Adding Intune security posture results to your authentication policy - PingFederate

By modifying your PingFederate authentication policy to include the isManaged and isCompliant results from Intune, you can control access to resources based on the device's security posture.

These steps are designed to help you add to an existing authentication policy. For general information about configuring authentication policies, see Policies in the PingFederate documentation.

1. Sign on to the PingFederate administrative console.
2. On the Identity Provider screen, under Authentication Policies, click Policies.
3. Open an existing authentication policy, or create a new one. See Defining authentication policies in the PingFederate documentation.
4. In the Policy area, in the Select list, select an Intune IdP Adapter instance.
   
5. Map the deviceId (shown as CN) or userPrincipalName from your X.509 Adapter instance into the Intune IdP Adapter instance.
   
   1. Under the Intune IdP Adapter instance, click Options.
   2. On the Options dialog, from the Source list, select your X.509 Adapter instance.
   3. From the Attribute list, select CN or userPrincipalName. Click Done.
6. Define policy paths based on the two security posture attributes, isCompliant and isManaged.
   
   1. Under the Intune IdP Adapter instance, click Rules.
   2. On the Rules dialog, in the Attribute Name list, select isCompliant.
   3. In the Condition list, select equal to.
   4. In the Value field, enter true or false.
   5. In the Result field, enter a name. This appears as a new policy path that branches from the authentication source.
   6. Repeat steps b-e for isManaged.
   7. Click Done.
7. Configure each of the authentication paths, including Fail, Success, and the paths that you defined in the Rules dialog.
   
8. Click Done.
9. In the Policies window, click Save.