Page created: 24 Jul 2019
|
Page updated: 5 Apr 2022
If you’re planning to provide SSO to users whose accounts reside in a directory server, ensure you have an LDAP data store defined for it in PingFederate.
For more information, see Managing datastores in the PingFederate documentation.
Note:
Ensure the objectGUID
attribute is set to binary. It must be a
binary attribute to create a connection to Office 365. For more information, see
Creating a connection to Azure Active Directory.
Note:
If you need to support multiple Office 365 subdomain accounts through one SP connection in PingFederate 7.2 or later, create additional LDAP data store connections to LDAP servers of the subdomains.
- In the PingFederate administrative console go to .
- Click Add New Data Store.
- Select LDAP in the Data Store Type tab and click Next.
-
Populate the fields in the LDAP Configuration tab.
- In the Hostname(s) field enter the DNS name or IP address of the data store, which might include a port number such as 181.20.42.130:389. For failover, you can enter multiple LDAP servers, each separated by a space.
- In the LDAP Type field, select Active Directory.
- Enter the User DN and password of a user account with read permission in Active Directory.
- Click Advanced and then click the LDAP Binary Attributes tab.
- In the Binary Attribute Name field, enter objectGUID and click Add.
- Click Done and then click Next.
- Review the summary and click Save.