PingOne for Enterprise

Connect to Active Directory

The identity bridge for Active Directory® is PingOne® AD Connect. You can choose to install standard AD Connect or AD Connect with IIS.

Standard AD Connect

AD Connect uses a secure back channel protocol to communicate with PingOne. This is an inbound/outbound connection on port 443. No other external access to the AD Connect host is necessary. AD Connect doesn’t need you to open ports in a firewall, install IIS, or employ signing certificates. You can optionally use Integrated Windows Authentication (IWA) as the authentication protocol on your network. High availability (automatic failover and load balancing) is handled by the PingOne datacenters, and requires no configuration or management on your part. User provisioning is an optional feature.

You cannot use a proxy for AD Connect back channel transactions. However, you can use a proxy for REST calls to AD Connect (https://connect.pingidentity.com).

If you have an existing AD Connect with IIS installation, you can stop or uninstall IIS. You can then install AD Connect instead. The open ports for AD Connect with IIS are no longer required.

You will want to install AD Connect with IIS rather than standard AD Connect if you prefer to use your own solution for high availability.

AD Connect with IIS

AD Connect with IIS uses the SAML 2.0 protocol to communicate with PingOne. It is necessary that you ensure the security of your IIS host, and high availability is an option you may want to consider. User provisioning is an optional feature.

You will want to install AD Connect with IIS rather than standard AD Connect if you prefer to use your own solution for high availability.