Authenticate via two AD servers without data sync to CIAM

We have requirement to connect to two sperate AD system and do authentication. Both AD system will do authenticate against two different set of application.

One set of users from AD can sync to Ping directory and that can authenticate users.

But one set of users from another AD should not sync to ping system. only need to authentication.

Is it possible? how we can achieve this?

There are many ways to accomplish these needs. Two simple examples;
I prefer the path of distinct realms with distinct definitions of a User Store and an Authentication service.
Though, others may take the other simple path of distinct Authentication services (trees) within the singular realm.
We really need a further set of requirements and preferred outcomes in order to be more helpful. An overview of AM Authentication can be found here: Authentication and SSO :: PingAM 7.5.0

@Giri2024
Is it intentional that AM is not tagged in your question, only IDM and DS. Must I conclude that AM is not involved in this solution?
If AM is part of it, then the solution to authenticate against the external system is to use the LDAP Decision node.
If this AD is an Entra ID service (aka Azure AD), you could also consider opting for an OAuth2 or SAML2 integration?

1 Like