This article provides details about the ability for K2 Cloud customers to use Microsoft Azure Active Directory (AAD) when AAD is federated to PingIdentity for authentication. In this scenario, identities must be stored in AAD for every user expected to use K2 Cloud sites and services, including K2 Management, K2 Designer, K2 Workspace, and K2 mobile apps.
Microsoft Azure AD (AAD) is the sole Identity Provider (IdP) within K2 Cloud and users are expected to be presented to K2 for authorization following an authentication pipeline by AAD. In some circumstances, you may want to delegate the final authentication of a user to a system outside of AAD, in this case, PingIdentity, to serve as the location where identity is validated. Users that are in an environment configured for this type of federated authentication use this authentication flow:
The scenario detailed in this article allows you to use PingIdentity authentication to log in to your K2 sites. The scenario assumes the following items are in place before starting:
By configuring PingIdentity as a federated authentication provider, you can use Ping-based accounts, synchronized from Active Directory, to log in to K2 sites as well as SharePoint Online.
You may try to omit one or two pieces of this configuration, such as not having an on-prem Active Directory, but your results may vary. K2 has tested this configuration as described in this article but cannot support the configuration of PingFederate or variations of it.
If you have an environment or requirements that do not fit the scenario outlined in this article, create a Remote Services request to determine if K2 can help.
You can only use this approach if you have K2 for SharePoint Online and have synchronized your Active Directory to Azure Active Directory.
You can log to one of your K2 sites using your Azure AD credentials via Ping.