The best threat protection often means leveraging multiple risk and fraud services. PingOne Protect allows administrators to send third-party data and other risk signal vendor scores, for example sending information from PingFederate whether a device is managed and not.
There are three steps to ingesting third-party risk data into PingOne Protect:
- Send the third-party data to PingOne Protect by creating custom attributes to map the values to.
- Validate that PingOne Protect received the third-party data.
- Configure a custom predictor using the custom attributes.
Custom predictors allow you to plug in external data sources and reference custom attributes. You can use custom predictors to determine a risk score for unmanaged devices or map third-party risk scores to high, medium, or low. You can also add custom predictors to risk policies, apply overrides, and view analytics in the dashboards.
Sending third-party data to PingOne Protect
PingOne Protect cannot invoke a third-party API directly, so the external data must be sent into the evaluation call from another service, and the values need to be mapped into custom attributes.
Depending on your identity service providers, there are multiple ways to send third-party data to PingOne Protect:
- PingOne DaVinci
- The most straightforward approach is using PingOne
DaVinci to retrieve
a third-party data feed and pass the response back into PingOne Protect. Use
purpose-built PingOne
DaVinci connectors
to get risk evaluations from vendors such as Castle, LexisNexis, or
Securonix. You can also configure a generic REST call to get risk
information from other vendors.
For more information, see:
- PingOne Protect connector
- Setting up custom attributes
- Example connectors:
- Castle connector
- LexisNexis connector
- Securonix connector
- PingOne DaVinci HTTP connector (generic API call)
- PingFederate
- Use PingFederate integration kits to
retrieve third-party data in combination with the PingOne Protect Integration
Kit to configure custom attributes to map the data into PingOne Protect.
For more information, see:
- PingOne Protect Integration Kit
- Setting up custom attributes
- Example integration kits:
- ID DataWeb Integration Kit
- iovation Integration Kit
- ThreatMetrix Integration Kit
- Mobile device management (MDM) integration kits:
- Intune Integration Kit
- MobileIron Integration Kit
- Workspace ONE UEM Integration Kit (formerly known as AirWatch)
- PingOne API
- Use the PingOne API to
retrieve risk evaluations from third-party risk providers. You can add
custom attributes to
event
objects by adding the attribute to theevent
object in the body of a risk evaluation request. For more information, see Risk evaluations. - PingOne Authorize
- Use PingOne Authorize to call PingOne Protect for risk evaluations as part of a PingOne authorization policy. For more information, see Connecting to PingOne Protect.
Validating received third-party data in PingOne Protect
After you send the third-party data to PingOne Protect, validate that the data was received either using the PingOne admin console or the API:
- PingOne admin console: To view a risk evaluation, follow the steps in Reviewing risk evaluations.
- PingOne API: Create a risk evaluation and review the response. For more information, see the PingOne Protect API documentation.
In a risk evaluation, the custom attributes appear in the event
{...}
section near the end of the JSON in a risk evaluation.
Configuring custom predictors using custom attributes
After sending third-party data and validating that it was received in PingOne, configure custom predictors that use the custom attributes that you previously created:
- PingOne admin console: See Adding custom predictors.
- PingOne API: See Custom risk predictors.