1. In Workspace ONE, configure the X.509 certificate template to include the Workspace ONE device ID as an attribute in the SAN extension.

    For help, see the Workspace ONE UEM documentation.

  2. In PingFederate, set up the X.509 Certificate Integration Kit, and create an X.509 Certificate Adapter instance.
    For complete documentation, see X.509 Certificate Integration Kit.
    1. In the adapter instance configuration, on the IdP Adapter tab, click Show Advanced Fields, then select Include subject alternative name (SAN).
    2. On the Extended Contract screen, add the SAN attribute from the X.509 certificate that contains the Workspace ONE device ID.