---
title: Configure IWA for AD Connect with IIS
description: Add Integrated Windows authentication (IWA) authentication to AD Connect with IIS.
component: pingoneforenterprise
page_id: pingoneforenterprise:pingone_for_enterprise:p14e_configure_iwa_adc_iis
canonical_url: https://docs.pingidentity.com/pingoneforenterprise/pingone_for_enterprise/p14e_configure_iwa_adc_iis.html
revdate: November 22, 2023
section_ids:
  steps: Steps
  example: Example:
---

# Configure IWA for AD Connect with IIS

Add Integrated Windows authentication (IWA) *(tooltip: \<div class="paragraph">
\<p>Internet Information Services (IIS) authentication protocol for authenticated connections between IIS and other Microsoft services.\</p>
\</div>)* authentication to AD Connect with IIS.

## Steps

1. Create a service account in AD Connect to use for the IIS application pools on the PingOne for Enterprise AD ConnectAD Connect hosts.

2. Create an SPN (Service Principal Name) in Active Directory for the HTTP service that's bound to the service account. For example:

   ### Example:

   `setspn –U –S HTTP/pingone.example.com example\svc.adciis`

3. On each AD Connect host, set the AD Connect application pool that you want to run under the service account credentials.

   In IIS Manager, **expand the node for AD Connect host > Application Pools > ADconnectAppPool**

4. Click **Advanced Settings** in the **Actions** bar on the right, scroll down to **Identity** and click the **edit** button.

5. Select **Custom Account**, click **Set** and enter the SPN credentials.

6. In the **Actions** bar on the right, click **Recycle** to recycle the application pool.

7. If you're using a high availability configuration, check the SNAT (Secure Network Address Translation) requirements for your network load balancing. Also verify that the IP address of the originating client is preserved by the SNAT configuration.