Click Devices > Identity Servers > Edit > WS-Trust > Service Provider Domain.
Click New > General to create a general domain. Selecting New > Office 365 creates an Office 365 domain that can be configured for active authentication. For information about creating an Office 365 domain, see Configuring an Office 365 Domain By Using WS-Trust Protocol.
Specify the following details:
Name: Specify a name for the domain.
WS-Trust Operations: Select operations in Available operations that WS-Trust STS performs for tokens and move these to Selected operations.
The available operations are Issue, Validate, OnBehalfOf, ActAs, and Renew.
If you select OnBehalfOf and Act As the Available operations, additional configuration is required. For more information, see Adding Policy for ActAs and OnBehalfOf.
Click Finish. Continue with creation of a trusted Service Provider. For more information, see Adding Web Service Providers.