For an overview of risk predictors, see Predictors in the PingOne Protect documentation.

The following steps provide an example that shows how to include the device security state from a mobile device management (MDM) service in the PingOne Protect risk evaluation.

  1. Make the predictor available as an attribute in your PingFederate authentication policy.

    A screen capture showing the PingFederate authentication policy with a mobile device management adapter before the PingOne Protect IdP Adapter.
    1. Add the source of the predictor data to your authentication policy.

      MDM example: Add a mobile device management adapter. On the Extended Contract tab of the configuration for that adapter instance, the attribute that holds the security state of the user's device is called ComplianceStatus.

    2. Later in the flow, add the PingOne Protect IdP Adapter that you configured in Configuring an adapter instance.
  2. In PingOne Protect, add the risk predictor and include it in your risk policy.

    For help, see Predictors in the PingOne Protect documentation.

    MDM example: Add a predictor with the JSON pointer ${event.ComplianceStatus}.

  3. In the Risk Predictors table of your PingOne Protect IdP Adapter configuration, map the predictor attribute from your PingFederate authentication policy to the JSON pointer you defined in PingOne Protect.

    For help, see Configuring an adapter instance.

    MDM example: Map the PingFederate ComplianceStatus attribute to the PingOne Protect predictor in your PingOne Protect IdP Adapter configuration.


    A screen capture showing the Risk Predictors table with the attribute from the mobile device management adapter mapped to the PingOne Protect predictor attribute.

    During the authentication flow, the PingOne Protect IdP Adapter gets the predictor attribute from the PingFederate authentication policy and passes it to PingOne Protect. Next, PingOne Protect compares the value to the risk levels you defined and includes it in the risk evaluation.