Google

Configuring an adapter instance

Configure the Google Chrome Enterprise Device Trust IdP Adapter to determine how PingFederate communicates with Google Chrome Enterprise.

About this task

To get started with the integration, deploy the Google Chrome Enterprise Integration Kit files to your PingFederate directory.

Steps

  1. In the PingFederate administrative console, go to Authentication > Integration > IdP Adapters. Click Create New Instance.

  2. On the Type tab, set the basic adapter instance attributes:

    1. In the Instance Name field, enter a name for the adapter instance.

    2. In the Instance ID field, enter a unique identifier for the adapter instance.

    3. From the Type list, select Google Chrome Enterprise Device Trust IdP Adapter. Click Next.

  3. On the IdP Adapter tab, in the Google Verified Access API Response Mappings section, map attributes from the Google Verified Access API response to the attribute contract:

    1. Click Add a new row to 'Google Verified Access API Response Mappings'.

    2. In the Local Attribute field, enter a name for an attribute.

    3. In the Google Verified Access API Response Mapping field, enter the JSON Pointer syntax for the source Google Verified Access API attributes as shown in JSON Pointer syntax reference.

      Example:

      The JSON pointer /deviceSignals/displayName returns the machine display name.

    4. In the Action column, click Update.

    5. To add more attributes, repeat steps a - d.

      Result:

      These attributes become available in your PingFederate authentication policy.

  4. On the IdP Adapter tab, configure the adapter instance by referring to Google Chrome Enterprise Device Trust IdP Adapter settings reference. Click Next.

  5. On the Actions tab, test your connection to Google Chrome Enterprise. Resolve any issues that are reported, and then click Next.

  6. On the Extended Contract tab, add any attributes that you included in the Google Verified Access API Response Mappings section of the IdP Adapter tab. Click Next.

  7. On the Adapter Attributes tab, set pseudonym and masking options as shown in Set pseudonym and masking options in the PingFederate documentation. Click Next.

  8. On the Adapter Contract Mapping tab, configure the contract fulfillment details for the adapter as shown in Define the IdP adapter contract in the PingFederate documentation. Click Next.

  9. On the Summary tab, review your configuration and then click Save.