Configuring Microsoft 365 SAML2.0 application in IBM Verify

Configure IBM® Verify as the Identity Provider after you configure Azure Active Directory as a Service Provider.

Before you begin

Select the Sign-on tab and specify the following information:

Note: Click the check box to disable sign-on.


Settings	Description
Sign-on method	Specifies the sign-on method. Select SAML2.0 as the Sign-on method.
Provider ID*	Specifies a unique identifier that identifies the provider to its partner provider.
Assertion consumer service URL (HTTP-POST)	The security token is sent to this service provider endpoint. Leave as default.
Federate multiple domains for Microsoft 365	Select this checkbox to federate multiple domains for Microsoft™ 365 and configure multiple Service principal names.
IssuerUri suffix	This is only applicable when Federate multiple domains for Microsoft 365 is checked. Select an attribute source, its value will be appended in IssuerUri of the token; when (Default) is selected, the default user UPN or email domain will be appended in IssuerUri of the token.

Map the known user attributes or other attributes that are to be included in the SAML assertion.


Settings	Description
Attribute Name - IDPEmail	Specifies the IDPEmail attribute. Select from the Attribute source menu to specify the IDPEmail attribute.
Attribute Name - ImmutableID	Specifies the ImmutableID attribute. Select from the Attribute source menu to specify the ImmutableId attribute.

Select an access policy to perform second factor authentication and, optionally, adaptive access authorization.


Settings	Description
Access policies - Settings	Specifies the access policy for second factor authentication. The adaptive access authorization is optional. By default, the Use default Policy checkbox is selected.

Click Save.
Select the Entitlements tab and configure the Access type.

Note: For more information on Entitlements, see Managing application entitlements (by administrator or application owner).
Click Save.