The Intune Integration Kit allows PingFederate to integrate with the Microsoft Intune platform.
This integration allows you to get the security posture of the device that an employee is using to authenticate. Including the security posture in your PingFederate authentication policy allows you to dynamically allow or deny access to resources for each user that signs on. For example, you can:
- Deny access for users who have devices that are not managed by Intune.
- Allow access for users that only have devices that are in compliance.
- Deny access to a user whose current device has been compromised or rooted.
- Allows you to retrieve the security posture for the authenticating user's current device, or all devices associated with that user.
This document is intended for PingFederate administrators.
- The following sections of the PingFederate documentation:
- The X.509 Certificate Integration Kit documentation
- The following sections of the Microsoft documentation:
- PingFederate 9.0 or later.
- A Microsoft Intune tenant.
- A Windows 2012 R2 (or later) server configured as a Certificate Authority (CA) server.
- A Windows 2012 R2 (or later) server configured with the Network Device Enrollment Service (NDES) server role and Simple Certificate Enrollment Protocol (SCEP).
- Mobile application support requires the following:
- A Web Controller to allow the application to read the certificate from the device. For Android, Chrome 45+ & Chrome Custom Tabs. For Apple, iOS9+ & Safari View Controller.
- AppAuth is required for shared sessions between supported mobile applications.