1. A user with an Workspace ONE enrolled device requests access to an SP resource. The request is redirected to PingFederate to perform X.509 authentication.
  2. The browser requests the user’s X.509 certificate. The PingFederate X.509 Certificate Adapter validates the certificate against a list of issuers. If no issuers are specified in the adapter setup, it uses the server’s list of trusted CAs instead.
  3. PingFederate validates the certificate, then passes the device ID from the certificate to the Workspace ONE IdP Adapter.
  4. PingFederate contacts the the Workspace ONE API, provides the device ID to get information about the device's security posture.
  5. The result of the authentication is returned, and if successful, the user is redirected to the requested resource.