Use the application catalog to add Microsoft 365 to your application portal.
You must have a Microsoft Azure account with a custom domain configured in Azure Active Directory (AD).
The IssuerURI
value that PingOne provides during application
configuration must be unique in Microsoft Azure. This means that two domains or
subdomains within a single Azure account can't be connected to the same PingOne Office 365 application.
PingOne supports the Microsoft 365 passive and active profiles for single sign-on (SSO). Passive profile enables web browser SSO, while active profile is used by native clients, such as mobile devices and email clients. To authenticate with an active profile, users must provide their PingOne username and password to the client. Microsoft verifies these credentials with PingOne using the WS-Trust protocol.
If the PingOne environment is configured with an LDAP Gateway, these credentials can be validated against Active Directory. For more information, see Gateways.
You can enable Kerberos authentication for Microsoft 365 apps (optional). For more information, see Enabling Kerberos authentication.