Azure

Getting ready to integrate Azure Active Directory

Perform the following steps to enable use of PingFederate and Azure Active Directory (AD).

About this task

By performing these steps, you can use PingFederate and Azure AD together to:

  • Access Azure online services including Office 365 without having to remember an additional username and password.

  • Authenticate email access on mobile devices with usernames and passwords that are stored centrally in AD.

  • Revoke access to email and secure content by disabling an account in AD.

To simplify the configuration experience, you can download Azure AD Connect from Microsoft and run it locally on a Windows server. Azure AD Connect guides you through the setup procedures for PingFederate and provides additional sync features to improve integration with existing AD infrastructure.

Steps

  1. Sign up for an Azure Active Directory account.

    Microsoft offers various Azure AD and Office 365 plans for different types of organizational needs. Not all of them support Web SSO, but all enterprise plans support federation. Learn more about signing up for Office 365 at Office 365.

  2. Set up AD and enable directory synchronization.

  3. Create a federated domain and prove ownership of it.

  4. Install and configure PingFederate 8.4 or later.

    If you need to support active clients, such as native desktop applications, for use with Office 365, ensure that PingFederate is installed with a license that enables the WS-Trust Security Token Service (STS).

  5. Replace the default self-signed SSL server certificate included with PingFederate with one that is signed by a public certificate authority (CA).

    This enables Azure AD to establish a trusted SSL session with PingFederate. Learn more about Managing SSL server certificates in the PingFederate documentation.