How Azure AD Connect and PingFederate work together
I have some news to share with you today: Microsoft’s integration of PingFederate into Azure AD Connect is now generally available!
We have been eagerly anticipating this GA release as Ping Identity and Microsoft have jointly worked together to build the configuration of PingFederate and Azure AD into the Azure AD Connect wizard. Now, PingFederate users have a simple method to federate on-premises Active Directory with Azure AD. This inclusion enables easy, fast and simple configuration of PingFederate and Azure AD—so your users can have easy, fast, simple and secure access to Office 365.
Why is federating to Azure AD important?
Microsoft’s Keith Brintzenhofe gave a powerful talk at Identiverse on how fast cloud authentication is growing and how Microsoft is delivering this option. One of the points he made, though, is that cloud authentication is lagging in the large enterprise market segment. For this market, federation is still incredibly important—in my opinion because of the hybrid landscape and all of the applications that have to live on premises or in a wide range of cloud platforms. According to Azure AD numbers, approximately 90% of users are federated in the enterprise market segment.
For this reason, having PingFederate easier to configure and federation easier to achieve between on-premises AD and Azure AD is vitally important to the security of a hybrid IT enterprise.
Three customer scenarios for federating AD and Azure AD
We saw many customer scenarios as we went through a private preview and public preview, but three really stood out as examples of when to use the Azure AD Connect tool for building the federation bridge.
The first customer is a large bank that is an existing PingFederate customer migrating their productivity suite to Office 365. As part of their evaluation of O365, they needed to know that their existing identity security infrastructure would work seamlessly with AAD and O365. In the past we would build a POC and go through the PowerShell process to show that once it is configured, PingFederate works like a charm with O365. But with the new version of AAD Connect, we were able to give them links to the public preview version and the documentation, and let them test on their own. Within an hour, they had everything working and were able to check that box on their O365 evaluation checklist.
The second customer that tested is new to both PingFederate and Office 365. Given their lack of familiarity with either solution, we expected we would need to walk them through the testing. Due to time zone issues, we sent them all of the documentation and the link to download AAD Connect, and then scheduled a meeting for the next day. When we got on the phone with them, however, they had already done all of the configuration and had federated their dev lab with the test tenant of O365. Our call went from us thinking we needed to coach them through the process to using that time to architect their final production environment, where multi-factor authentication (MFA) would fit in.
In the final customer, a large device manufacturer was spinning out a new operating unit. They were an existing PingFederate customer building out a new AD and Azure AD infrastructure. Because the AAD Connect wizard was automated, they were able to complete the configuration in less than an hour, without the need for any PowerShell scripts or coding. They simply ran the wizard, and it configured AAD and exported the settings for PingFederate. When asked for feedback, the admin who did the configuration summed it up in four words: “Easy. It worked beautifully.” That is the best kind of public preview feedback you can get!
The takeaway from this new tool is that it simplifies the configuration of federating from on-premises AD to Azure AD. Because granting SSO access to your employees’ productivity suite is almost always the first step in an identity project, this gets you to a winning solution even faster.
For additional resources on this new version of Azure AD Connect, please: