The following figure illustrates a single sign-on (SSO) scenario in which PingFederate retrieves the security posture of a user's device during authentication.
A flow diagram that shows the authentication flow using the X.509 and Jamf integration kits.


  1. The user initiates sign on with the service provider (SP) using a device that is enrolled with Jamf Pro.
  2. The SP redirects the request to PingFederate. The browser provides the user's X.509 certificate.
  3. The PingFederate X.509 Certificate identity provider (IdP) Adapter validates the certificate against a specified list of issuers or the server's list of trusted certificate authorities, then parses the device information from the certificate.
  4. The X.509 Certificate IdP Adapter provides the device type (mobile device or computer) and device identifier to the Jamf IdP Adapter.
  5. The Jamf IdP Adapter provides the device identifier to Jamf Pro and requests the device's security posture.
  6. Jamf Pro returns the device's security posture and a collection of other attributes.
  7. PingFederate completes the sign-on flow or branches the authentication policy to a different result depending on the security posture result.