Use the application catalog to add Microsoft 365 to your application portal.
You must have a Microsoft Azure account with a custom domain configured in Microsoft Entra ID.
The IssuerURI
value that PingOne
provides during application configuration must be unique in Microsoft Azure.
This means that two domains or subdomains within a single Azure account can't be
connected to the same PingOne Office 365
application.
PingOne supports the Microsoft 365 passive and active profiles for single sign-on (SSO). Passive profile enables web browser SSO, while active profile is used by native clients, such as mobile devices and email clients. To authenticate with an active profile, users must provide their PingOne username and password to the client. Microsoft verifies these credentials with PingOne using the WS-Trust protocol.
If the PingOne environment is configured with an LDAP Gateway, these credentials can be validated against Entra ID. Learn more in Gateways.
You can enable Kerberos authentication for Microsoft 365 applications (optional). For more information, see Enabling Kerberos authentication.
After you configure the application, you can manage it at Editing an application.
. Learn more in