To configure PingID integration for Azure AD, you will need:

​If you have users who registered with PingID prior to setting up PingID integration for Azure AD, make sure you map the username to the same attribute that your PingID users were registered with, such as the sAMAccountName or userPrincipalName attribute (see also Configuring PingID MFA for Microsoft Azure AD Conditional Access). If you need additional attributes to carry over from Azure AD, do not register users through the Conditional Access flow. Instead, make sure users are created with the required attributes in PingOne before going through the Conditional Access flow, such as through SSO or provisioning.

Authorization requests sent from Azure AD to PingID use the Azure AD userPrincipalName attribute to identify the PingID user. Other attributes cannot be configured to identify the user in PingID.