For an overview of risk predictors, see Risk predictors in the PingOne documentation.

The example in the steps below shows how to include the device security state from a mobile device management (MDM) service in the PingOne Risk risk evaluation.

  1. Make the predictor available as an attribute in your PingFederate authentication policy.

    A screenshot that shows the PingFederate authentication policy with a mobile device management adapter before the PingOne Risk IdP Adapter.
    1. Add the source of the predictor data to your authentication policy.
      MDM example: Add a mobile device management adapter. On the Extended Contract tab of the configuration for that adapter instance, the attribute that holds the security state of the user's device is called ComplianceStatus.
    2. Later in the flow, add the PingOne Risk IdP Adapter that you configured in Configuring an adapter instance.
  2. In PingOne Risk, add the risk predictor and include it in your risk policy. For help, see Risk predictors in the PingOne documentation.
    MDM example: Add a predictor with the JSON pointer ${event.ComplianceStatus}.
  3. In the Risk Predictors table of your PingOne Risk IdP Adapter configuration, map the predictor attribute from your PingFederate authentication policy to the JSON pointer you defined in PingOne Risk. For help, see Configuring an adapter instance.
    MDM example: Map the PingFederate chainedAttForManaged attribute to the PingOne Risk predictor in your PingOne Risk IdP Adapter configuration. A screenshot that shows the ​​Risk Predictors​ table with the attribute from the mobile device management adapter mapped to the ​PingOne Risk​​ predictor attribute.
    During the authentication flow, the PingOne Risk IdP Adapter gets the predictor attribute from the PingFederate authentication policy and passes it to PingOne Risk. Next, PingOne Risk compares the value to the risk levels you defined and includes it in the risk evaluation.