From the Manage AD Domains/Kerberos Realms screen, provide PingFederate with a centralized configuration to authenticate users via the following IdP adapters or token processors:

  • PingFederate integrated Kerberos Adapter – Using the built-in Kerberos Adapter with a configured Active Directory (AD) Domain allows a PingFederate IdP server to perform SSO to SP applications based on Kerberos tickets.
  • PingFederate integrated Kerberos Token Processor – The built-in Kerberos Token Processor accepts and validates Kerberos tokens via a configured Kerberos Realm from a web service client.
  • Integrated Windows Authentication (IWA) Integration Kit (version 3.0 and later) – Using the separately available IWA Adapter with a configured AD Domain allows a PingFederate IdP server to perform SSO to SP applications based on IWA credentials.

Follow these steps to configure an AD domain or Kerberos realm:

  1. Configure the AD environment to integrate with PingFederate (see Configuring the Active Directory environment).
  2. Click Add Domain/Realm to create an AD domain.
    Important:

    Do not configure subdomains if the parent domain in the same forest has already been configured (see Multiple-domain support).

    Click the name to edit an existing domain. Use the Delete and Undelete links to remove a domain or cancel a removal request.