When you configure federation, your local Active Directory (AD) users should be provisioned to Azure AD. You can do this by using synchronization tools like Azure AD Connect.
The following installation steps are provided for a configuration where the
objectGUID
attribute is selected for ImmutableID
.
If you are using different attribute for this purpose, such as
msDS-ConsistencyGuid
, make sure to align it accordingly.
Before configuring synchronization, you might need to prepare your local AD, including:
- Configuring UPN suffix for non-routable domain names
- Cleaning up AD objects
- Planning filters for AD users
- Planning for multiple forests
To simplify your configuration, Microsoft provides Azure AD Connect, which will automate many of the required steps. You can download Azure AD Connect at Microsoft Azure Active Directory Connect.
Azure AD Connect automatically configures your Azure AD domain and exports a configuration file that provides the settings needed to complete the federated single sign-on connection from PingFederate. If you are using Azure AD Connect and have the configuration file, proceed to Install and configure PingFederate to complete your setup.