Configuring Microsoft 365 SAML2.0 application in IBM Security® Verify

Configure IBM® Security Verify as the Identity Provider after you configure Azure Active Directory as a Service Provider.

Before you begin

  • You must have administrative permission to complete this task.
  • Log in to the IBM Security Verify administration console.

Procedure

  1. Select Applications > Applications.
  2. Select Add application.
  3. Select Microsoft 365 and select Add application.
  4. Select the Sign-on tab and specify the following information:
    Note: Click the check box to disable sign-on.
    Settings Description
    Sign-on method Specifies the sign-on method. Select SAML2.0 as the Sign-on method.
    Provider ID* Specifies a unique identifier that identifies the provider to its partner provider.
    Assertion consumer service URL (HTTP-POST) The security token is sent to this service provider endpoint. Leave as default.
    Federate multiple domains for Microsoft 365 Select this checkbox to federate multiple domains for Microsoft 365 and configure multiple Service principal names.
    IssuerUri suffix This is only applicable when Federate multiple domains for Microsoft 365 is checked. Select an attribute source, its value will be appended in IssuerUri of the token; when (Default) is selected, the default user UPN or email domain will be appended in IssuerUri of the token.
  5. Map the known user attributes or other attributes that are to be included in the SAML assertion.
    Settings Description
    Attribute Name - IDPEmail Specifies the IDPEmail attribute.

    Select from the Attribute source menu to specify the IDPEmail attribute.

    Attribute Name - ImmutableID Specifies the ImmutableID attribute.

    Select from the Attribute source menu to specify the ImmutableId attribute.

  6. Select an access policy to perform second factor authentication and, optionally, adaptive access authorization.
    Settings Description
    Access policies - Settings Specifies the access policy for second factor authentication. The adaptive access authorization is optional.

    By default, the Use default Policy checkbox is selected.

  7. Click Save.
  8. Select the Entitlements tab and configure the Access type.
    Note: For more information on Entitlements, see Managing application entitlements (by administrator or application owner).
  9. Click Save.