Office 365 users have long used Microsoft’s Azure Active Directory Connect wizard to establish a connection between the Active Directory and Microsoft’s Azure AD in the cloud. The wizard’s interface now includes an option to use PingFederate to establish this connection. This feature was briefly seen in beta back in May of this year, but it is now released for the general public to use.
PingFederate is Ping Identity’s enterprise identity bridge which allows for single sign-on. The SSO feature allows users in enterprises to use a single set of credentials to access multiple enterprise bought services. PingFederate offers centralized identity management, access management, device identity management, API security, and social identity integration. The service facilitates SSO using SAML, WS-Federation, WS-Trust, OAuth, OpenID Connect, and SCIM.
As the use of Azure AD as a cloud-based identity management service for enterprises has been growing, Microsoft’s collaboration with Ping Identity has brought PingFederate into the connection wizard’s interface permitting enhanced single sign-on capabilities for the service. The integration allows administrators to quickly set up user identities for enterprise employed Office 365 applications and allow seamless single sign-on to these services through the PingFederation integration.
Once the Federation with PingFederate settings are configured, users are able to sign onto Microsoft’s cloud and Office 365 services and applications with the same credentials off premises as those that they use to access these services on the enterprise’s local network. PingFederate allows users to maintain the same logon irrespective of the location of access or the service that is being accessed as long as the identity for the user has been created and the identity has been given account access to the Microsoft applications through the enterprise PingFederate administrator.
To configure Federation with PingFederate, you must first ensure that PingFederate 8.4 or higher is being used and you have the SSL certificate for the federation service that you are attempting to configure access for. The first step in the configuration process is the verification of the Azure AD Domain that you intend to federate. Next, you must export the PingFederate settings and send this information to your PingFederate enterprise administrator. S/he will provide you with a server URL and port number for your access accordingly which Azure AD will then verify on your end. Once Azure AD Connect verifies the metadata you fed it back form your administrator, it will resolve endpoints from your local DNS as well as an external DNS. Now that the domain has been configured successfully, you can enter your logon credentials which will also be verified before your PingFederate configuration is complete.
A document with instructions for the use of Azure AD Connect has been published on Microsoft’s website. The documentation contains all setup, troubleshooting, and mitigation advisories for the service.