1. Integrate an on-premise Active Directory (AD) as the Identity Repository.
    

   We use "AD Connect" as an example, if you have integrated AD in other ways (e.g. LDAP directory), please skip this step.

    
   1. Select "Active Directory".

      

   2. Download AD Connect and install it in AD host.

      

   3. Set authentication to "sAMAccountName".

      

   4. Set SAML_SUBJECT to "sAMAccountName", and save the draft.

      

2. Add a new SAML application and configure the settings:
   1. Add a new SAML application, and specify the application name.

      

      

   2. Configure SAML Settings.
      1. Set the following values:
         • Assertion Consumer Service (ACS): https://<host-to-your-ApexCentral>/WebApp/login.aspx
         • Entity ID: https://<host-to-your-ApexCentral>/WebApp/login.aspx
         • Signing: Sign Assertion

         

      2. Add new attribute with following settings:
         • Application Attribute: http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname

           

         • Click the Advanced button, and do the following:
           • Add "<NETBIOS domain name>\" on the first attribute, then tick As Literal.
           • Add "sAMAccountName" on the second attribute.

           

      3. Set the Group Access.

         

      4. Make sure that the SAML settings are correct.

         

1. Integrate AD with Apex One as a Service.
   For detailed instructions refer to step 2 of Synchronize AD information and authenticate AD accounts from this article: Integrate Active Directory (AD) with Apex One as a Service.
2. In Apex Central, go to Administration > Account Management > User Accounts.
3. Click Add.

   

4. Select Active Directory user or group, specify the User/Group name, and click Next.

   

5. Select the desired role, configure folder options, and click Save.

   

6. Configure ADFS for Apex Central:
   1. Go to Administration > Settings > Active Directory and Compliance Settings > Active Directory Settings.
   2. Select the following:
      • Enable Active Directory synchronization
      • Enable Active Directory authentication
   3. Specify the SSO service URL and Service identifier, and select the Signing certificate:

      Field Name on Apex Central setting page	Ping Identity Attribute Name
      SSO service URL	From SAML Metadata:
      Server identifier	Single Sign-On (SSO) Relay State
      Server certificate	Signing Certificate

      

1. Switch to the Ping Dock and login as a user of the group granted with the access to the Apex Central service.
2. Click the application to initiate SSO to Apex Central.

   

SP Initiated SSO

Enter an AD user in Apex Central login console, browser will redirect page to Ping. After authentication, the page will be redirected back to Apex Central.