Configuring Azure Active Directory join from Microsoft 365 application

You can configure Azure Active Directory join from Microsoft 365 application in the IBM® Security Verify administration console.

Before you begin

Configure Azure Active Directory join to register the Windows device as a trusted device and access Azure protected services seamlessly. Add the Microsoft 365 application to IBM Security Verify and configure single sign-on for Microsoft 365 by using WS-Federation after you configure Azure Active Directory.
  • Configure the device settings in the Azure portal to register your devices with Azure Active Directory. For more information on configuring device settings, see Manage device identities by using the Azure portal.
  • Create a custom domain in the Azure portal and verify that the custom domain is valid in the Azure Active Directory. For more information on creating a custom domain, see Add your custom domain name using the Azure Active Directory portal.
  • Set up a federated Azure Active Directory custom domain with IBM Security Verify. The following federation service end points are provided by IBM Security Verify:
    Endpoint Example
    IssuerUri https://<tenant-hostname>/wsf/sps/wsfedip/wsf
    PassiveLogOnUri https://<tenant-hostname>/wsf/sps/wsfedip/wsf
    ActiveLogOnUri https://<tenant-hostname>/wst/SecurityTokenService13
    MetadataExchangeUri https://<tenant-hostname>/wsf/sps/mex
    LogOffUri https://<tenant-hostname>/idaas/mtfim/sps/idaas/logout
  • Select the attribute from the IBM Security Verify user account that is used as ImmutableID in Azure Active Directory and provision users into Azure Active Directory.

For more information on Azure Active Directory join, see Plan your Azure Active Directory join implementation.