By performing these steps, you can use PingFederate and Azure AD together to:

  • Access Azure online services including Office 365 without having to remember an additional username and password.
  • Authenticate email access on mobile devices with usernames and passwords that are stored centrally in AD.
  • Revoke access to email and secure content by simply disabling an account in AD.

To simplify the configuration experience, you can download Azure AD Connect from Microsoft and run it locally on a Windows server. Azure AD Connect guides you through the setup procedures for PingFederate and provides additional sync features to improve integration with existing AD infrastructure.

  1. Sign up for an Azure Active Directory account.

    Microsoft offers various Azure AD and Office 365 plans for different types of organizational needs. Not all of them support Web SSO, but all enterprise plans support federation. For more information on signing up for Office 365, see Office 365 Web site.

  2. Set up AD and enable directory synchronization.
  3. Create a federated domain and prove ownership of it.
  4. Install and configure PingFederate 8.4 or later.

    If you need to support active clients, such as native desktop applications, for use with Office 365, ensure that PingFederate is installed with a license that enables the WS-Trust Security Token Service (STS).

  5. Replace the default self-signed SSL server certificate included with PingFederate with one that is signed by a public certificate authority (CA).

    This enables Azure AD to establish a trusted SSL session with PingFederate. For instructions on how to do this, see SSL Server Certificates in the PingFederate documentation.