Microsoft EAM Integration Kit
This integration kit enables PingFederate, together with a downstream multi-factor authentication (MFA) adapter, to serve as a Microsoft External Authentication Method (EAM) provider.
The Microsoft EAM Integration Kit processes the id_token_hint and claims parameters sent by Microsoft Entra ID’s external authentication mechanism.
The integration kit extracts the acr and amr values from the claims parameter and sets them as input for downstream adapters in the PingFederate authentication policy. Typically, a downstream adapter like PingID uses these values to perform MFA.
Components
- Microsoft EAM IdP Adapter
-
When PingFederate receives an OpenID Connect (OIDC) request from Microsoft Entra ID, the adapter validates the id_token_hint and extracts the
acrandamrvalues from the claims parameter. You can export additional claims out of the id_token_hint as necessary.
Intended audience
This document is intended for PingFederate administrators.
Use the following resources to find help during the setup process:
-
You can find more information about configuring PingFederate in the following sections of the PingFederate documentation:
-
If you plan to use the bundled PingID adapter as the downstream adapter, you can find configuration instructions and context in:
-
The Managing IdP adapters section of the PingFederate documentation.
-
The Integrate with PingID for PingFederate SSO section of the PingID documentation.
-
System requirements
-
PingFederate 11.3 or later.
-
A Microsoft Entra ID account with external authentication method enabled.