Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.


      • Aux ID 1 – userPrincipalName
      • Aux ID 2 – otherLoginWorkstations
      • Aux ID 5 - – otherIpPhone and make it writable. (This field is set from custom pre- authentication page - – MSConditionalAccess.aspx.vb)
      • Go to the Web.Config file for this specific realm and add this line to modify the AuxID 5 definition:


      • User ID Mapping – select Authenticated User ID. The user can choose to map other parameters, if needed.
      • Name ID Format – select urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified

      • Encode to Base64 – select False


c. Scroll down to the 'OpenID Connect/OAuth 2.0 – Settings' section and provide the following values:

      • Enable - – True
      • Issuer - Should – Should be the FQDN/Hostname of the IdP appliance. This must be publicly facing and have a valid SSL certificate.
      • Signing Algorithm - Can – Can be either RSA SHA256 (RS256) or HMAC SHA256 (HS256)
      • Signing Cert - Can – Can use any certificate that is a private key readable by SecureAuth IdP. Do not use wild cards in a certificate.
      • Auto Accept User Consent - – True. This provides a cleaner user experience.
      • Enable User Consent Storage - – True. This provides a cleaner user experience and enables check session endpoints.
      • Consent Storage Attribute - The – The AUX ID 2 that was mapped to a string attribute (for example, otherLoginWorkstations)


    • App ID – enter the data applications that MSFT has referenced.
    • ClientID – retrieve from the designated realm under the 'OpenID Connect/OAuth 2.0 – Clients' section (refer to Step 10e).


FIGURE 19. JSON Field Assignments


5. When you have finished, click Save.