- Sign on to the PingFederate administrative console and go to Server Configuration > Password Credential Validators > Create New Instance .
-
On the Type tab, populate the Instance
Name and Instance ID fields, choose
Azure AD Password Credential Validator 2.0 in the
Type field, and click Next.
-
On the Instance Configuration tab, populate the
Tenant ID, Client ID and
Client Secret fields using the information specific to your
Azure AD application, and click Next.
Note:
For more information about obtaining the Client ID and Client Secret, see Use the portal to create an Azure AD application and service principal that can access resources.
Configuration fields Field Type Description Tenant ID
String. Required.
The tenant ID generated by Microsoft when you register an application in Azure.
Client ID
String. Required.
The client ID generated by Microsoft when you register an application in Azure.
Client Secret
String. Required.
The client secret generated by Microsoft when you register an application in Azure.
Disable User Group Retrieval
Check box
Disable the PCV from retrieving the
memberOf
attribute for users.Microsoft Login Base URL
String. Required.
The base URL used by Microsoft for any authentication calls.
The default value is
https://login.microsoftonline.com/
.Microsoft Token Endpoint
String. Required
The endpoint used by Microsoft to retrieve an access token.
The default value is
/oauth2v2.0/token
.User Attributes Endpoint
String. Required.
The endpoint used to retrieve user attributes.
The default value is
https://graph.microsoft.com/v1.0/me
.Group Membership Endpoint
String. Required.
The endpoint used to retrieve group membership info.
The default value is
https://graph.microsoft.com/v1.0/me/memberOf
.API Request Timeout
The amount of time in milliseconds that PingFederate waits for Microsoft APIs to respond to requests. A value of 0 disables the timeout.
The default value is
5000
.Proxy Settings
- No Proxy
- System Defaults
- Custom
Defines proxy settings for outbound HTTP requests.
The default value is System Defaults.
Custom Proxy Host
String. Optional.
The proxy server hostname to use when Proxy Settings is set to Custom.
Custom Proxy Port
String. Optional.
The proxy server port to use when Proxy Settings is set to Custom.
Note:If the user’s group memberships are not required, select the option to Disable User Group Retrieval.
-
The attribute contract can be extended with any additional
Azure AD attributes, including Azure AD custom properties. For more information, see
Known issues and limitations.
Important:
If you're upgrading from Azure AD Password Credential Validator 1.2 or earlier, and used the
objectID
attribute in your extended contract, change the attribute toID
.The core contract contains the following attributes:
displayName
givenName
mail
memberOf
surname
username
userPrincipalName
- Click Next, review your settings, then click Save.
Page created: 18 Jan 2023
|
Page updated: 18 Jan 2023