Azure

Configuring an LDAP connection

If you’re planning to provide SSO to users whose accounts reside in a directory server, ensure you have an LDAP data store defined for it in PingFederate.

About this task

Learn more about Managing datastores in the PingFederate documentation.

Ensure the objectGUID attribute is set to binary. It must be a binary attribute to create a connection to Office 365. Learn more in Creating a connection to Azure Active Directory.

If you need to support multiple Office 365 subdomain accounts through one SP connection in PingFederate 7.2 or later, create additional LDAP data store connections to LDAP servers of the subdomains.

Steps

  1. In the PingFederate administrative console go to Server Configuration > System Settings > Data Stores.

  2. Click Add New Data Store.

  3. Select LDAP in the Data Store Type tab and click Next.

  4. Populate the fields in the LDAP Configuration tab.

    1. In the Hostname(s) field enter the DNS name or IP address of the data store, which might include a port number such as 181.20.42.130:389. For failover, you can enter multiple LDAP servers, each separated by a space.

    2. In the LDAP Type field, select Active Directory.

    3. Enter the User DN and password of a user account with read permission in Active Directory.

  5. Click Advanced and then click the LDAP Binary Attributes tab.

  6. In the Binary Attribute Name field, enter objectGUID and click Add.

  7. Click Done and then click Next.

  8. Review the summary and click Save.