15. From the Configuration Settings Format list, select Use Configuration Designer.

    A screen capture of the Configuration Settings tab showing the Configuration Settings Format list with the options Use Configuration Designer and Enter JSON Data.
  16. In the Configuration Value field, enter the PingID MDM token, and then click Add.

Next steps

Adding the PingID app for iOS in Microsoft Intune

Configure PingID as an MDM-managed app for iOS devices in Microsoft Intune.

Steps

  1. Go to the Microsoft Azure portal at https://portal.azure.com.

  2. Go to Intune → Client Apps → Apps → +Add → Add App.

  3. From the App Type list, select iOS.

    A screen capture of the Add App window and the App Type list. The list has multiple sections of apps: Store App, which has Android, iOS, Windows Phone 8.1, and Windows; Office 365 Suite, which has Windows 10 and macOS; and Other, which has Web link, Built-in app, Line-of-business app, and Windows app (Win32) - preview.
  4. In the Search the App Store section, click Select App.

    A screen capture of the Add App window and the Search the App Store section.

    Result:

    The Search the App Store window opens.

    A screen capture of the Search the App Store window.
  5. In the search field, enter th e PingID mobile app’s iTunes App Store URL: https://itunes.apple.com/us/app/pingid/id891247102?mt=8.

    Result:

    The PingID app is displayed.

    A screen capture of the Search the App Store window showing the PingID app in the search results.
  6. Click the PingID app.

    Result:

    You are returned to the Add App window with the Configure option enabled.

  7. To open the App Information window, click Configure.

  8. In the App Information window, make any required changes, and then click OK.

    A screen capture of the App Information window. Required fields are marked by an asterisk.

    Result:

    In the Add App window, the Add button is enabled.

  9. In the Add App window, click Add.

    Result:

    Your app appears in the list of client apps.

    A screen capture of the Client Apps - Apps window, highlighting the PingID iOS store app.

Next steps

Adding the PingID app for Android in Microsoft Intune

To ensure that PingID app configurations can be pushed to Android devices, configure Android for Work for the organization’s mobile device management (MDM).

Before you begin

In the Intune dashboard, configure Android work profile devices. For more information, see https://docs.microsoft.com/en-us/intune/android-enterprise-overview.

About this task

This is an example configuration of Android for Work without G Suite. You can configure Android for Work for MDM with G Suite.

Steps

  1. Go to the Microsoft Azure portal at https://portal.azure.com.

  2. Go to Intune → Home → Client Apps → Managed Google Play.

  3. In the Client Apps - Managed Google Play window, click Open the Managed Google Play Store.

    A screen capture of the Client Apps - Managed Google Play window, highlighting the Open the Managed Google Play Store app.

    Result:

    Google Play opens in a new browser tab or window.

  4. Search for the PingID app and select it.

    A screen capture of Google Play search results, showing the PingID app.
  5. Click Approve.

    A screen capture of the PingID app in Google Play.

    You might be asked to sign on as a managed Google Play administrator.

    Result:

    The Client Apps - Apps window is displayed.

  6. From the Apps list, select the PingID Managed Google Play app, and then from the left-hand menu, click Assignments.

    A screen capture of the Client Apps - Apps window, highlighting the PingID Managed Google Play App entry.

    Result:

    The PingID - Assignments window is displayed.

  7. In the PingID - Assignments window, assign the PingID Android app to user groups.

    To create, manage and assign apps to groups, consult the relevant Intune documentation.

    A screen capture of the PingID - Assignments window.

Next steps

Setting PingID app configuration policies for Microsoft Intune

Configure the following procedure separately for iOS and Android.

Steps

  1. Go to the Microsoft Azure portal at https://portal.azure.com.

  2. Go to Intune → Client Apps → App Configuration Policies → +Add.

    Result:

    The Add Configuration Policy window is displayed.

    A screen capture of the Add Configuration Policy window showing the Name field, the Description field, and the Device enrollment type drop-down list.
  3. In the Name field, enter a policy name. In the Description field, enter a description.

  4. From the Device Enrollment Type list, select Managed Devices.

  5. From the Platform list, select the relevant platform.

    A screen capture of the Add Configuration Policy window with the Platform list expanded to show the options for iOS and Android.
  6. Click the Associated App section, and then in the Associated App pane, select PingID.

    A screen capture of the Associated App pane showing the PingID app.

    Result:

    The Associated App section shows PingID.

    A screen capture of the Add Configuration Policy window, showing PingID in the Associated App section.
  7. Click the Configuration Settings section, and then follow the steps according to the relevant operating system.

    Operating System Steps

    iOS

    1. From the Configuration Settings Format list, select Use Configuration Designer.

    A screen capture of the Configuration Settings pane.
    1. In the Configuration Key field, enter PING_MDM_TOKEN.

    2. From the Value Type list, select String.

    3. In the Configuration Value field, enter your MDM string generated in the PingID admin portal. For more information, see Setting up MDM configuration in PingID for the first time.

    A screen capture of the Configuration Settings pane with the MDM string entered.

    Android

    1. From the Configuration Settings Format list, select Use Configuration Designer.

    A screen capture of the Configuration Settings Format drop-down list set to Use Configuration Designer.
    1. Click Add.

    2. To enable the Value Type field, click OK.

    A screen capture of the Configuration Key list showing the Value Type set to string.
    1. From the Value Type list, select String.

    2. In the Configuration Value field, enter your MDM string generated in the PingID admin portal. For more information, see Setting up MDM configuration in PingID for the first time.

    A screen capture of the Configuration Settings pane with the MDM string entered.
  8. Click OK.

    Result:

    You are returned to the Add Configuration Policy window.

Updating a PingID token in Microsoft Intune

Configure the following procedure separately for iOS and Android.

Before you begin

The PingID app is configured for both iOS and Android.

Steps

  1. Go to the Microsoft Azure portal at https://portal.azure.com.

  2. Go to Intune → Client Apps → App Configuration Policies.

    Result:

    The Client Apps - App Configuration Policies window is displayed.

    A screen capture of the Client Apps - App Configuration Policies window
  3. Click the relevant Android PingID App or iOS PingID App entry.

  4. Click Properties.

    A screen capture of the PingID app menu for the chosen operating system.
  5. Follow the steps according to the relevant operating system.

    Operating System Steps

    iOS

    1. Click the Configuration Settings tab.

    A screen capture showing the Configuration Settings tab.
    1. Enter your MDM string between <string> and </string>. For more information, see Setting up MDM configuration in PingID for the first time.

    A screen capture of the Configuration Settings pane.

    Android

    1. Click the Configuration Settings tab.

    A screen capture showing the Configuration Settings tab.
    1. From the Value Type list, select String. In the Configuration Value field, enter your MDM string. For more information, see Setting up MDM configuration in PingID for the first time.

    A screen capture of the Configuration Settings tab showing the Configuration Key, Value Type set to string, and Configuration Value.
  6. Click OK.

    Result:

    You are returned to the app dashboard window.

  7. Click Save.