Microsoft 365: Deploying Forcepoint ONE SSE as a SAML IdP

This section will guide you through configuring Forcepoint ONE SSE as a SAML Identity provider for Microsoft 365 single sign-on (SSO) authentication. This will ensure visibility and access control of Microsoft 365 via Forcepoint ONE SSE CASB.

Note:

For hybrid deployments, that are using both Exchange and Microsoft 365 you will need to ensure that the login format is set to UPN.
SSO Auth is required to support Client Cert checking. You can view the list of supported Microsoft apps on the Microsoft 365 Client App Support page.
You can also enable SSO Auth for Microsoft 2013 apps by following the instructions on the Enable Modern Authentication for Office 2013 on Windows devices page.