Azure

Azure AD Password Credential Validator

Password credential validators (PCV) allow PingFederate administrators to define a centralized location for username or password validation, allowing validator instances to be referenced by various PingFederate configurations. The PingFederate Azure AD PCV uses Microsoft Graph API for credentials validation.

Features

  • Sign-on with full usernames, such as john.smith@mydomain.com.

  • Support for Azure AD Custom Properties (Directory Schema Extensions).

  • All user group memberships are included in the response.

  • Failed sign-on feedback, such as "invalid credentials", "account is disabled", "forced password change".

  • Supports non-federate single and multi-tenant Azure AD user accounts.

Learn more in Known issues and limitations.

Intended audience

This document is intended for PingFederate administrators and application developers.

Learn more about the setup process with the following resources:

System requirements

  • PingFederate 9.0 or later

  • A Microsoft Azure account with Active Directory or Active Directory B2C configured

    Learn more about supported user account types in Known issues and limitations.

  • To allow PingFederate to make outbound connections to the Microsoft API, you might need to allow the following endpoints in your firewall:

    • Token endpoint: https://login.microsoftonline.com/<tenant>/oauth2/v2.0/token

    • User attributes endpoint: https://graph.microsoft.com/v1.0/me/

    • Group membership endpoint: https://graph.microsoft.com/v1.0/me/memberOf