Configure IWA for AD Connect with IIS - PingOne for Enterprise

PingOne for Enterprise

bundle
pingoneforenterprise
ft:publication_title
PingOne for Enterprise
Product_Version_ce
PingOne for Enterprise
category
Product
pingone
ContentType_ce

Add Integrated Windows authentication (IWA)Integrated Windows authentication (IWA)IWA Internet Information Services (IIS) authentication protocol for authenticated connections between IIS and other Microsoft services. authentication to AD Connect wit IIS.

  1. Create a service account in AD Connect to use for the IIS application pools on the PingOne for Enterprise AD ConnectAD Connect hosts.
  2. Create an SPN (Service Principal Name) in Active Directory for the HTTP service that's bound to the service account. For example:
    setspn –U –S HTTP/pingone.example.com example\svc.adciis
  3. On each AD Connect host, set the AD Connect application pool that you want to run under the service account credentials.
    In IIS Manager, expand the node for AD Connect host > Application Pools > ADconnectAppPool
  4. Click Advanced Settings in the Actions bar on the right, scroll down to Identity and click the edit button.
  5. Select Custom Account, click Set and enter the SPN credentials.
  6. In the Actions bar on the right, click Recycle to recycle the application pool.
  7. If you're using a high availability configuration, check the SNAT (Secure Network Address Translation) requirements for your network load balancing. Also verify that the IP address of the originating client is preserved by the SNAT configuration.