If you’re planning to provide SSO to users whose accounts reside in a directory server, ensure you have an LDAP data store defined for it in PingFederate.
For more information, see Managing datastores in the PingFederate documentation.
objectGUID attribute is set to binary. It must be a
binary attribute to create a connection to Office 365. For more information, see
Creating a connection to Azure Active Directory.
If you need to support multiple Office 365 subdomain accounts through one SP connection in PingFederate 7.2 or later, create additional LDAP data store connections to LDAP servers of the subdomains.
- In the PingFederate administrative console go to .
- Click Add New Data Store.
- Select LDAP in the Data Store Type tab and click Next.
Populate the fields in the LDAP Configuration tab.
- In the Hostname(s) field enter the DNS name or IP address of the data store, which might include a port number such as 126.96.36.199:389. For failover, you can enter multiple LDAP servers, each separated by a space.
- In the LDAP Type field, select Active Directory.
- Enter the User DN and password of a user account with read permission in Active Directory.
- Click Advanced and then click the LDAP Binary Attributes tab.
- In the Binary Attribute Name field, enter objectGUID and click Add.
- Click Done and then click Next.
- Review the summary and click Save.