The PingID Adapter for Microsoft Active Directory Federation Services (AD FS) is required to enable PingID for AD FS.
Make sure:
- You have installed AD FS 4.0 on Windows Server 2016 or AS FS 3.0 on Windows Server 2012 R2.
- You have installed .NET 4.6 or later.
- Port 443 is open to allow outbound communication with the PingID service. For further details about required URLs, see PingID required domains, URLs, and ports.
- PingID integration for AD FS employs redirects and cross-site requests. Changes to cookie behavior implemented by browsers, such as Google Chrome v80, can cause disruptions to authentication flows. To ensure changes to cookie behavior do not cause disruptions to your authentication flows, make sure your AD FS servers have the latest SameSite cookie support updates from Microsoft. For information about the SameSite cookie changes introduced in Chrome v80, and details on how to upgrade your server, see this Microsoft support article.
This operation involves restarting the AD FS service. After the installation is complete, you must select the PingID MFA Adapter as an MFA method in AD FS.
If you have another MFA provider installed on your AD FS instance, but it is not configured correctly, you might not be able to install PingID MFA Adapter for AD FS and might receive an error when running the PingID MFA installer. We recommend that you disable any existing MFA authentication methods that you are not using before you install the PingID Adapter for AD FS.
After the adapter is installed, enable PingID as an MFA provider. For more information, see Enabling PingID as an MFA provider in AD FS.