Overview of the SSO flow

Page created: 10 Feb 2021 |

Page updated: 27 Sep 2022

| 1 min read

Jamf Other Documents Integrations Language English Integration Content Type Product documentation Audience Administrator

With the Jamf Integration Kit, PingFederate parses identifying attributes from the X.509 certificate on the user's Apple device. The Jamf IdP Adapter uses these attributes to get the device's security posture from Jamf Pro.

The following figure illustrates a single sign-on (SSO) scenario in which PingFederate retrieves the security posture of a user's device during authentication.
A flow diagram that shows the authentication flow using the X.509 and Jamf integration kits.

A flow diagram that shows the authentication flow using the X.509 and Jamf integration kits.

Description

The user initiates sign on with the service provider (SP) using a device that is enrolled with Jamf Pro.
The SP redirects the request to PingFederate. The browser provides the user's X.509 certificate.
The PingFederate X.509 Certificate identity provider (IdP) Adapter validates the certificate against a specified list of issuers or the server's list of trusted certificate authorities, then parses the device information from the certificate.
The X.509 Certificate IdP Adapter provides the device type (mobile device or computer) and device identifier to the Jamf IdP Adapter.
The Jamf IdP Adapter provides the device identifier to Jamf Pro and requests the device's security posture.
Jamf Pro returns the device's security posture and a collection of other attributes.
PingFederate completes the sign-on flow or branches the authentication policy to a different result depending on the security posture result.