Certified: June 18, 2025
Solution Summary
This guide describes Microsoft 365 integration with RSA (or ID Plus) using SAML 2.0 and SCIM. Use this information to determine which use case and integration type your deployment will employ.
Use Case
Integration Types
My Page SSO provides Single-Sign-On (SSO) to Microsoft 365 users leveraging RSA self-service portal My Page. When integrated, users must authenticate with RSA to sign in Microsoft 365. Both SP-initiated SSO and IdP-initiated SSO are supported. Modern Cloud-hosted SSO with My Page replaces the existing SAML SSO support with the IDR. Existing SSO integrations using IDR My Applications continue to be supported and will be listed in this document as applicable.
Note: RSA will continue to maintain existing SAML SSO integrations using IDR My Applications. At a to-be-determined future date, RSA will announce the end-of-life (EOL) date for the SAML SSO support with the IDR. For more information Available Now: My Page SSO Enhancements.
Relying Party integration allows Microsoft 365 users’ web browsers to be automatically redirected to CAS for authentication. With Relying Party integration, CAS can manage only additional authentication or both primary authentication (for example, user ID and password) and additional authentication.
Microsoft Entra ID will serve as the SCIM client with CAS acting as a SCIM server providing an endpoint for the SCIM client to connect to.
This integration will allow the administrators of Microsoft Entra ID to synchronize any changes performed to Microsoft Entra ID with the Unified Directory of CAS. Any CRUD operations (create, read, update, and delete) done on the users on the Microsoft side will automatically synchronize to the CAS without any manual intervention needed from the administrator side.
Supported Features
This section shows all the supported features by integration type and by RSA components. Use this information to determine which integration type and RSA component your deployment will use. The next section in this guide contains the instruction steps for how to integrate RSA with Microsoft Office 365 using each integration type.
Microsoft Office 365 Integration with CAS
| Authentication Methods | RSA MFA API (REST) | RADIUS | Relying Party | My Page SSO |
| Approve | - | - | | |
| LDAP Password | - | - | | |
| SecurID OTP | - | - | | |
| Authenticate OTP | - | - | | |
| Device Biometrics | - | - | | |
| SMS OTP | - | - | | |
| Voice OTP | - | - | | |
| FIDO Security Key | - | - | | |
| QR Code | - | - | | |
| Emergency Access Code | - | - | |
Microsoft Office 365 Integration with Authentication Manager (AM)
| Authentication Methods | RSA MFA API (REST) | RADIUS | Authentication Agent |
|---|---|---|---|
| RSA SecurID | - | - | - |
| On Demand Authentication | - | - | - |
| Risk-Based Authentication | - | - | - |
| Supported | |
| - | Not supported |
| n/t | Not yet tested or documented, but may be possible |
| n/a | Not applicable |
Configuration Summary
This section contains instruction steps that show how to integrate Microsoft Office 365 with CAS using all supported integration types. This document is not intended to suggest optimum installations or configurations. It is assumed that the reader has both working knowledge of all products involved, and the ability to perform the tasks outlined in this section. Administrators should have access to the product documentation for all products in order to install the required components.
All RSA and Articulate Reach 360 components must be installed and working prior to the integration.
Integration Configuration
CAS
- Microsoft 365 - SAML and SCIM My Page SSO Configuration - RSA Ready Implementation Guide
- Microsoft 365 - SAML and SCIM Relying Party Configuration - RSA Ready Implementation Guide
RSA Terminology Changes
RSA is introducing new consistent terminologies across all products and platforms. Refer to the following table for the list of old and new terminologies.
|
Old Terminology |
New Terminology |
Example |
|
Cloud Authentication Service |
Cloud Access Service |
|
|
Token |
OTP Credential |
SecurID OTP Credential |
|
Authenticator |
Hardware Authenticator | |
|
Tokencode |
OTP |
SecurID OTP, SMS OTP, Voice OTP |
|
Access Code |
Emergency Access Code | |
|
SecurID Authenticate app |
RSA Authenticator app |
RSA Authenticator app for iOS and Android, RSA Authenticator app for Windows |
|
Device |
Authenticator |
Register an authenticator |
|
Company ID |
Organization ID |
|
|
Account |
Credential |
|
|
Device Serial Number |
Binding ID |
|
Certification Details
RSA
Microsoft 365
Known Issues
No known issues
