Configure the Azure AD Identity Protection IdP Adapter to determine how PingFederate communicates with Azure AD Identity Protection.
In the PingFederate
administrative console, create a new IdP adapter instance:
- For PingFederate 10.1 or later: go to . Click Create New Instance.
- For PingFederate 10.0 or earlier: go to . Click Create New Instance.
On the Type tab, set the basic adapter instance
- In the Instance Name field, enter a name for the adapter instance.
- In the Instance ID field, enter a unique identifier for the adapter instance.
- From the Type list, select Azure AD Identity Protection IdP Adapter. Click Next.
On the IdP Adapter tab, in the Azure AD Identity Protection API Response Mappings section, map
user data from the Azure AD Identity Protection
response to the attribute contract:
These attributes become available in your PingFederate authentication policy.
- Click Add a new row to 'Azure AD Identity Protection API Response Mappings'.
- In the Local Attribute field, enter a name of your choosing for an attribute.
- In the Azure Attribute Mapping field, enter the JSON Pointer syntax for the value of the matching Azure AD Identity Protection attributes as shown in JSON Pointer syntax reference. Alternately, leave the field blank to include the entire response as the value.
- In the Action column, click Update.
- To add more attributes, repeat steps a-d.
- On the IdP Adapter tab, configure the adapter instance by referring to Azure AD Identity Protection IdP Adapter settings reference. Click Next.
- On the Extended Contract tab, add any attributes that you included in the Azure Response Mappings section of the IdP Adapter tab. Click Next.
- On the Adapter Attributes tab, set pseudonym and masking options as shown in Set pseudonym and masking options in the PingFederate documentation. Click Next.
- On the Adapter Contract Mapping tab, configure the contract fulfillment details for the adapter as shown in Define the IdP adapter contract in the PingFederate documentation. Click Next.
On the Summary tab, check and save your configuration:
- For PingFederate 10.1 or later: click Save.
- For PingFederate 10.0 or earlier: click Done. On the Manage IdP Adapter Instances tab, click Save.