1. Set up PingFederate to run the service provider (SP) application according to instructions in the Workspace ONE administrator documentation.
  2. In the Workspace ONE administrative console, on the Devices > Profiles & Resources > Profiles page, click Add > Add Profile.
  3. On the device type list, select the type that the profile applies to, and then complete the profile form.
  4. In the Assigned Groups field, assign the profile to the group that includes your test device.
  5. On the Credentials tab of the profile, click Configure. Select your credential source, verify the data is correct, and then click Save & Publish.
  6. Install the profile on the device.
    1. On the Profiles & Resources page, on the profile that you created, click the Not Installed button.
    2. Click Install Profile.
    3. Turn on the test device.
    4. On the device, open the agent app to force a "sync" between the device and the Workspace ONE Server.
  7. On the test device, on the Devices > List View > Select your device > Certificates page, check that the certificate appears on the list of certificates installed on the device.
  8. On the test device, in a browser, go to a protected resource.
  9. When asked for X.509 authentication, select the certificate installed by the profile. If the certificate isn't available, manually add it to the browser certificate store and try again.

    The browser will be redirected to PingFederate for X.509 validation and the device should be redirected to the protected resource.