This integration allows you to get the security posture of the device that an employee is using to authenticate. Including the security posture in your PingFederate authentication policy allows you to dynamically allow or deny access to resources for each user that signs on. For example, you can:

  • Deny access for users who have devices that are not managed by Intune.
  • Allow access for users that only have devices that are in compliance.
  • Deny access to a user whose current device has been compromised or rooted.
This mitigates the risk of corporate resources being accessed from employees' mobile and desktop devices.
Tip: If you want to use Microsoft Intune to manage the PingID app on mobile devices, see Configure Microsoft Intune for PingID in the PingID documentation.

Components

Intune IdP Adapter
  • Allows you to retrieve the security posture for the authenticating user's current device, or all devices associated with that user.

Intended audience

This document is intended for PingFederate administrators.

Before starting, we recommend that you familiarize yourself with the following:

System requirements

  • PingFederate 9.0 or later.
  • A Microsoft Intune tenant.
  • A Windows 2012 R2 (or later) server configured as a Certificate Authority (CA) server.
  • A Windows 2012 R2 (or later) server configured with the Network Device Enrollment Service (NDES) server role and Simple Certificate Enrollment Protocol (SCEP).
  • Mobile application support requires the following:
    • A Web Controller to allow the application to read the certificate from the device. For Android, Chrome 45+ & Chrome Custom Tabs. For Apple, iOS9+ & Safari View Controller.
    • AppAuth is required for shared sessions between supported mobile applications.