• Install and run PingFederate.
  • Install Active Directory (AD).
  • Configure the data store.
  • Ensure the AD service account has permissions in all domains in that forest to read and access user data in all domains to which the agent connects.
  1. In the PingFederate administrative console, go to System > Data & Credential Stores > Password Credential Validators.
  2. Click Create New Instance.
  3. On the Type tab, in the Instance Name and Instance ID fields, enter a name and ID.
  4. From the Type list, select LDAP Username Password Credential Validator.
    Screen capture of the Type tab showing the completed Instance Name and Instance ID fields. LDAP Username Password Credential Validator is selected from the Type list.
  5. Click Next.
  6. On the Instance Configuration tab, from the LDAP Datastore Field Value list, select Active Directory Data Store.
  7. In the Search Base Field Value field, enter the location in the directory from which the LDAP search begins.
  8. In the Search Filter Field Value field, enter an LDAP filter.

    You can use ${username} as part of the query. For example, for AD, sAMAccountName=${username}.

  9. In the Scope of Search section, choose from:
    • One Level
    • Subtree

    Choose One Level to search just the base distinguished name (DN), or choose Subtree to search organizational units nested under the base DN.

    Screen capture of the Instance Configuration tab.
  10. Click Next.
  11. On the Extended Contract tab, confirm the default values and add additional attributes as needed.
    Note:

    On this tab, you can also extend the attribute contract of the PCV instance.

    Screen capture of the Extended Contract tab showing the default values.
  12. Click Next.
  13. On the Summary tab, confirm your entries, and then click Save.