- Aux ID 1 – userPrincipalName
- Aux ID 2 – otherLoginWorkstations
- Aux ID 5 - – otherIpPhone and make it writable. (This field is set from custom pre- authentication page - – MSConditionalAccess.aspx.vb)
- Go to the Web.Config file for this specific realm and add this line to modify the AuxID 5 definition:
- User ID Mapping – select Authenticated User ID. The user can choose to map other parameters, if needed.
Name ID Format – select urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified
- Encode to Base64 – select False
c. Scroll down to the 'OpenID Connect/OAuth 2.0 – Settings' section and provide the following values:
- Enable - – True
- Issuer - Should – Should be the FQDN/Hostname of the IdP appliance. This must be publicly facing and have a valid SSL certificate.
- Signing Algorithm - Can – Can be either RSA SHA256 (RS256) or HMAC SHA256 (HS256)
- Signing Cert - Can – Can use any certificate that is a private key readable by SecureAuth IdP. Do not use wild cards in a certificate.
- Auto Accept User Consent - – True. This provides a cleaner user experience.
- Enable User Consent Storage - – True. This provides a cleaner user experience and enables check session endpoints.
- Consent Storage Attribute - The – The AUX ID 2 that was mapped to a string attribute (for example, otherLoginWorkstations)
- App ID – enter the data applications that MSFT has referenced.
- ClientID – retrieve from the designated realm under the 'OpenID Connect/OAuth 2.0 – Clients' section (refer to ).
5. When you have finished, click Save.