Enabling Kerberos authentication
You can enable Kerberos authentication to provide end-users with a seamless sign-on experience if the Microsoft 365 users are migrated into PingOne from Active Directory (AD) through the LDAP Gateway and if your Microsoft 365 applications support the Active Profile sign in option.
Before you begin
You must have:
-
An LDAP Gateway configuration with Kerberos authentication enabled
-
At least one User Type configured
-
A configured SPN in AD
-
An LDAP Gateway deployed in the network where it can reach the targeted domain controllers
Steps
-
In PingOne, go to Applications → Applications.
-
Browse or search for the Microsoft 365 application and click the Microsoft 365 entry to open the details panel.
-
Click Enable Advanced Configuration and click Enable when prompted.
-
In the Configuration tab, click the Pencil icon.
-
Select the Enable Kerberos Authentication check box.
-
Click Add Gateway User Type.
-
Select a Gateway and a User Type.
-
Click Save.