You can configure browsers at your site to use the Kerberos Adapter to authenticate users.
The client-side configuration requires the base URL or an applicable virtual host name of your PingFederate environment. Base URL is defined on the tab. To see a list of defined virtual host names, if configured, go to .
If the browser is not properly configured, the user might be prompted to authenticate manually with their network credentials otherwise authentication fails the single sign-on (SSO) to the service providers.
Configuring Microsoft Edge
Configure Kerberos authentication using Microsoft Edge.
You must edit a group policy object (GPO) to send any intranet sites request to Internet Explorer (IE) 11 instead of Edge. This allows you to put PingFederate into the Intranet Sites Zone (not the Trusted Sites Zone) in IE and enable Kerberos.
By default, Microsoft Edge doesn't accept intranet sites and doesn't allow PingFederate's Kerberos adapter to request a Kerberos ticket for the relevant user.
- Go to .
Configuring Mozilla Firefox
Configure Kerberos authentication using a Firefox browser.
- Start Firefox.
-
Open a new tab, and then enter
about:config
in the address bar. -
Double-click the
network.negotiate-auth.trusted-uris
preference name to modify its value to include the base URL of your PingFederate environment. For example,www.example.com
. -
Click OK and close the
about:config
tab. - Optional: Exit Firefox.
Configuring Google Chrome
Google Chrome browsers support Kerberos authentication.
If you configure Microsoft Edge for Kerberos authentication, then you don't need to configure Google Chrome because Chrome uses the settings in Edge. For more information, see the Microsoft Edge tab on this topic.