Ping Federate with Office 365

  • 878 Views
  • Last Post 23 January 2016
SamErde posted this 23 January 2016

ADFS is obviously the predominant method for federating on-prem Active Directory with Office 365. Microsoft recently published some surprisingly specific numbers about usage. However, I'm curious if any of you have experience configuring Office 365 federation & SSO with Ping Federate instead of ADFS. We already have HA Ping servers, so it wouldn't make sense for us to invest the time and infrastructure in ADFS at this point. Ping's documentation seems decent, but has not been updated as tools like DirSync have been superseded by AAD Connect. 
At the same time, I'm also curious (OT) about your experience in configuring installed Office applications with the GPO setting to automatically activate the software using SSO with Office 365.
Thanks!Sam
PS - Here's an interesting read with those numbers that I alluded to:
Best way to connect to Office 365 and Azure AD (latest data) + Azure AD Connect Momentum
http://blogs.technet.com/b/ad/archive/2016/01/05/best-way-to-connect-to-office-365-and-azure-ad-latest-data-azure-ad-connect-momentum.aspx

Order By: Standard | Newest | Votes
bdesmond posted this 23 January 2016

I have a number of enterprise customers who use this setup. My experience is two-fold:

 

a)     

once it’s setup it works fine

b)     

the initial setup seems to take a lot longer than it should every time

 

The only other footnote I would add is that there are a number of device authentication scenarios that AD FS enables for mobile devices (e.g. Intune) and Windows

10. I am not sure whether these scenarios light up with Ping. Many of my customers very quickly jump from just wanting O365 to wanting to control not only who can access services, but what (e.g. approved devices, etc.).



 

Thanks,

Brian Desmond

 

w – 312.625.1438 | c – 312.731.3132

 

show

darren posted this 23 January 2016

I’ve worked with a large customer who used PingFed with O365 and it was seamless. The docs, while a bit out of date, were adequate. We even got the WS-Trust piece

working for PowerShell-based “active client” authn. No big deal. That said, they haven’t done much around mobile scenarios that Brian talks about below.

 

Darren

 

show

Close