You can enable Kerberos authentication to provide end-users with a seamless sign-on
experience if the Microsoft 365 users are migrated into PingOne from
You must have:
- An LDAP Gateway configuration with Kerberos authentication enabled
- At least one User Type configured
- A configured SPN in AD
- An LDAP Gateway deployed in the network where it can reach the targeted domain controllers
- In PingOne, go to .
- Browse or search for the Microsoft 365 application and click the Microsoft 365 entry to open the details panel.
- Click Enable Advanced Configuration and click Enable when prompted.
- In the Configuration tab, click the Pencil icon.
- Select the Enable Kerberos Authentication check box.
- Click +Add Gateway User Type.
- Select a Gateway and a User Type.
- Click Save.