You can enable Kerberos authentication to provide end-users with a seamless sign-on experience if the Microsoft 365 users are migrated into PingOne from Active Directory (AD) through the LDAP Gateway and if your Microsoft 365 applications support the Active Profile sign in option.
You must have:
- An LDAP Gateway configuration with Kerberos authentication enabled
- At least one User Type configured
- A configured SPN in AD
- An LDAP Gateway deployed in the network where it can reach the targeted domain controllers
- In PingOne, go to .
- Browse or search for the Microsoft 365 application and click the Microsoft 365 entry to open the details panel.
- Click Enable Advanced Configuration and click Enable when prompted.
- In the Configuration tab, click the Pencil icon.
- Select the Enable Kerberos Authentication check box.
- Click +Add Gateway User Type.
- Select a Gateway and a User Type.
- Click Save.