Getting claims from AD in a PingFederate SSO scenario

AMBAR RAY 1 Reputation point
2021-12-13T08:43:53.857+00:00

We have multiple domains, each having their own AD and users therein. The federation is done using PingFederate. PingFederate is the token provider. In Service Providers, PingFederate is integrated with AD. Likewise it is done for Identity Provider.

If the tokens are provided by PingFederate how and from where we can put the AD roles and user groups information in the claims?

Microsoft Security | Microsoft Entra | Microsoft Entra ID
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. JamesTran-MSFT 36,911 Reputation points Microsoft Employee Moderator
    2021-12-30T22:32:52.813+00:00

    @AMBAR RAY
    Thank you for your post and I apologize for the delayed response!

    If you're getting the tokens from PingFederate and want to add Active Directory (AD) roles (i.e., user, and group info) into the claims, I found a Stack Overflow thread that might help point you in the right direction. Additionally, when it comes to our internal/external documentation, I wasn't able to find anything relating to adding claims into a Ping Federate token. However, I'd recommend reaching out to the Ping Federate Community so their experts can take a look into this as well.

    Links:
    pingfederate as a adfs claim provider
    AD FS 2.0 Attribute Store Overview
    PowerShell Attribute Store for AD FS 2.0

    I hope this helps!

    If you have any other questions, please let me know.
    Thank you for your time and patience throughout this issue.

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.