Has anyone tried integrating ILMT with AZURE AD SSO? We are thinking to implement the same in our environment . We had tried to implement SSO in our test environment but the URL didnt work. Could someone please guide me through?

Hello Sarthak,

As of now integrating ILMT with AZURE is at the wish list (IDEA / RFE).

However some customers have successfully implement SAML (using WebSphere) with Azure AD as IdP.
So, I'd say that it's doable but requires some additional setup...

As a starting point there are three things to verify :

1) Which URL is it ?
Does the 'Login page URL' on SSO page has the value copied from Azure console "Azure > Properties > access URL" 

2) Has the spMetadata.xml been imported to Azure AD ?
procedure is described in following :
https://www.ibm.com/docs/en/license-metric-tool?topic=token-step-2-configuring-identity-provider-single-sign#configuring_claim_rule3)

3) You have to make sure that Azure IdP provider is configured to allow for HTTP-POST binding in order to interoperate with ILMT.
(By default, Azure AD only enables HTTP redirect binding and not HTTP POST binding, HTTP redirect binding is not supported by ILMT/WebSphere)

Has anyone tried integrating ILMT with AZURE AD SSO? We are thinking to implement the same in our environment . We had tried to implement SSO in our test environment but the URL didnt work. Could someone please guide me through?

Hi,

Thanks for the reply. Is there any document to support the claim regarding ILMT not supporting http redirect binding and only supports http post binding?

Regards,

Sarthak Saluja

Hello Sarthak,

As of now integrating ILMT with AZURE is at the wish list (IDEA / RFE).

However some customers have successfully implement SAML (using WebSphere) with Azure AD as IdP.
So, I'd say that it's doable but requires some additional setup...

As a starting point there are three things to verify :

1) Which URL is it ?
Does the 'Login page URL' on SSO page has the value copied from Azure console "Azure > Properties > access URL" 

2) Has the spMetadata.xml been imported to Azure AD ?
procedure is described in following :
https://www.ibm.com/docs/en/license-metric-tool?topic=token-step-2-configuring-identity-provider-single-sign#configuring_claim_rule3)

3) You have to make sure that Azure IdP provider is configured to allow for HTTP-POST binding in order to interoperate with ILMT.
(By default, Azure AD only enables HTTP redirect binding and not HTTP POST binding, HTTP redirect binding is not supported by ILMT/WebSphere)

Has anyone tried integrating ILMT with AZURE AD SSO? We are thinking to implement the same in our environment . We had tried to implement SSO in our test environment but the URL didnt work. Could someone please guide me through?

Hello Sarthak,

As of now integrating ILMT with AZURE is at the wish list (IDEA / RFE).

However some customers have successfully implement SAML (using WebSphere) with Azure AD as IdP.
So, I'd say that it's doable but requires some additional setup...

As a starting point there are three things to verify :

1) Which URL is it ?
Does the 'Login page URL' on SSO page has the value copied from Azure console "Azure > Properties > access URL" 

2) Has the spMetadata.xml been imported to Azure AD ?
procedure is described in following :
https://www.ibm.com/docs/en/license-metric-tool?topic=token-step-2-configuring-identity-provider-single-sign#configuring_claim_rule3)

3) You have to make sure that Azure IdP provider is configured to allow for HTTP-POST binding in order to interoperate with ILMT.
(By default, Azure AD only enables HTTP redirect binding and not HTTP POST binding, HTTP redirect binding is not supported by ILMT/WebSphere)

Has anyone tried integrating ILMT with AZURE AD SSO? We are thinking to implement the same in our environment . We had tried to implement SSO in our test environment but the URL didnt work. Could someone please guide me through?

All of the prerequisites are checked but still the login page is only loading, nothing is coming up even after waiting 30 minutes.

Hello Sarthak,

As of now integrating ILMT with AZURE is at the wish list (IDEA / RFE).

However some customers have successfully implement SAML (using WebSphere) with Azure AD as IdP.
So, I'd say that it's doable but requires some additional setup...

As a starting point there are three things to verify :

1) Which URL is it ?
Does the 'Login page URL' on SSO page has the value copied from Azure console "Azure > Properties > access URL" 

2) Has the spMetadata.xml been imported to Azure AD ?
procedure is described in following :
https://www.ibm.com/docs/en/license-metric-tool?topic=token-step-2-configuring-identity-provider-single-sign#configuring_claim_rule3)

3) You have to make sure that Azure IdP provider is configured to allow for HTTP-POST binding in order to interoperate with ILMT.
(By default, Azure AD only enables HTTP redirect binding and not HTTP POST binding, HTTP redirect binding is not supported by ILMT/WebSphere)

Has anyone tried integrating ILMT with AZURE AD SSO? We are thinking to implement the same in our environment . We had tried to implement SSO in our test environment but the URL didnt work. Could someone please guide me through?