To enable Kerberos authentication, you must configure two service principal names (SPNs).
An SPN is a unique identifier of a service instance. SPNs are used by Kerberos to associate a service with a domain.
Use the Windows utility setspn
to configure two SPNs for each PingOne region. To find the SPNs for
various PingOne regions, see
SPN reference.
Note:
You can also use ADSI Edit to configure the SPN values.
The purpose of two SPNs is future proofing. Ping Identity will migrate its
infrastructure in the coming months. Adding the second
HTTP/kerberos.pingone.com
SPN ensures that your configuration
will continue to work after the migration.