When you configure a new Office 365 domain by using the WS-Trust protocol, it creates a domain preconfigured for active authentication and also creates a WS-Federation service provider that is preconfigured for passive authentication.
Click Devices > Identity Servers > Edit > WS-Trust > Service Provider Domain.
Click New > Office 365 Domain and specify a name to identify the domain. This domain is by default configured with ImmutableID and Attribute Set information and a service provider with the same name as the Office 365 domain is automatically created.
An authentication method Name/Password - Form-WebService is created and selected for WS-Trust. This method ensures that an email address/password is accepted for authentication.
Click the domain name to make further modifications. See Modifying Service Providers.
Select the WS-Federation tab and verify that a new service provider with the same name as the Office 365 domain is created. This service provider is preconfigured with the Attribute Set information and authentication response for the passive authentication.
NOTE:You have to check and confirm the assigned attribute set. Also, check the contract assigned in the WS-Fed domain as the default is assigned a non-secure form. If required, change to the Secure Name/Password form.