Connecting Active Directory to PingFederate

You can connect an Active Directory server to PingFederate as an LDAP datastore. You can also add Kerberos or Integrated Windows Authentication (IWA) as identity providers to authenticate users.

For basic instructions about connecting Active Directory to PingFederate, see Configuring an Active Directory datastore for PingFederate. For more comprehensive information about LDAP datastore configuration, see Configuring an LDAP connection.

After you configure the Active Directory datastore, you can configure PingFederate to process Kerberos tickets and other SSO transactions. For more information, see Active Directory and Kerberos.

Connecting Active Directory to PingOne

You can configure a gateway in PingOne to authenticate your Active Directory users. If PingOne doesn't find a user in the PingOne directory, it will automatically check Active Directory using the gateway, giving your users a seamless authentication workflow.

If you want to use an authentication policy, there are some additional steps you must take to ensure its compatibility with the gateway.

For more information about configuring a gateway in PingOne, see Gateway overview.

Connecting Active Directory to PingOne for Enterprise

PingOne for Enterprise uses AD Connect as an identity bridge to transmit authentication information to and from Active Directory. You can use AD Connect either with or without IIS.

For more information about installing AD Connect, see Installing AD Connect and Installing AD Connect with IIS.