Use the command-line interface (CLI) to install and register the PingID multi-factor authentication (MFA) Adapter for Microsoft Active Directory Federation Services (AD FS).
Make sure:
- You have installed AD FS 4.0 on Windows Server 2016 or AS FS 3.0 on Windows Server 2012 R2.
- You have installed .NET 4.6 or later.
- Port 443 is open to allow outbound communication with the PingID service. For further details about required web access, see PingID required domains, URLs, and ports.
- PingID integration for AD FS employs redirects and cross-site requests. Changes to cookie behavior implemented by browsers, such as Google Chrome 80, can cause disruptions to authentication flows. To ensure changes to cookie behavior do not cause disruptions to your authentication flows, make sure your AD FS servers have the latest SameSite cookie support updates from Microsoft. For information about the SameSite cookie changes introduced in Chrome 80 and details on how to upgrade your server, see this Microsoft support article.
This operation involves restarting the AD FS service. After the installation is complete, you will need to select the PingID MFA Adapter as an MFA method in AD FS.
If you have another MFA provider installed on your AD FS instance, but it is not configured correctly, you may not be able to install PingID MFA Adapter for AD FS and may receive an error when running the PingID MFA installer. To avoid potential software conflicts, we recommend that you disable any unused MFA authentication methods before you install PingID Adapter for AD FS.