Configuring ACS Proxy with PingFed for M365 and AD
You can setup an ACS Proxy working with Forcepoint Data Security Cloud | SSE, PingFed, and Microsoft365 using Active Directory 2019 as the directory store.
Following are the different components used in the setup along their versions:
- Directory/Data Store: Windows 2019 AD
- Federation Service: PingFed 10.2
- Microsoft365
Before starting, make sure you have Windows Active Directory installed as well as PingFed installed on a Windows Server. You can find documentation for installing PingFed on their Installation documentation page.
Note: Forcepoint Data Security Cloud | SSE UI supports UTF-8 characters. However, the SAML
assertion only supports low-ASCII characters as attribute values. If an attribute value contains characters that are not low-ASCII, then SAML sign-in failures occur.
Note: Forcepoint Data Security Cloud | SSE UI supports UTF-8 characters. However, the SAML
assertion only supports low-ASCII characters as attribute values. If an attribute value contains characters that are not low-ASCII, then SAML sign-in failures occur.
Once installed, you can proceed to the setup. You will need to do the following three configuration steps in PingFed:
- Creating a Data Store: To Manage data stores for use with attribute lookups.
- Configuring a PCV: Credential validators are plug-ins used to verify username and password pairs in various contexts throughout the system. The actual application of a validator instance must be configured in the appropriate context as needed (for example, OAuth Resource Owner Credentials Mapping).
- Configuring an AD Realm: PingFederate uses a centralized configuration of Active Directory Domains or Kerberos Realms to verify authenticated users via adapters or token processors.