From the Manage AD Domains/Kerberos Realms screen, provide PingFederate with a centralized configuration to authenticate users via the following IdP adapters or token processors:
- PingFederate integrated Kerberos Adapter – Using the built-in Kerberos Adapter with a configured Active Directory (AD) Domain allows a PingFederate IdP server to perform SSO to SP applications based on Kerberos tickets.
- PingFederate integrated Kerberos Token Processor – The built-in Kerberos Token Processor accepts and validates Kerberos tokens via a configured Kerberos Realm from a web service client.
- Integrated Windows Authentication (IWA) Integration Kit (version 3.0 and later) – Using the separately available IWA Adapter with a configured AD Domain allows a PingFederate IdP server to perform SSO to SP applications based on IWA credentials.
Follow these steps to configure an AD domain or Kerberos realm:
- Configure the AD environment to integrate with PingFederate (see Configuring the Active Directory environment).
Click Add Domain/Realm to create an AD domain.
Do not configure subdomains if the parent domain in the same forest has already been configured (see Multiple-domain support).Click the name to edit an existing domain. Use the Delete and Undelete links to remove a domain or cancel a removal request.