IBM Security Verify

Expand all | Collapse all

SSO to Microsoft 365

  • 1.  SSO to Microsoft 365

    Posted Thu January 21, 2021 10:47 AM
    Edited by Alexandre Gammaro Thu January 21, 2021 10:48 AM
    Hi fellows!

    I'd like to know if the note posted by Shane Weeden, at september 3, 2012, still the same process to do SSO on Microsoft 365.
    SSO to Office365 - Shane Weeden's Blog
    Shane Weeden's Blog remove preview
    SSO to Office365 - Shane Weeden's Blog
    I've received several enquiries lately about performing single sign-on (SSO) from on-premise environments, typically intranets or extranets, to Office 365 software-as-a-service (SaaS) subscriptions. Microsoft's documentation, specifically for directory integration with Office 365 is targeted at customers that utilize Active Directory (AD) in-house and guidance is provided for provisioning users to Office 365 from AD using [...]
    View this on Shane Weeden's Blog >


    Regards,

    ------------------------------
    Alexandre Gammaro
    CyberSecurity Especialist
    Triscal
    ------------------------------



  • 2.  RE: SSO to Microsoft 365

    Posted Fri January 22, 2021 03:52 AM
    Hi Alexandre,

    This really depends on what IBM products and versions you are utilizing, but assuming that you are using currently supported IBM software, you should refer to the following technote: 

    https://www.ibm.com/support/pages/ibm-security-access-manager-microsoft-applications

    Kind Regards,

    ------------------------------
    ---------------------
    Phil Goodman
    IBM Security Verify / IBM Security Verify Access L2 Support
    ------------------------------



  • 3.  RE: SSO to Microsoft 365

    Posted Fri January 22, 2021 08:59 AM
    Hi Phil,

    I will implement the last version, v10.0.1.
    Can i follow both notes?

    ------------------------------
    Alexandre Gammaro
    CyberSecurity Especialist
    Triscal
    ------------------------------



  • 4.  RE: SSO to Microsoft 365

    Posted Fri January 22, 2021 10:22 AM
    Hi Alexandre,

    The basic concepts and principles of achieving SSO to Office365 will be the same as that presented in the above referenced materials, but as they were both created at a time that TFIM was still in support,  you will need to adapt the configuration slightly to port it onto the ISAM Federation Module.  For example, the ISAM Federation Module does not support xslt identity mapping rules so you will need to replace those with javascript rules.  If that is something that you need assistance with doing then you may want to consider a Security Expert Labs engagement.

    Kind Regards,

    ------------------------------
    ---------------------
    Phil Goodman
    IBM Security Verify / IBM Security Verify Access L2 Support
    ------------------------------



  • 5.  RE: SSO to Microsoft 365

    Posted Fri January 22, 2021 10:52 AM
    Perfect, Phil.
    I appreciate it. =D
    I will start the configuration, but i'm doubt about this "Security Expert Labs engagement".

    ------------------------------
    Alexandre Gammaro
    CyberSecurity Especialist
    Triscal
    ------------------------------



  • 6.  RE: SSO to Microsoft 365

    Posted Fri January 22, 2021 11:09 AM
    The main reason I mentioned Security Expert Labs (formerly known as IBM Product Professional Services) was because this level of customization would fall beyond the scope of IBM Support.

    Good luck with the configuration anyway, and if you run into issues then you can always ask for more assistance on this Community.

    Regards,

    ------------------------------
    ---------------------
    Phil Goodman
    IBM Security Verify / IBM Security Verify Access L2 Support
    ------------------------------



  • 7.  RE: SSO to Microsoft 365

    Posted Fri January 22, 2021 11:24 AM
    Ohh.. i understand now...
    The customer has these services.

    Tks Phil! =D

    ------------------------------
    Alexandre Gammaro
    CyberSecurity Especialist
    Triscal
    ------------------------------



  • 8.  RE: SSO to Microsoft 365

    Posted Fri January 22, 2021 12:53 PM
    I have one more doubt about the Security Experts Labs.
    How i contact the lab about FSSO configuration for example? via case?

    ------------------------------
    Alexandre Gammaro
    CyberSecurity Especialist
    Triscal
    ------------------------------



  • 9.  RE: SSO to Microsoft 365

    Posted 30 days ago
    Good Morning Alexandre,

    Security Expert Labs can be contacted via your IBM Sales Representative, or directly via their "Contact Us" web form found on the web site: https://www.ibm.com/security/security-expert-labs

    Kind Regards,

    ------------------------------
    ---------------------
    Phil Goodman
    IBM Security Verify / IBM Security Verify Access L2 Support
    ------------------------------



  • 10.  RE: SSO to Microsoft 365

    Posted 29 days ago
    Hi Phil, good morning!

    Great.
    So, if i click in "Contact Us" i will go directly to open a support case, is alright?
    I thought that the Security Expert Labs would a differente way to contact IBM to specific cases, problems with configuration and help with scripts.

    Regards,

    ------------------------------
    Alexandre Gammaro
    CyberSecurity Especialist
    Triscal
    ------------------------------



  • 11.  RE: SSO to Microsoft 365

    Posted 29 days ago
    Good Morning Alexandre,

    No,  I would expect the Contact Us form to result in an email sent directly to the Security Expert Labs Sales Team who will then contact you to discuss your particular requirements.  Support Cases would not be involved at all as this would not be an issue concerning IBM Support.

    Many Thanks,

    ------------------------------
    ---------------------
    Phil Goodman
    IBM Security Verify / IBM Security Verify Access L2 Support
    ------------------------------



  • 12.  RE: SSO to Microsoft 365

    Posted 29 days ago
    Good Morning Phil,

    Great.
    I appreciate it your help and your time.

    Regards,

    ------------------------------
    Alexandre Gammaro
    CyberSecurity Especialist
    Triscal
    ------------------------------



  • 13.  RE: SSO to Microsoft 365

    Posted 25 days ago
    Hi Phil,

    Sorry to revival this topic, but i have one more doubt about this configuration mentioned by Shane Weeden. On the blog, he sayed about SSO to Office 365 using TFIM, but i will user IBM Security Verify Access to do this SSO.
    Could i do it the same way?

    ------------------------------
    Alexandre Gammaro
    CyberSecurity Especialist
    Triscal - agammaro@triscal.com.br
    ------------------------------



  • 14.  RE: SSO to Microsoft 365

    Posted 23 days ago
    Hi Alexandre,

    IBM Security Verify Access includes an optional add-on module (Federation Module) that once licensed and activated, provides the majority of functionality that the old and no longer supported TFIM product used to provide.   So, providing you have a license for ISVA which includes use of the Fed Module, you should be able to use that to provide the same functionality that Shane makes use of in his blog article.

    Kind Regards,

    ------------------------------
    ---------------------
    Phil Goodman
    IBM Security Verify / IBM Security Verify Access L2 Support
    ------------------------------



  • 15.  RE: SSO to Microsoft 365

    Posted 22 days ago
    Hi Phil...

    Ahh.. ok.. i see...
    So, Do i need use/create this federation as service ou identity provider?

    ------------------------------
    Alexandre Gammaro
    CyberSecurity Especialist
    Triscal - agammaro@triscal.com.br
    ------------------------------



  • 16.  RE: SSO to Microsoft 365

    Posted 22 days ago
    Hi Alexandre,

    You will have to apply the federation License and should be good to start. Creation federation post it. You can follow ISAM Federation cook book. If you are new and need help on this.

    ------------------------------
    Rahil Anwar
    ------------------------------



  • 17.  RE: SSO to Microsoft 365

    Posted 22 days ago
    Hi Alexandre,

    Office 365 is the SP and ISAM Federation Module would be acting as the IdP.

    Kind Regards,

    ------------------------------
    ---------------------
    Phil Goodman
    IBM Security Verify / IBM Security Verify Access L2 Support
    ------------------------------