Use Cases

Configuring PingID for VPN with PingFederate Bridge

Steps

  1. From the PingFederate administrative console Identities section, select Yes, Connect a Directory Server.

  2. Enter information in the fields that is appropriate for your directory server.

    Field Description

    Directory Type

    Select the type of directory server from the list.

    Data Store Name

    Enter the name of the datastore.

    Hostname

    Enter the fully qualified domain name (FQDN) for your directory server.

    Service Account DN

    Enter the distinguished name (DN) of the service account that PingFederate can use to communicate with the directory server.

    Password

    Enter the password associated with the service account.

    Search Base

    Enter the DN of the location in the directory where PingFederate begins its datastore queries.

    Search Filter

    Specify how the username provided by a user at login is mapped to an attribute in your directory.

    The default value is either sAMAccountName=${username} or uid=${username}, depending on the selected directory type.

    If you require a more advanced search filter, enter the value in the following format: <Your attribute Name>=${username}. For more information, consult your directory administrators.

  3. Click Next.

    If your directory server is SSL-enabled and presents an untrusted certificate, PingFederate prompts you to upload the server’s certificate. Click Choose Certificate, select the appropriate certificate, and click Next.

  4. In the Use Cases section, select the PingID VPN (RADIUS) check box. Click Begin.

  5. In the Basic Settings section, configure the basic settings:

    1. In the Client IP field, enter the IP address of the VPN server.

    2. In the Client Shared Secret field, enter the secret shared between the VPN server and PingFederate Bridge.

    3. Verify that the Validate with LDAP check box is selected.

    4. In the PingID Username Attribute field, enter the value you entered in the Search Filter field in step 2.

      The integrated RADIUS server listens on port 1812 by default.

  6. Click Next.

  7. In the Provisioning section, the Configure Provisioning check box should be unselected. Click Next.

  8. In the Summary section, review your configuration. Click Done.

  9. Click Next.

  10. In the Basic Information section, in the Base URL field, enter https://Your Server Domain:9031.

    Your Server Domain is your fully qualified domain name (FQDN).

  11. Click Next.

  12. To apply the configuration to PingFederate Bridge, click Next.

  13. Click Done.

Result

PingID for VPN is enabled in PingFederate Bridge for use.

For more information on configuring your VPN client/server settings, see Integrate PingID with your VPN/Remote access system.