Preparing Active Directory for SSO - PingOne for Enterprise

Page created: 9 Nov 2021 |

Page updated: 7 Jan 2022

| 1 min read

Product PingOne for Enterprise Administration User task Product documentation Content Type Administrator Audience IDaaS Deployment Method Single Sign-on (SSO) Capability Managed service provider

Run the Microsoft Readiness Toolkit.

This application inspects your Active Directory environment and reports whether you are ready to set up single sign-on (SSO). If not, it lists the changes that you need to make.

For more information, see Use the Readiness Toolkit to assess application compatibility for Microsoft 365 apps in the Microsoft documentation.
Make sure that your user principal names (UPN) are assigned and properly formatted:
- The UPN domain suffix must be under the domain you're going to use for SSO.
- The domain that you want to federate must be registered as a public domain with a domain registrar or within your own public DNS servers.
  If your Active Directory domain name is not a public internet domain (for example, if it ends with the .local suffix), you must set UPNs with an internet domain suffix that can be registered publicly. This should be a domain that is familiar to your users, such as their email domain.
  For more information about creating UPNs, see Add UPN suffixes and update your users to them in the Microsoft documentation.
- If you have already set up Active Directory synchronization, the users' UPN might not match their on-premises UPN defined in Active Directory.
  You can rename users' UPN using the Set-MsolUserPrincipleName cmdlet in the Microsoft Azure Active Directory Module for Windows PowerShell.