Apr 22 2020 08:03 AM - edited Apr 22 2020 08:19 AM
I am setting up Google as the identity provider, and no issues with the setup, its working fine, but i have a few questions-:
1. I used Global Admin role to setup SSO, but i want to delegate future domains federation without giving global admin role, so i want to know which Office 365 role (instead of Global admin) or permission is allowed to setup federation?
2. I understand Office 365 users immutableId will be the base64 version of AD objectGUID if we use directorySync, but what if we do not use directory sync (cloud only), what would be the immutableId in that case, will it be user's primary email id?
3. What does Office 365 need from IdP in the nameId of SAML to identify and authenticate the user, is it immutableId or UPN or user's primary email address?
4. I have put logoutUri when setting up federation via Powershell (e.g $LogOffUri = “https://mywebsite.com”) but it does not take user there when logging out, rather logs out at office 365 home page.
Thank you so much in advance for sharing your insights.
May 10 2020 11:31 PM