By sending a Microsoft user ID to Azure AD Identity Protection when a user signs on, PingFederate can get a security risk level based on the user's history. You can use this to dynamically adjust the authentication requirements. For example, you could configure your PingFederate authentication policy to require multi-factor authentication (MFA) when a user with a high risk level signs on.



  • Azure AD Identity Protection IdP Adapter:
    • When a user signs on through PingFederate, the adapter sends the user ID to Azure AD Identity Protection.
    • The adapter receives the user's risk level and makes it available in the PingFederate authentication policy.

Intended audience

This document is intended for PingFederate administrators.

If you need help during the setup process, see the following resources:

System requirements