Page created: 27 Dec 2019 |
Page updated: 8 Feb 2022
With the ID DataWeb Integration Kit, PingFederate includes the ID DataWeb API in the sign-on flow.
The following figure shows how the ID DataWeb API is integrated into the sign-on process:
- A user initiates the sign-on process by requesting access to a protected resource.
- The ID DataWeb IdP Adapter sends the device profile identifier and any user attributes to the ID DataWeb API and requests the policy decision ("approve", "obligation", or "deny").
- The ID DataWeb API returns a JSON payload with the policy decision and other attributes to the ID DataWeb IdP Adapter.
- The ID DataWeb IdP Adapter makes the policy decision and contract attributes available in the PingFederate authentication policy.
- PingFederate executes the authentication policy, which branches based on the policy decision provided by the ID DataWeb IdP Adapter.
- PingFederate returns the resource that the user requested.
- If Update Device Trust is enabled in the adapter instance configuration, the ID DataWeb IdP Adapter notifies ID DataWeb that the device is trustworthy. This gives the device a better trust score for subsequent sign on attempts.