Configure IBM® Security Verify as the
Identity Provider after you configure Azure Active Directory as a Service Provider.
Before you begin
- You must have administrative permission to complete this task.
- Log in to the IBM Security Verify
administration console.
Procedure
-
Select
.
- Select Add application.
-
Select Microsoft 365 and select Add
application.
- Select the Sign-on tab and specify the following
information:
Note: Click the check box to disable sign-on.
Settings |
Description |
Sign-on method |
Specifies the sign-on method. Select SAML2.0 as the Sign-on
method. |
Provider ID* |
Specifies a unique identifier that identifies the provider to its partner provider. |
Assertion consumer service URL (HTTP-POST) |
The security token is sent to this service provider endpoint. Leave as default. |
Federate multiple domains for Microsoft 365 |
Select this checkbox to federate multiple domains for Microsoft 365 and configure multiple Service principal names. |
IssuerUri suffix |
This is only applicable when Federate multiple domains for Microsoft
365 is checked. Select an attribute source, its value will be appended in IssuerUri of
the token; when (Default) is selected, the default user UPN or email domain
will be appended in IssuerUri of the token. |
- Map the known user attributes or other attributes that are to be included in the SAML
assertion.
Settings |
Description |
Attribute Name - IDPEmail |
Specifies the IDPEmail attribute. Select from the Attribute source
menu to specify the IDPEmail attribute.
|
Attribute Name - ImmutableID |
Specifies the ImmutableID attribute. Select from the Attribute
source menu to specify the ImmutableId attribute.
|
- Select an access policy to perform second factor authentication and, optionally, adaptive
access authorization.
Settings |
Description |
Access policies - Settings |
Specifies the access policy for second factor authentication. The adaptive access
authorization is optional. By default, the Use default Policy checkbox is
selected.
|
- Click Save.
- Select the Entitlements tab and configure the Access
type.
- Click Save.