IBM Verify

IBM Verify

Join this online user group to communicate across Security product users and IBM experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.

 View Only

  • 1.  Hybrid AzureAD join for federated domains scenario support

    Posted Mon January 17, 2022 07:49 AM

    Hello,

    While federating Azure authentication to ISAM, we are facing this integration scenario :

    https://docs.microsoft.com/en-us/azure/active-directory/devices/hybrid-azuread-join-federated-domains

    According to this documentation :

    A federated environment should have an identity provider that supports the following requirements. If you have a federated environment using Active Directory Federation Services (AD FS), then the below requirements are already supported.

    • WIAORMULTIAUTHN claim: This claim is required to do hybrid Azure AD join for Windows down-level devices.
      • WS-Trust protocol: This protocol is required to authenticate Windows current hybrid Azure AD joined devices with Azure AD. When you're using AD FS, you need to enable the following WS-Trust endpoints: /adfs/services/trust/2005/windowstransport /adfs/services/trust/13/windowstransport /adfs/services/trust/2005/usernamemixed /adfs/services/trust/13/usernamemixed /adfs/services/trust/2005/certificatemixed /adfs/services/trust/13/certificatemixed

    Wonder if VerifyAccess can do it and how in order to replace ADFS.



    #Support
    #SupportMigration
    #Verify


  • 2.  RE: Hybrid AzureAD join for federated domains scenario support
    Best Answer

    Posted Wed March 02, 2022 08:55 AM

    For those stuck with the same issue, here is how to proceed, step by step.

    https://community.ibm.com/community/user/security/blogs/yongming-chen1/2022/02/27/configure-azure-ad-join-ibm-security-verify-access



    #Support
    #SupportMigration
    #Verify