Microsoft EAM Integration Kit

Configuring an adapter instance

Configure the Microsoft EAM IdP Adapter to determine how PingFederate communicates with Microsoft Entra ID.

About this task

To begin the integration, deploy the Microsoft EAM Integration Kit files to your PingFederate directory.

Steps

  1. In the PingFederate administrative console, go to Authentication > Integration > IdP Adapters and click Create New Instance.

  2. On the Type tab, set the basic adapter instance attributes:

    1. In the Instance Name field, enter a name for the adapter instance.

    2. In the Instance ID field, enter a unique identifier for the adapter instance.

    3. In the Type list, select Microsoft EAM IdP Adapter.

    4. Click Next.

  3. On the IdP Adapter tab, configure the adapter instance:

    1. In the Entra Tenant ID field, enter the Azure (Microsoft Entra ID) Tenant ID.

    2. In the Entra App ID field, enter the application ID of the protected resource in Microsoft Entra ID.

      By default, you don’t need to update the Location of ACR and Location of AMR fields.

    3. Click Next.

    Learn more about these settings in Microsoft EAM IdP Adapter settings reference.

  4. (Optional) On the Extended Contract tab, add any attributes you want to extract out of the id_token_hint.

    Show or hide substeps

    1. In the Extend the Contract field, enter the name of an attribute.

    2. In the Action column, click Add.

    3. Repeat for any additional attributes.

    4. Click Next.

  5. On the Adapter Attributes tab, select the Pseudonym checkbox for acr, amr, and sub. Click Next.

    Learn more about these settings in Set pseudonym and masking options in the PingFederate documentation.

  6. On the Adapter Contract Mapping tab, select Adapter for acr, amr, and sub. Click Next.

    Show or hide substeps

    You can find more information about these settings in Define the IdP adapter contract in the PingFederate documentation.

    1. On the Adapter Contract Mapping tab, click Configure Adapter Contract.

    2. On the Attribute Sources & User Lookup tab, click Next.

    3. On the Adapter Contract Fulfillment tab, confirm that in the Source list, Adapter is selected for acr, amr, and sub. Click Next.

    4. On the Issuance Criteria tab, click Next.

    5. On the Summary tab, click Done.

  7. On the Summary tab, review your configuration. Click Save.

Next steps

  1. Configure the downstream adapter to export amr as an additional attribute.

  2. Configure PingFederate to use the Microsoft EAM IdP Adapter