• Install and run PingFederate.
  • Install Active Directory (AD).
  • Ensure the AD service account has permissions in all domains in that forest to read and access user data in all domains to which the agent connects.
  1. In the PingFederate administrative console, go to System > Data & Credential Stores > Data Stores.
  2. Click Add new Data Store.
  3. On the Data Store Type tab, in the Name field, enter a name.
  4. From the Type list, select Directory (LDAP). Click Next.
    Screen capture of the Data Store Type tab showing Active Directory Data Store in the Name field, and Directory (LDAP) selected from the Type list.
  5. On the LDAP Configuration tab, in the Hostname(s) field, enter a name.
  6. From the LDAP Type list, select Active Directory.
  7. In the User DN and Password fields, enter the desired user distinguished name (DN) and password.
  8. Select the Use LDAPS check box.

    Ping recommends that all LDAP connections be secured using LDAPS.

    Tip:

    If you want to enable the password changes, password reset, or account unlock features in the HTML form adapter against Microsoft AD, you must secure the connection to your directory server using LDAPS. AD requires this level of security to allow password changes.

  9. Complete any other fields that can help configure the datastore connection according to your current architect posture.
  10. To test the connection, click Test Connection.
    Screen capture of the LDAP Configuration tab and corresponding fields.
  11. Click Next.
  12. On the Summary tab, review your entries, and then click Save.