Configuring an adapter instance - PingOne Cloud Platform - PingOne Services - PingOne - PingOne Protect

PingOne Protect Integration Kit

bundle
pingfederate-pingone-protect-ik
ft:publication_title
PingOne Protect Integration Kit
Product_Version_ce
PingOne Cloud Platform
PingOne Services
PingOne
PingOne Protect
category
Administrator
Audience
ContentType
English
Integration
Language
OtherDocs
Product
Productdocumentation
integrationdoc
p1
p1cloudplatform
p1protect
p1services
ContentType_ce
Product documentation
Integration

To get started with the integration, deploy the PingOne Protect Integration Kit files to your PingFederate directory.

  1. In the PingFederate administrative console, go to Authentication > Integration > IdP Adapters. Click Create New Instance.
  2. On the Type tab, set the basic adapter instance attributes:
    1. In the Instance Name field, enter a name for the adapter instance.
    2. In the Instance ID field, enter a unique identifier for the adapter instance.
    3. In the Type list, select PingOne Protect IdP Adapter. Click Next.
  3. Optional: On the IdP Adapter tab, in the Additional User Attributes (optional) section, you can configure additional attributes to send to PingOne Protect.
  4. Optional: In the Additional Risk Predictors (optional) section, you can configure additional risk predictors to send to PingOne Protect.
    1. Click Add a new row to 'Additional Risk Predictors (optional)'.
    2. In the Incoming Attribute Name field, enter the name of an attribute from any authentication source that appears earlier in your PingFederate authentication policy than the PingOne Protect IdP Adapter.
    3. In the PingOne Protect Attribute list, select the PingOne attribute that you want to populate.
    4. In the Action column, click Update.
    5. To add more attributes, repeat steps a - d.
  5. Optional: On the IdP Adapter tab, in the PingOne Protect API Response Mappings section, map the attributes from PingOne Protect Evaluation API response to the attribute contract.

    These attributes will become available in your PingFederate authentication policy.

    1. Click Add a new row to 'PingOne Protect API Response Mappings'.
    2. In the Local Attribute field, enter a name of your choosing for an attribute.
    3. In the PingOne Protect API Attribute Mapping field, enter the JSON Pointer syntax for the source PingOne attribute as shown in JSON Pointer syntax reference.
      For example, the JSON pointer /details/ipAddressReputation/level will return the IP address repuation level, such as LOW.
    4. In the Action column, click Update.
    5. To add more attributes, repeat steps a - d.
    Note:

    If you skip performing a fraud evaluation in the adapter, the response mappings might not be returned.

  6. On the IdP Adapter tab, configure the adapter instance by referring to IdP Adapter settings reference. Click Next.
  7. On the Actions tab, test your connection to PingOne Protect. Resolve any issues that are reported, and then click Next.
  8. On the Extended Contract tab, add any attributes that you included in the PingOne Protect API Response Mappings section of the IdP Adapter tab. Click Next.
  9. On the Adapter Attributes tab, set pseudonym and masking options as shown in Set pseudonym and masking options in the PingFederate documentation. Click Next.
  10. On the Adapter Contract Mapping tab, configure the contract fulfillment details for the adapter as shown in Define the IdP adapter contract in the PingFederate documentation. Click Next.
  11. On the Summary tab, check and save your configuration. Click Save.