Page created: 24 Jul 2019 |
Page updated: 8 Feb 2022
By modifying your PingFederate authentication policy to include the
isCompliant results from Intune, you can
control access to resources based on the device's security posture.
- Sign on to the PingFederate administrative console.
- On the Identity Provider screen, under Authentication Policies, click Policies.
- Open an existing authentication policy, or create a new one. See Defining authentication policies in the PingFederate documentation.
In the Policy area, in the Select
list, select an Intune IdP Adapter instance.
deviceId(shown as CN) or
userPrincipalNamefrom your X.509 Adapter instance into the Intune IdP Adapter instance.
- Under the Intune IdP Adapter instance, click Options.
- On the Options dialog, from the Source list, select your X.509 Adapter instance.
- From the Attribute list, select CN or userPrincipalName. Click Done.
Define policy paths based on the two security posture attributes,
- Under the Intune IdP Adapter instance, click Rules.
- On the Rules dialog, in the Attribute Name list, select isCompliant.
- In the Condition list, select equal to.
- In the Value field, enter true or false.
- In the Result field, enter a name. This appears as a new policy path that branches from the authentication source.
- Repeat steps b-e for isManaged.
- Click Done.
Configure each of the authentication paths, including Fail,
Success, and the paths that you defined in the
- Click Done.
- In the Policies window, click Save.