Symantec Access Management

  • Private Community
 View Only

 Single Sign-On environment using Microsoft 365 and SiteMinder

MARUBUN SUPPORT's profile image
MARUBUN SUPPORT posted Jul 26, 2024 01:47 AM

Hi Team,

Our customer has the question about Single Sign-On environment using Microsoft 365 and SiteMinder.
I would appreciate your reply or advice.

[Products]
SiteMinder 12.8 SP07

[Questions]
Our customer is considering building an Single Sign-On environment using Microsoft 365 and SiteMinder.
So, they found the explanation of "Microsoft Office 365" in "Symantec SiteMinder - 12.8".
   URL : https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/siteminder/12-8/ca-sso-runbooks/microsoft-office-365.html

Please answer the following questions.

Q1:
We understand that Office 365 has been renamed to Microsoft 365 and various features have been added.
Does the "Microsoft Office 365" explained also apply to Symantec SiteMinder 12.8 SP07?
If this also applies to SiteMinder 12.8 SP07, please let me know following questions.

Q1-1:
If there are any restrictions or precautions when using it with Microsoft 365.

Q1-2:
If you know of any experience with Microsoft 365 using SiteMinder 12.8 SP07 or later, please let me know.

Q2:
When I search for "Office 365" in the Symantec SiteMinder - 12.8 manual, multiple results come up.
   URL : https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/siteminder/12-8.html

In the items that came up in the search, is it okay to read "Office 365" as "Microsoft 365"?
If this also applies to SiteMinder 12.8 SP07, please let me know if there are any restrictions or precautions when using it with Microsoft 365.


Best Regards,
Marubun Support

MARUBUN SUPPORT's profile image
MARUBUN SUPPORT posted Aug 05, 2024 02:10 AM
We have some additional questions, please answer them.
 
 
Q3:
In SAML federation, for example, when logging into SiteMinder (ldp), it was possible to use the SAMAccountName attribute of AD to provide the mail attribute for federation with SP in an assertion for SSO.
Assuming a federation environment with M365 using WS-Federation, is it possible to use a user attribute different from the login ID as the ID when federating with M365 and WS-Federation?
 
Q4:
The above explanation suggests that Kerberos authentication is used in SSO for federation with M365 via WS-Federation, so only the ID logged in to the Windows terminal can be used when logging in to M365, and other attributes (other than sAMAccountName Please let me check if there is a restriction that only IDs logged in to Windows devices can be used to log in to M365, and other attributes (other than sAMAccountName) cannot be used as login IDs for M365 in WS-Federation.
 
Best Regards,
MARUBUN COPORATON