To use Microsoft Azure Active Directory to manage the user IDs and passwords that access applications through Federated Single Sign-On with IBM®® Security Verify, you must configure it as an identity provider.
Before you begin
You must have an Azure Active Directory account with administrative access.
Procedure
-
Log in to the Azure AD portal as an administrator.
-
Click Azure Active Directory from the left navigation pane.
-
Click Enterprise applications.
-
Click New application from the Enterprise
applications page.
-
Click .
-
Type a name for the application and click Add.
The application might take a few minutes to be created. After it is created, a
management page is displayed.
-
Click Properties and then select Yes for
User assignments required.
-
Click Save.
-
Click Users and groups from the Manage
navigation.
Assign the users and groups that are entitled to this application.
-
Click .
-
Select the users and groups that you want to entitle.
-
Click Assign.
-
Click Save.
-
Click Single sign-on.
-
Select SAML-based Sign-on from the Single Sign-on
Mode menu.
-
Get the SAML EntityID and Assertion Consumer Service
URL information from IBM Security Verify.
- Log in to IBM Security Verify.
- Click .
- Return to the Azure Active Directory.
-
Specify the following settings.
- Identifier
- Specify the SAML EntityID of IBM Security Verify.
- Reply URL
- Specify the Assertion Consumer Service URL of IBM Security Verify.
For example,
-
Select the attribute in the User Attributes section that is to be sent
as the SAML subject from the User Identifier menu.
For example, select user.userprincipalname.
-
Select the View and edit all other user attributes check box to view or
edit the claims issued in the SAML token to the application.
-
Select Create new certificate.
-
Click to create a new certificate.
-
Select the Make new certificate active check box.
-
Click Metadata XML in the DOWNLOAD column of the
SAML Signing Certificate section to download the identity provider metadata
that is to be imported on the service provider side (Verify) .
-
Select the Show advanced certificate signing settings check box and
specify the following settings.
- Signing Option
- Select the option that meets your requirements from the drop-down list.
- Signing Algorithm
- Select SHA-256 or SHA1 from down-down list.
- Optional:
Modify the value for Notification Email.
-
Click Save.