The following installation steps are provided for a configuration where the objectGUID attribute is selected for ImmutableID. If you are using different attribute for this purpose, such as msDS-ConsistencyGuid, make sure to align it accordingly.

Before configuring synchronization, you might need to prepare your local AD, including:

  • Configuring UPN suffix for non-routable domain names
  • Cleaning up AD objects
  • Planning filters for AD users
  • Planning for multiple forests

To simplify your configuration, Microsoft provides Azure AD Connect, which will automate many of the required steps. You can download Azure AD Connect at Microsoft Azure Active Directory Connect.

Azure AD Connect automatically configures your Azure AD domain and exports a configuration file that provides the settings needed to complete the federated single sign-on connection from PingFederate. If you are using Azure AD Connect and have the configuration file, proceed to Install and configure PingFederate to complete your setup.