Microsoft Secure Tech Accelerator
Apr 03 2024, 07:00 AM - 11:00 AM (PDT)
Microsoft Tech Community
SOLVED

AAD Connect + Ping Federate

Copper Contributor

Anyone have insight into the capabilities this integration will bring and/or timeline for it?

 

Noticed the announcement about Ping Access today but more interested in the Ping Federate side. Here is the article with initial reference: 

 

 

6 Replies

Great question! Have you looked at this yet? 

 

https://ping.force.com/Support/PingIdentityArticle?id=kA340000000PMraCAG

The integration with Ping is really around Ping Access and we released the preview together with Ping just a few days ago. https://blogs.technet.microsoft.com/enterprisemobility/2017/03/22/pingaccess-for-azure-ad-the-public...

 

The Ping Federate integration is purely a feature that will allow Azure AD Connect to launch the setup of Ping Federate. Just like with AD FS there is no integration needed with Azure AD Connect after the initial setup. Ping Federate has been a supported Azure AD compatible federation provider for many years and that doesn't change with this.

 

Brjann Brekkan

- Azure AD Program Manager

We have Ping Federate as replacement for ADFS in place Only this is not a new configuration with Ping Access. I am also really interested in this case, there could be a good reason to upgrade to Ping access.

Regarding the configuration of Ping federation this is almost identical to the configuration of ADFS 2.0.

best response confirmed by Daniel Martins (Microsoft)
Solution

I would recommend connecting with Ping Identity sales team. Ping Access is not seen as an upgrade or instead of Ping Federate - they play different roles in your access strategy but it would be wrong of me to try and explain that. 

 

In Azure AD there is one component that does all the authentication, federation and sso capabilities similar to what Ping Fed/ADFS does on premises and then the Application Proxy is about taking an internal web application and making this available to end users that are outside the network. 

 

Brjann

Hi Jerry,

 

When you replaced ADFS with Ping Federate as you described,  Could you tell me what basic steps were involved?  Can you have 0365 and Azure Ad Connect connected to both ADFS and Ping Federate at the same time to minimize downtime?  We are looking to accomplish this but cannot find any good migration documentation for this.  Ideally, we would like to integrate with our 0365 with Ping Federate (while still federating with ADFS), and then disable the ADFS portion.  That is probably not possible but would be ideal. 

 

Thanks, 

 

Kevin C.

You are correct - a domain in Azure AD can't be federated to two different federation endpoints. Perhaps an alternate way to accomplish this is to enable pw hash sync and fall back to that to minimize user impact then you can switch the federation provider and turn it back to federation (unless you see that PHS is really good way to do auth and select to simplify your setup by removing federation all together)

 

Recommend looking at the deployment guides for ADFS to PHS here: http://aka.ms/deploymentplans 

 

Brjann

1 best response

Accepted Solutions
best response confirmed by Daniel Martins (Microsoft)
Solution

I would recommend connecting with Ping Identity sales team. Ping Access is not seen as an upgrade or instead of Ping Federate - they play different roles in your access strategy but it would be wrong of me to try and explain that. 

 

In Azure AD there is one component that does all the authentication, federation and sso capabilities similar to what Ping Fed/ADFS does on premises and then the Application Proxy is about taking an internal web application and making this available to end users that are outside the network. 

 

Brjann

View solution in original post