The Azure AD Identity Protection Integration Kit allows PingFederate to communicate with Azure AD Identity Protection for risk-based authentication.
By sending a Microsoft user ID to Azure AD Identity Protection when a user signs on, PingFederate can get a security risk level based on the user's history. You can use this to dynamically adjust the authentication requirements. For example, you could configure your PingFederate authentication policy to require multi-factor authentication (MFA) when a user with a high risk level signs on.
Features
- Uses the Azure AD Identity Protection "riskyUsers" resource
- Supports the PingFederate Authentication API
- Supports the JavaScript Widget for the PingFederate Authentication API
Components
- Azure AD Identity Protection IdP Adapter:
- When a user signs on through PingFederate, the adapter sends the user ID to Azure AD Identity Protection.
- The adapter receives the user's risk level and makes it available in the PingFederate authentication policy.
Intended audience
This document is intended for PingFederate administrators.
If you need help during the setup process, see the following resources:
- The following sections of the PingFederate documentation:
- The following sections of the Azure AD Identity Protection documentation:
System requirements
- PingFederate 9.3 or later.
- A valid Azure AD Identity Protection license. For details, see License requirements in the Azure AD Identity Protection documentation.
- This integration uses the Microsoft Cloud Identity Connector to get Microsoft user IDs. Setup details are provided in Setting up the Microsoft Cloud Identity Connector.