Configuring a password credential validator instance
Configure the Azure AD Password Credential Validator (PCV) to determine how PingFederate communicates with the Microsoft Graph API.
Steps
-
Sign on to the PingFederate admin console and go to System > Password Credential Validators > Create New Instance.
-
On the Type tab:
-
In the Instance Name field, enter a descriptive name for the PCV instance.
-
In the Instance ID field, enter a unique identifier for the PCV instance.
-
In the Type list, select Azure AD Password Credential Validator <version>.
-
Click Next.
Example:
-
-
(Optional) On the Instance Configuration tab, in the Custom Parameters section, define any additional parameters to send in the Resource Owner Password Credentials (ROPC) request made to Microsoft.
-
Click Add a new row to 'Custom Parameters'.
-
In the Parameter Name field, enter the name of the request parameter you want to add to the ROPC request body.
Example:
nca -
In the Parameter Value field, enter the value you want to set for the named parameter.
-
In the Action column, click Update.
-
To add more attributes, repeat steps a - d.
-
-
On the Instance Configuration tab, configure the rest of the adapter instance by referring to Azure AD PCV instance configuration settings reference, then click Next.
-
On the Extended Contract tab, you can extend the attribute contract with any additional Azure AD attributes, including Azure AD custom properties. After you’ve done so, click Next.
-
Make sure to review the Known issues and limitations first.
-
If you’re upgrading from Azure AD Password Credential Validator 1.2 or earlier and used the
objectIDattribute in your extended contract, update this attribute toID.
The core contract contains the following attributes:
Show or hide core contract attributes
-
displayName -
givenName -
mail -
memberOf -
surname -
username -
userPrincipalName
-
-
On the Summary tab, review your configuration, then click Save.