Multiple-domain support
If your network uses multiple domains in a single server forest, you can configure one domain within PingFederate if there is a trust relationship with the other domains you want to use.
This configuration requires a trust relationship among domains, which is established by default when subdomains or separate domains are created within the same forest. For more information, see How Domain and Forest Trusts Work.
|
If you are configuring only one domain, then you also need to configure only one Service Principal Name. For more information, see Configuring the Active Directory environment. |
If your network topology consists of multiple forests without a trust relationship between them, you must configure multiple adapter or token processor instances. Map each instance to a separate domain and then map these adapter or token processor instances to your service provider (SP) connections that authenticate using the integrated Kerberos Adapter or the integrated Kerberos Token Processor.
For information about configuring Kerberos authentication for multiple-domain Active Directory trusts, see How to configure the IWA Adapter for multi-domain Active Directory trusts in the Ping Identity Support Portal.