Page created: 29 Nov 2022
|
Page updated: 10 May 2023
To enable Kerberos authentication, you must configure two service principal names (SPNs).
An SPN is a unique identifier of a service instance. SPNs are used by Kerberos to associate a service with a domain.
Use the Windows utility
setspn
to configure two SPNs for each
PingOne region. To find
the SPNs for various PingOne
regions, see SPN reference. Note:
You can also use ADSI Edit to configure the SPN values.
The purpose of two SPNs is future proofing. Ping Identity will migrate its
infrastructure in the coming months. Adding the second
HTTP/kerberos.pingone.com
SPN ensures that your configuration
will continue to work after the migration.