With the Intune Integration Kit, PingFederate parses the user's
deviceId or userPrincipalName attribute from an X.509
certificate and uses it to get the device's security posture from Microsoft
Intune.
Description
- A user requests access to a resource by using a device that is enrolled with Intune.
- The service provider (SP) redirects the request to PingFederate. The browser requests the user's X.509 certificate.
- The PingFederate X.509 Certificate Adapter validates the certificate against a
specified list of issuers or the the server's list of trusted certificate
authorities. Depending on your configuration, the X.509 Certificate Adapter passes
the
deviceIdoruserPrincipalName(UPN) attribute to the Intune IdP Adapter. - The Intune IdP Adapter contacts the Microsoft Graph API to look up the user's
security posture information. Intune provides one of the following results
depending on the Intune IdP Adapter instance configuration:
- The security posture for the current device based on the
deviceId. - An aggregate security posture for all of the current user's devices based
on the
userPrincipalName.
- The security posture for the current device based on the
- The PingFederate authentication policy uses the result from Intune to determine whether the user is redirected to the resource they requested.