SlideShare una empresa de Scribd logo

Office 365-single-sign-on-with-adfs

Descargar como PPTX, PDF
A
amitchachra

Active Directory Federation Services to achieve Single Sign on with Office 365

Tecnología
1 de 35
Single Sign on with Active Directory Federation in Office 365/SharePoint Online Presented by: Amit Chachra, Principal Lead Consultant with Magenic Allen Yu, Senior Systems Engineer with WCIRB of California © Magenic Technologies, Inc. 2011 Confidential and Proprietary Information 1
Agenda • Office 365 Identity – Identity Management Overview – Identities for Microsoft Cloud Services – Core Identity Scenarios with Office 365 • Directory Sync with Password Sync • ADFS 2.0 – High Availability and Highly Resiliency • Single Sign On Experience – Demo • Tips, Tricks and Best Practices for configuring ADFS with Office 365 • References © Magenic Technologies, Inc. 2011 Confidential and Proprietary Information 2
OFFICE 365 IDENTITY MANAGEMENT © Magenic Technologies, Inc. 2011 Confidential and Proprietary Information 3
What is Identity Management • Identity management deals with identifying individuals in a system and controlling access to the resources in that system • Integral components of identity and access management – Authentication (Verifies who you are) Verifying that a user, device, or service such as an application provided on a network server is the entity that it claims to be – Authorization (Verified what you are authorized to do) Determining which actions an authenticated entity is authorized to perform on the network © Magenic Technologies, Inc. 2011 Confidential and Proprietary Information 4
Identities for Microsoft Cloud Services Microsoft Account Organizational Account Organizational Account Ex: amitc@magenic.com User Microsoft Account e.g. User amitc@onmicrosoft.com or amitc@outlook.com © Magenic Technologies, Inc. 2011 Confidential and Proprietary Information 5
Cloud vs. Federated Identity Cloud Identity • Separate credential from corporate credential • Authentication occurs via cloud directory service • Password policy stored in Office 365 © Magenic Technologies, Inc. 2011 Confidential and Proprietary Information Federated Identity • Same credential as corporate credential • Authentication occurs via on-premises Active Directory service • Password policy is stored on-premises • Requires Directory Synchronization 6
Common Identity platform for Organizational Accounts Windows Azure Active Directory is the underlying identity platform for various cloud services that use Organizational Accounts Windows Azure Active Directory Authentication platform Directory store © Magenic Technologies, Inc. 2011 Confidential and Proprietary Information 7
Core Identity Scenarios with Office 365 Cloud Identity no integration to onpremises directories Directory & Password Synchronization* Federated Identity Integration without federation* Single federated identity and credentials © Magenic Technologies, Inc. 2011 Confidential and Proprietary Information 8
Identity Usage Scenarios Cloud Identity Cloud Identity + DirSync Federated Identity* Scenario • Smaller organizations without on-premises Active Directory • Medium to large organizations with Active Directory on-premises • Large enterprise organizations with Active Directory onpremises Pros • Doesn’t require on-premises server deployment • “Source of Authority” is on-premises Enables co-existence • Single Sign-on experience “Source of Authority” is on-premises Enables co-existence • • • Cons • • • No Single Sign-on No Two factor authentication options 2 sets of credentials to manage with potentially different password policies • • • • © Magenic Technologies, Inc. 2011 Confidential and Proprietary Information No Single Sign-On No 2-Factor Authentication options 2 sets of credentials to manage with potentially different password policies Requires on-premises server deployment • Requires on-premises server deployment in high availability scenario 9
Prepare your Environment • Active Directory Attribute Cleanup – Minimum - User Name, First Name, Last Name, and Display Name – Unsupported characters - Space ( ) @ ‘ | = ? / • Only routable domains can be used with ADFS deployment – Non-routable domains: .local - .loc - .internal • Domain must be added and ownership verified • If organization has AD with only internal namespace, it must: – Add a routable UPN suffix in Active Directory Forests and Trusts. – Configure each user with that routable UserPrincipalName © Magenic Technologies, Inc. 2011 Confidential and Proprietary Information 10
SSL Certificates • Why SSL certificates? – SSO experience; ActiveSync – Secure communications – Auto-discover the Exchange Server • Certificates required for these Office 365 components: – Exchange on-premises – Single sign-on (for both the ADFS federation servers and ADFS federation server proxies) – Auto-discover, Outlook Anywhere, Exchange ActiveSync, and Exchange Web Service (EWS) – Exchange hybrid server © Magenic Technologies, Inc. 2011 Confidential and Proprietary Information 11
Network and Hardware Considerations • Ports and Protocols – Identify the port/protocol requirements for Active Directory, SharePoint, Lync, Exchange, and migration scenarios • Firewall Considerations – Accept connections based on wildcard domain names • Proxy Device Considerations – Allow connections from Microsoft Online Services – URLs • WAN Accelerators – Test and optimize your WAN accelerated proxy device(s) • Hardware and Software Load-Balancing Devices – These are required for single sign-on and Exchange hybrid deployments • Test and optimize your load-balancing device(s) © Magenic Technologies, Inc. 2011 Confidential and Proprietary Information 12
DirSync • • • • • • • • • • • Application that synchronizes on-premises Active Directory with Office 365 x64 application based on FIM Designed as an appliance: “Set it and forget it” Entire Active Directory forest is scoped for synchronization What is synchronized? All user objects All group objects Mail-enabled contact objects Passwords (if you opt to sync passwords too) Synchronization is from on-premises to Office 365 only Synchronization occurs every 3 hours © Magenic Technologies, Inc. 2011 Confidential and Proprietary Information 13
Single Sign On – Server Requirements • • • • • • • • Windows Server 2008/2008 R2 or Windows Server 2012 PowerShell Web Server (IIS) .NET 3.5 SP1 Windows Identity Foundation Publicly registered domain name SSL Trusted Public Certificates Windows Azure Active Directory Module for Windows PowerShell – Microsoft Online Sign In Assistant • High-availability design © Magenic Technologies, Inc. 2011 Confidential and Proprietary Information 14
Deploying ADFS 2.0 for SSO • Deploy ADFS Server AD FS 2.x Server • Default topology for Office 365 is an AD FS 2.x federation server farm that consists of multiple servers hosting your organization’s Federation Service • Recommend using at least two federation servers in a load-balanced configuration • Deploy ADFS Server Proxy AD FS 2.x Proxy Server • Federation server proxies are used to redirect client authentication requests coming from outside your corporate network to the federation server farm • Federation server proxies should be deployed in the DMZ © Magenic Technologies, Inc. 2011 Confidential and Proprietary Information 15
Preparing to deploy ADFS Active Directory running in Windows Server 2003, Windows Server 2008, or Windows Server 2008 R2 with a functional level of mixed or native mode AD FS 2.x deployed on Windows Server 2008/R2 or Windows Server 2012 AD FS 2.x Proxy deployed, if some users are connecting from outside the company’s network Windows Azure Active Directory Module for Windows PowerShell to establish a trust with Office 365 Required updates installed for Office 365 A unique third-party certificate when installing and configuring federation servers and federation server proxies © Magenic Technologies, Inc. 2011 Confidential and Proprietary Information 16
ADFS Certs • • • Service communication certificate – AD FS uses this certificate to enable HTTPS which is a requirement for traffic to and from the federation server and federation server proxies ( to secure communication) So it is basically a SSL certificate which needs to be installed on the IIS for each federation server and federation server proxy Token signing certificate – AD FS uses this certificate to digitally sign outgoing AD FS tokens. This is not used to secure data but in fact it is used to ensure the integrity of the security tokens as they pass between the federation servers and application server via the client computer. Token decrypting certificate – AD FS 2.0 and above has the ability to encrypt the contents of the AD FS tokens. This is in addition to having these tokens signed by the server's token signing certificate. © Magenic Technologies, Inc. 2011 Confidential and Proprietary Information 17
ADFS solution © Magenic Technologies, Inc. 2011 Confidential and Proprietary Information 18
Federation using PowerShell Command Description $cred=Get-Credential Prompt for Office 365 credentials and store them in a variable Connect-MsolService –Credential $cred Connect to Office 365 using stored credentials Set-MSOLAdfscontext -Computer <AD FS 2.x primary server> Specify the local AD FS 2.x Server Convert-MSOLDomainToFederated – Domainname <domain.com> Get-MSOLFederationProperty Convert the standard local domain to an Identity Federated Domain Show Identity Federation Proprieties © Magenic Technologies, Inc. 2011 Confidential and Proprietary Information 19
ADFS Farm Architecture – WID vs. SQL WID Advantages WID Disadvantages Very easy to setup and implement Supports up to five federation servers in a farm Load balancing and fault tolerance is possible if setup as a farm. SAML artifact resolution and SAML/WSFederation token replay detection feature is not available Supports multiple Federation Servers in a farm (limits to 5 federation server in a farm) It is not supported if there is more than 100 claim trust providers trust or more than 100 relying party trusts. © Magenic Technologies, Inc. 2011 Confidential and Proprietary Information 20
ADFS Farm Architecture – WID vs. SQL contd… SQL Advantages SQL Disadvantages Supports multiple federation servers (not subject to the limitation of WID) Additional setup complexities. Require PowerShell to install it Load balancing and fault tolerance SQL cluster introduces another potential point of failure Easily Scalable SQL server must be performing well to service requests © Magenic Technologies, Inc. 2011 Confidential and Proprietary Information 21
ADFS High Availability and High Resiliency © Magenic Technologies, Inc. 2011 Confidential and Proprietary Information 22
Single Sign On Experience Demo © Magenic Technologies, Inc. 2011 Confidential and Proprietary Information 23
TIPS, TRICKS AND BEST PRACTICES FOR ADFS WITH O365 © Magenic Technologies, Inc. 2011 Confidential and Proprietary Information 24
OnRamp tool • OnRamp tool may give you errors and warnings which might not be applicable to your configuration. In most cases, you can ignore these errors and continue with ADFS Set up. © Magenic Technologies, Inc. 2011 Confidential and Proprietary Information 25
OnRamp tool © Magenic Technologies, Inc. 2011 Confidential and Proprietary Information 26
DirSync Tool Install DirSync tool installation may fail the first time when you run the installer in Windows Server 2012. Logs mention that a local security group (FlMSyncAdmins) is configured on the system during the installation, but the user doesn't have rights for that group membership because the user needs to log off. © Magenic Technologies, Inc. 2011 Confidential and Proprietary Information 27
DirSync Tool Re-Install Uninstall DirSync tool, Reboot the system afterwards and rerun the installation. This time it should go through and locate the existing FIM groups created in first run of the install and will successfully complete the installation. © Magenic Technologies, Inc. 2011 Confidential and Proprietary Information 28
Dedicated “Service” Account in O365 for DirSync Use a dedicated Microsoft cloud identity account as a “service” account (global administrator) for DirSync. By default, Azure automatically requires a password update every 90 days, but we should turn off the Password expiration for this account using Windows Azure Active Directory Module for Windows PowerShell, otherwise DirSync will break every 90 days. Set-MsolUser -UserPrincipalName user@domain.onmicrosoft.com PasswordNeverExpires $true © Magenic Technologies, Inc. 2011 Confidential and Proprietary Information 29
Understand the Rollback mechanism (unfederation) Understand how un-federation works and how and what does it affect in O365 and in your underlying Active Directory. © Magenic Technologies, Inc. 2011 Confidential and Proprietary Information 30
Unfederation Convert-MSOLDomainToStandard –DomainName mydomain – SkipUserConversion $false -PasswordFile c:tempuserpasswords.txt The password file stores all the temporary passwords assigned to the user accounts after federation is removed. © Magenic Technologies, Inc. 2011 Confidential and Proprietary Information 31
Plan ahead to test the configuration with a trial version • No easy way to do a trial of federation in Office 365, so plan ahead on testing with a trial version of O365, a test domain and dedicated test infrastructure. • It is strongly recommended to test it before you federate your production domain with O365. © Magenic Technologies, Inc. 2011 Confidential and Proprietary Information 32
Tips and Tricks for ADFS setup contd… • For full single sign on experience you need to implement a split DNS configuration so that external users are treated differently from internal users on the corporate network for security reasons. • It is strongly recommended to use a public facing SSL certificate for configuring Outlook clients using Microsoft autodiscover. • Office 365 Single Sign On experience works best with Internet Explorer. Other browsers may have varying experience. • You must set a group policy to have the federation service URL in the Local Intranet sites in IE. This is to allow IE’s windows integrated authentication to work seamlessly with ADFS. • Make sure you validate that the documentation you got on internet sites (sometimes even TechNet) is currently applicable to the Office 365 version you are working with. • Use the GUI tool Synchronization Service Manager after you have installed DirSync to monitor the synchronization. © Magenic Technologies, Inc. 2011 Confidential and Proprietary Information 33
References • • • • • Checklist: Setting Up a Federation Server Windows Server 2012 AD FS Deployment Guide FAQ on ADFS AD FS Troubleshooting Converting from SSO domain to Non-Federated © Magenic Technologies, Inc. 2011 Confidential and Proprietary Information 34
Questions? © Magenic Technologies, Inc. 2011 Confidential and Proprietary Information 35

Recomendados

Directory Synchronization Single Sign-On in Office 365
Directory Synchronization Single Sign-On in Office 365Directory Synchronization Single Sign-On in Office 365
Directory Synchronization Single Sign-On in Office 365InnoTech
 
How to provide AD, ADFS, DirSync in Windows Azure and hook it up with Office 365
How to provide AD, ADFS, DirSync in Windows Azure and hook it up with Office 365How to provide AD, ADFS, DirSync in Windows Azure and hook it up with Office 365
How to provide AD, ADFS, DirSync in Windows Azure and hook it up with Office 365Microsoft TechNet - Belgium and Luxembourg
 
OFM AIA FP Implementation View and Case Study
OFM AIA FP Implementation View and Case StudyOFM AIA FP Implementation View and Case Study
OFM AIA FP Implementation View and Case StudySreenivasa Setty
 
Adfs azure
Adfs azureAdfs azure
Adfs azureJethro Seghers
 
Adfs Shib Interop Um Oxford
Adfs Shib Interop Um OxfordAdfs Shib Interop Um Oxford
Adfs Shib Interop Um Oxfordguestd9aa5
 
The Who, What, Why and How of Active Directory Federation Services (AD FS)
The Who, What, Why and How of Active Directory Federation Services (AD FS)The Who, What, Why and How of Active Directory Federation Services (AD FS)
The Who, What, Why and How of Active Directory Federation Services (AD FS)Jay Simcox
 
Office 365 Identity Management options
Office 365 Identity Management options Office 365 Identity Management options
Office 365 Identity Management options Microsoft TechNet - Belgium and Luxembourg
 
Raymond Comvalius & Sander Berkouwer - Bring your own device essentials with ...
Raymond Comvalius & Sander Berkouwer - Bring your own device essentials with ...Raymond Comvalius & Sander Berkouwer - Bring your own device essentials with ...
Raymond Comvalius & Sander Berkouwer - Bring your own device essentials with ...Nordic Infrastructure Conference
 

Recomendados

Directory Synchronization Single Sign-On in Office 365
Directory Synchronization Single Sign-On in Office 365Directory Synchronization Single Sign-On in Office 365
Directory Synchronization Single Sign-On in Office 365InnoTech
 
How to provide AD, ADFS, DirSync in Windows Azure and hook it up with Office 365
How to provide AD, ADFS, DirSync in Windows Azure and hook it up with Office 365How to provide AD, ADFS, DirSync in Windows Azure and hook it up with Office 365
How to provide AD, ADFS, DirSync in Windows Azure and hook it up with Office 365Microsoft TechNet - Belgium and Luxembourg
 
OFM AIA FP Implementation View and Case Study
OFM AIA FP Implementation View and Case StudyOFM AIA FP Implementation View and Case Study
OFM AIA FP Implementation View and Case StudySreenivasa Setty
 
Adfs azure
Adfs azureAdfs azure
Adfs azureJethro Seghers
 
Adfs Shib Interop Um Oxford
Adfs Shib Interop Um OxfordAdfs Shib Interop Um Oxford
Adfs Shib Interop Um Oxfordguestd9aa5
 
The Who, What, Why and How of Active Directory Federation Services (AD FS)
The Who, What, Why and How of Active Directory Federation Services (AD FS)The Who, What, Why and How of Active Directory Federation Services (AD FS)
The Who, What, Why and How of Active Directory Federation Services (AD FS)Jay Simcox
 
Office 365 Identity Management options
Office 365 Identity Management options Office 365 Identity Management options
Office 365 Identity Management options Microsoft TechNet - Belgium and Luxembourg
 
Raymond Comvalius & Sander Berkouwer - Bring your own device essentials with ...
Raymond Comvalius & Sander Berkouwer - Bring your own device essentials with ...Raymond Comvalius & Sander Berkouwer - Bring your own device essentials with ...
Raymond Comvalius & Sander Berkouwer - Bring your own device essentials with ...Nordic Infrastructure Conference
 
Ad fs
Ad fsAd fs
Ad fsIván Sanchez Vera
 
Brian Desmond - Identity and directory synchronization with office 365 and wi...
Brian Desmond - Identity and directory synchronization with office 365 and wi...Brian Desmond - Identity and directory synchronization with office 365 and wi...
Brian Desmond - Identity and directory synchronization with office 365 and wi...Nordic Infrastructure Conference
 
SharePoint 2013 and ADFS
SharePoint 2013 and ADFSSharePoint 2013 and ADFS
SharePoint 2013 and ADFSNatallia Makarevich
 
Identity and o365 on Azure
Identity and o365 on AzureIdentity and o365 on Azure
Identity and o365 on AzureMostafa
 
Understanding SharePoint Apps, authentication and authorization infrastructur...
Understanding SharePoint Apps, authentication and authorization infrastructur...Understanding SharePoint Apps, authentication and authorization infrastructur...
Understanding SharePoint Apps, authentication and authorization infrastructur...SPC Adriatics
 
EWUG - Azure AD Pass-through Authentication and Seamless Single Sign-On
EWUG - Azure AD Pass-through Authentication and Seamless Single Sign-OnEWUG - Azure AD Pass-through Authentication and Seamless Single Sign-On
EWUG - Azure AD Pass-through Authentication and Seamless Single Sign-OnPeter Selch Dahl
 
Integrating your on-premises Active Directory with Azure and Office 365
Integrating your on-premises Active Directory with Azure and Office 365Integrating your on-premises Active Directory with Azure and Office 365
Integrating your on-premises Active Directory with Azure and Office 365nelmedia
 
Office 365 identity
Office 365 identityOffice 365 identity
Office 365 identityMotty Ben Atia
 
[Toroman/Kranjac] Red Team vs. Blue Team in Microsoft Cloud
[Toroman/Kranjac] Red Team vs. Blue Team in Microsoft Cloud[Toroman/Kranjac] Red Team vs. Blue Team in Microsoft Cloud
[Toroman/Kranjac] Red Team vs. Blue Team in Microsoft CloudEuropean Collaboration Summit
 
Get your site microsoft edge ready
Get your site microsoft edge readyGet your site microsoft edge ready
Get your site microsoft edge readyMostafa
 
Windows Azure Active Directory
Windows Azure Active DirectoryWindows Azure Active Directory
Windows Azure Active DirectoryPavel Revenkov
 
Identity Management in SharePoint 2013
Identity Management in SharePoint 2013Identity Management in SharePoint 2013
Identity Management in SharePoint 2013SPC Adriatics
 
Microsoft Azure Identity and O365
Microsoft Azure Identity and O365Microsoft Azure Identity and O365
Microsoft Azure Identity and O365Kris Wagner
 
Office 365: Do’s and Don’ts, Lessons learned from the field
Office 365: Do’s and Don’ts, Lessons learned from the fieldOffice 365: Do’s and Don’ts, Lessons learned from the field
Office 365: Do’s and Don’ts, Lessons learned from the fieldMicrosoft TechNet - Belgium and Luxembourg
 
ADFS + IAM
ADFS + IAMADFS + IAM
ADFS + IAMRichard Harvey
 
Understanding Azure AD
Understanding Azure ADUnderstanding Azure AD
Understanding Azure ADNew Horizons Ireland
 
SPIntersection 2016 - TO THE CLOUD! USING IAAS AS A HOSTING PROVIDER FOR SHAR...
SPIntersection 2016 - TO THE CLOUD! USING IAAS AS A HOSTING PROVIDER FOR SHAR...SPIntersection 2016 - TO THE CLOUD! USING IAAS AS A HOSTING PROVIDER FOR SHAR...
SPIntersection 2016 - TO THE CLOUD! USING IAAS AS A HOSTING PROVIDER FOR SHAR...Scott Hoag
 
2. Day 2 - Identify and SSO
2. Day 2 - Identify and SSO2. Day 2 - Identify and SSO
2. Day 2 - Identify and SSOHuy Pham
 
Deploying an Extranet on SharePoint
Deploying an Extranet on SharePointDeploying an Extranet on SharePoint
Deploying an Extranet on SharePointAlan Marshall
 
SPIntersection 2016 - MICROSOFT CLOUD IDENTITIES IN AZURE AND OFFICE 365
SPIntersection 2016 - MICROSOFT CLOUD IDENTITIES IN AZURE AND OFFICE 365SPIntersection 2016 - MICROSOFT CLOUD IDENTITIES IN AZURE AND OFFICE 365
SPIntersection 2016 - MICROSOFT CLOUD IDENTITIES IN AZURE AND OFFICE 365Scott Hoag
 
Aboutsip - SIP Routing
Aboutsip - SIP RoutingAboutsip - SIP Routing
Aboutsip - SIP RoutingJonas Borjesson
 
What is the future of etl tools like ab initio
What is the future of etl tools like ab initioWhat is the future of etl tools like ab initio
What is the future of etl tools like ab initiomaxonlinetr
 

Más contenido relacionado

La actualidad más candente

Brian Desmond - Identity and directory synchronization with office 365 and wi...
Brian Desmond - Identity and directory synchronization with office 365 and wi...Brian Desmond - Identity and directory synchronization with office 365 and wi...
Brian Desmond - Identity and directory synchronization with office 365 and wi...Nordic Infrastructure Conference
 
Identity and o365 on Azure
Identity and o365 on AzureIdentity and o365 on Azure
Identity and o365 on AzureMostafa
 
Understanding SharePoint Apps, authentication and authorization infrastructur...
Understanding SharePoint Apps, authentication and authorization infrastructur...Understanding SharePoint Apps, authentication and authorization infrastructur...
Understanding SharePoint Apps, authentication and authorization infrastructur...SPC Adriatics
 
EWUG - Azure AD Pass-through Authentication and Seamless Single Sign-On
EWUG - Azure AD Pass-through Authentication and Seamless Single Sign-OnEWUG - Azure AD Pass-through Authentication and Seamless Single Sign-On
EWUG - Azure AD Pass-through Authentication and Seamless Single Sign-OnPeter Selch Dahl
 
Integrating your on-premises Active Directory with Azure and Office 365
Integrating your on-premises Active Directory with Azure and Office 365Integrating your on-premises Active Directory with Azure and Office 365
Integrating your on-premises Active Directory with Azure and Office 365nelmedia
 
[Toroman/Kranjac] Red Team vs. Blue Team in Microsoft Cloud
[Toroman/Kranjac] Red Team vs. Blue Team in Microsoft Cloud[Toroman/Kranjac] Red Team vs. Blue Team in Microsoft Cloud
[Toroman/Kranjac] Red Team vs. Blue Team in Microsoft CloudEuropean Collaboration Summit
 
Get your site microsoft edge ready
Get your site microsoft edge readyGet your site microsoft edge ready
Get your site microsoft edge readyMostafa
 
Windows Azure Active Directory
Windows Azure Active DirectoryWindows Azure Active Directory
Windows Azure Active DirectoryPavel Revenkov
 
Identity Management in SharePoint 2013
Identity Management in SharePoint 2013Identity Management in SharePoint 2013
Identity Management in SharePoint 2013SPC Adriatics
 
Microsoft Azure Identity and O365
Microsoft Azure Identity and O365Microsoft Azure Identity and O365
Microsoft Azure Identity and O365Kris Wagner
 
SPIntersection 2016 - TO THE CLOUD! USING IAAS AS A HOSTING PROVIDER FOR SHAR...
SPIntersection 2016 - TO THE CLOUD! USING IAAS AS A HOSTING PROVIDER FOR SHAR...SPIntersection 2016 - TO THE CLOUD! USING IAAS AS A HOSTING PROVIDER FOR SHAR...
SPIntersection 2016 - TO THE CLOUD! USING IAAS AS A HOSTING PROVIDER FOR SHAR...Scott Hoag
 
2. Day 2 - Identify and SSO
2. Day 2 - Identify and SSO2. Day 2 - Identify and SSO
2. Day 2 - Identify and SSOHuy Pham
 
Deploying an Extranet on SharePoint
Deploying an Extranet on SharePointDeploying an Extranet on SharePoint
Deploying an Extranet on SharePointAlan Marshall
 
SPIntersection 2016 - MICROSOFT CLOUD IDENTITIES IN AZURE AND OFFICE 365
SPIntersection 2016 - MICROSOFT CLOUD IDENTITIES IN AZURE AND OFFICE 365SPIntersection 2016 - MICROSOFT CLOUD IDENTITIES IN AZURE AND OFFICE 365
SPIntersection 2016 - MICROSOFT CLOUD IDENTITIES IN AZURE AND OFFICE 365Scott Hoag
 

La actualidad más candente (20)

Ad fs
Ad fsAd fs
Ad fs
 
Brian Desmond - Identity and directory synchronization with office 365 and wi...
Brian Desmond - Identity and directory synchronization with office 365 and wi...Brian Desmond - Identity and directory synchronization with office 365 and wi...
Brian Desmond - Identity and directory synchronization with office 365 and wi...
 
SharePoint 2013 and ADFS
SharePoint 2013 and ADFSSharePoint 2013 and ADFS
SharePoint 2013 and ADFS
 
Identity and o365 on Azure
Identity and o365 on AzureIdentity and o365 on Azure
Identity and o365 on Azure
 
Understanding SharePoint Apps, authentication and authorization infrastructur...
Understanding SharePoint Apps, authentication and authorization infrastructur...Understanding SharePoint Apps, authentication and authorization infrastructur...
Understanding SharePoint Apps, authentication and authorization infrastructur...
 
EWUG - Azure AD Pass-through Authentication and Seamless Single Sign-On
EWUG - Azure AD Pass-through Authentication and Seamless Single Sign-OnEWUG - Azure AD Pass-through Authentication and Seamless Single Sign-On
EWUG - Azure AD Pass-through Authentication and Seamless Single Sign-On
 
Integrating your on-premises Active Directory with Azure and Office 365
Integrating your on-premises Active Directory with Azure and Office 365Integrating your on-premises Active Directory with Azure and Office 365
Integrating your on-premises Active Directory with Azure and Office 365
 
Office 365 identity
Office 365 identityOffice 365 identity
Office 365 identity
 
[Toroman/Kranjac] Red Team vs. Blue Team in Microsoft Cloud
[Toroman/Kranjac] Red Team vs. Blue Team in Microsoft Cloud[Toroman/Kranjac] Red Team vs. Blue Team in Microsoft Cloud
[Toroman/Kranjac] Red Team vs. Blue Team in Microsoft Cloud
 
Get your site microsoft edge ready
Get your site microsoft edge readyGet your site microsoft edge ready
Get your site microsoft edge ready
 
Windows Azure Active Directory
Windows Azure Active DirectoryWindows Azure Active Directory
Windows Azure Active Directory
 
Identity Management in SharePoint 2013
Identity Management in SharePoint 2013Identity Management in SharePoint 2013
Identity Management in SharePoint 2013
 
Microsoft Azure Identity and O365
Microsoft Azure Identity and O365Microsoft Azure Identity and O365
Microsoft Azure Identity and O365
 
Office 365: Do’s and Don’ts, Lessons learned from the field
Office 365: Do’s and Don’ts, Lessons learned from the fieldOffice 365: Do’s and Don’ts, Lessons learned from the field
Office 365: Do’s and Don’ts, Lessons learned from the field
 
ADFS + IAM
ADFS + IAMADFS + IAM
ADFS + IAM
 
Understanding Azure AD
Understanding Azure ADUnderstanding Azure AD
Understanding Azure AD
 
SPIntersection 2016 - TO THE CLOUD! USING IAAS AS A HOSTING PROVIDER FOR SHAR...
SPIntersection 2016 - TO THE CLOUD! USING IAAS AS A HOSTING PROVIDER FOR SHAR...SPIntersection 2016 - TO THE CLOUD! USING IAAS AS A HOSTING PROVIDER FOR SHAR...
SPIntersection 2016 - TO THE CLOUD! USING IAAS AS A HOSTING PROVIDER FOR SHAR...
 
2. Day 2 - Identify and SSO
2. Day 2 - Identify and SSO2. Day 2 - Identify and SSO
2. Day 2 - Identify and SSO
 
Deploying an Extranet on SharePoint
Deploying an Extranet on SharePointDeploying an Extranet on SharePoint
Deploying an Extranet on SharePoint
 
SPIntersection 2016 - MICROSOFT CLOUD IDENTITIES IN AZURE AND OFFICE 365
SPIntersection 2016 - MICROSOFT CLOUD IDENTITIES IN AZURE AND OFFICE 365SPIntersection 2016 - MICROSOFT CLOUD IDENTITIES IN AZURE AND OFFICE 365
SPIntersection 2016 - MICROSOFT CLOUD IDENTITIES IN AZURE AND OFFICE 365
 

Destacado

What is the future of etl tools like ab initio
What is the future of etl tools like ab initioWhat is the future of etl tools like ab initio
What is the future of etl tools like ab initiomaxonlinetr
 
Optimization Analysis Case Example
Optimization Analysis Case ExampleOptimization Analysis Case Example
Optimization Analysis Case Examplebjk002
 
Real-time, Sensor-based Monitoring of Shipping Containers
Real-time, Sensor-based Monitoring of Shipping ContainersReal-time, Sensor-based Monitoring of Shipping Containers
Real-time, Sensor-based Monitoring of Shipping Containersbenaam
 
Designing your Product as a Platform
Designing your Product as a PlatformDesigning your Product as a Platform
Designing your Product as a PlatformMicah Laaker
 
Pilling and abrasion Testing of fabrics
Pilling and abrasion Testing of fabricsPilling and abrasion Testing of fabrics
Pilling and abrasion Testing of fabricsChaitanya Chaudhary
 
Chapter 1 modes of international trade transactions
Chapter 1 modes of international trade transactionsChapter 1 modes of international trade transactions
Chapter 1 modes of international trade transactionsDao Hoa
 
Revenue assurance 101
Revenue assurance 101Revenue assurance 101
Revenue assurance 101ntel
 
XRF Theory and Application
XRF Theory and ApplicationXRF Theory and Application
XRF Theory and ApplicationSirwan Hasan
 
Acquisition Candidate Analysis
Acquisition Candidate AnalysisAcquisition Candidate Analysis
Acquisition Candidate AnalysisJohn Mecke
 
Textile management system review iii
Textile management system review iiiTextile management system review iii
Textile management system review iiiAntony Alex
 
Branding in Pharmaceuticals
Branding in PharmaceuticalsBranding in Pharmaceuticals
Branding in PharmaceuticalsSheraz Pervaiz
 
Metadata in data warehouse
Metadata in data warehouseMetadata in data warehouse
Metadata in data warehouseSiddique Ibrahim
 

Destacado (20)

Aboutsip - SIP Routing
Aboutsip - SIP RoutingAboutsip - SIP Routing
Aboutsip - SIP Routing
 
What is the future of etl tools like ab initio
What is the future of etl tools like ab initioWhat is the future of etl tools like ab initio
What is the future of etl tools like ab initio
 
Tanglewood 3
Tanglewood 3Tanglewood 3
Tanglewood 3
 
Optimization Analysis Case Example
Optimization Analysis Case ExampleOptimization Analysis Case Example
Optimization Analysis Case Example
 
The welch way
The welch wayThe welch way
The welch way
 
Teamcenter – sap integration gateway
Teamcenter – sap integration gatewayTeamcenter – sap integration gateway
Teamcenter – sap integration gateway
 
Advanced Work Packaging in Construction: An Introduction
Advanced Work Packaging in Construction: An IntroductionAdvanced Work Packaging in Construction: An Introduction
Advanced Work Packaging in Construction: An Introduction
 
Hedge Fund Strategies: Credit Funds
Hedge Fund Strategies: Credit FundsHedge Fund Strategies: Credit Funds
Hedge Fund Strategies: Credit Funds
 
Real-time, Sensor-based Monitoring of Shipping Containers
Real-time, Sensor-based Monitoring of Shipping ContainersReal-time, Sensor-based Monitoring of Shipping Containers
Real-time, Sensor-based Monitoring of Shipping Containers
 
Designing your Product as a Platform
Designing your Product as a PlatformDesigning your Product as a Platform
Designing your Product as a Platform
 
Pilling and abrasion Testing of fabrics
Pilling and abrasion Testing of fabricsPilling and abrasion Testing of fabrics
Pilling and abrasion Testing of fabrics
 
Shear centre
Shear centreShear centre
Shear centre
 
Chapter 1 modes of international trade transactions
Chapter 1 modes of international trade transactionsChapter 1 modes of international trade transactions
Chapter 1 modes of international trade transactions
 
Revenue assurance 101
Revenue assurance 101Revenue assurance 101
Revenue assurance 101
 
XRF Theory and Application
XRF Theory and ApplicationXRF Theory and Application
XRF Theory and Application
 
One Page Talent Management
One Page Talent ManagementOne Page Talent Management
One Page Talent Management
 
Acquisition Candidate Analysis
Acquisition Candidate AnalysisAcquisition Candidate Analysis
Acquisition Candidate Analysis
 
Textile management system review iii
Textile management system review iiiTextile management system review iii
Textile management system review iii
 
Branding in Pharmaceuticals
Branding in PharmaceuticalsBranding in Pharmaceuticals
Branding in Pharmaceuticals
 
Metadata in data warehouse
Metadata in data warehouseMetadata in data warehouse
Metadata in data warehouse
 

Similar a Office 365-single-sign-on-with-adfs

Understanding Office 365’s Identity Solutions: Deep Dive - EPC Group
Understanding Office 365’s Identity Solutions: Deep Dive - EPC GroupUnderstanding Office 365’s Identity Solutions: Deep Dive - EPC Group
Understanding Office 365’s Identity Solutions: Deep Dive - EPC GroupEPC Group
 
Understanding Identity Management with Office 365
Understanding Identity Management with Office 365Understanding Identity Management with Office 365
Understanding Identity Management with Office 365Perficient, Inc.
 
SharePoint Fest Chicago 2014 - Anatomy of SharePoint and Office 365 Hybrid De...
SharePoint Fest Chicago 2014 - Anatomy of SharePoint and Office 365 Hybrid De...SharePoint Fest Chicago 2014 - Anatomy of SharePoint and Office 365 Hybrid De...
SharePoint Fest Chicago 2014 - Anatomy of SharePoint and Office 365 Hybrid De...Nik Patel
 
O365con14 - moving from on-premises to online, the road to follow
O365con14 - moving from on-premises to online, the road to followO365con14 - moving from on-premises to online, the road to follow
O365con14 - moving from on-premises to online, the road to followNCCOMMS
 
O365-AzureAD Identity management
O365-AzureAD Identity managementO365-AzureAD Identity management
O365-AzureAD Identity managementDavid Pechon
 
Identity Management for Office 365 and Microsoft Azure
Identity Management for Office 365 and Microsoft AzureIdentity Management for Office 365 and Microsoft Azure
Identity Management for Office 365 and Microsoft AzureSparkhound Inc.
 
Share point 2013 in a hybrid world
Share point 2013 in a hybrid worldShare point 2013 in a hybrid world
Share point 2013 in a hybrid worldJethro Seghers
 
SPSVB - Office 365 and Cloud Identity - What Does It Mean for Me?
SPSVB - Office 365 and Cloud Identity - What Does It Mean for Me?SPSVB - Office 365 and Cloud Identity - What Does It Mean for Me?
SPSVB - Office 365 and Cloud Identity - What Does It Mean for Me?Scott Hoag
 
Premier Webcast - Identity Management with Windows Azure AD
Premier Webcast - Identity Management with Windows Azure ADPremier Webcast - Identity Management with Windows Azure AD
Premier Webcast - Identity Management with Windows Azure ADuberbaum
 
Hybrid SharePoint - Office 365 & On-prem SharePoint 2013 -part2
Hybrid SharePoint - Office 365 & On-prem SharePoint 2013 -part2Hybrid SharePoint - Office 365 & On-prem SharePoint 2013 -part2
Hybrid SharePoint - Office 365 & On-prem SharePoint 2013 -part2WinWire Technologies Inc
 
Supporting architecture office 365 on windows azure
Supporting architecture office 365 on windows azure Supporting architecture office 365 on windows azure
Supporting architecture office 365 on windows azure Jethro Seghers
 
Supporting architecture office 365 on windows azure
Supporting architecture office 365 on windows azure Supporting architecture office 365 on windows azure
Supporting architecture office 365 on windows azure Jethro Seghers
 
04_Extending and Securing Enterprise Applications in Microsoft Azure_GAB2019
04_Extending and Securing Enterprise Applications in Microsoft Azure_GAB201904_Extending and Securing Enterprise Applications in Microsoft Azure_GAB2019
04_Extending and Securing Enterprise Applications in Microsoft Azure_GAB2019Kumton Suttiraksiri
 
1. Day 1 - Office 365 Trainning
1. Day 1 - Office 365 Trainning1. Day 1 - Office 365 Trainning
1. Day 1 - Office 365 TrainningHuy Pham
 
Azure Community Tour 2019 - AZUGDK
Azure Community Tour 2019 - AZUGDKAzure Community Tour 2019 - AZUGDK
Azure Community Tour 2019 - AZUGDKPeter Selch Dahl
 
SYDSP - Office 365 and Cloud Identity - What does it mean for me?
SYDSP - Office 365 and Cloud Identity - What does it mean for me?SYDSP - Office 365 and Cloud Identity - What does it mean for me?
SYDSP - Office 365 and Cloud Identity - What does it mean for me?Scott Hoag
 
JAXSPUG January 2016 - Microsoft Cloud Identities in Azure and Office 365
JAXSPUG January 2016 - Microsoft Cloud Identities in Azure and Office 365JAXSPUG January 2016 - Microsoft Cloud Identities in Azure and Office 365
JAXSPUG January 2016 - Microsoft Cloud Identities in Azure and Office 365Scott Hoag
 
SPCA2013 - It’s Me, and Here’s My ProofIdentity & Authentication in SharePoin...
SPCA2013 - It’s Me, and Here’s My ProofIdentity & Authentication in SharePoin...SPCA2013 - It’s Me, and Here’s My ProofIdentity & Authentication in SharePoin...
SPCA2013 - It’s Me, and Here’s My ProofIdentity & Authentication in SharePoin...NCCOMMS
 
AD Basic and Azure AD.pptx
AD Basic and Azure AD.pptxAD Basic and Azure AD.pptx
AD Basic and Azure AD.pptxSumTingWong8
 

Similar a Office 365-single-sign-on-with-adfs (20)

Understanding Office 365’s Identity Solutions: Deep Dive - EPC Group
Understanding Office 365’s Identity Solutions: Deep Dive - EPC GroupUnderstanding Office 365’s Identity Solutions: Deep Dive - EPC Group
Understanding Office 365’s Identity Solutions: Deep Dive - EPC Group
 
Understanding Identity Management with Office 365
Understanding Identity Management with Office 365Understanding Identity Management with Office 365
Understanding Identity Management with Office 365
 
SharePoint Fest Chicago 2014 - Anatomy of SharePoint and Office 365 Hybrid De...
SharePoint Fest Chicago 2014 - Anatomy of SharePoint and Office 365 Hybrid De...SharePoint Fest Chicago 2014 - Anatomy of SharePoint and Office 365 Hybrid De...
SharePoint Fest Chicago 2014 - Anatomy of SharePoint and Office 365 Hybrid De...
 
O365con14 - moving from on-premises to online, the road to follow
O365con14 - moving from on-premises to online, the road to followO365con14 - moving from on-premises to online, the road to follow
O365con14 - moving from on-premises to online, the road to follow
 
O365-AzureAD Identity management
O365-AzureAD Identity managementO365-AzureAD Identity management
O365-AzureAD Identity management
 
Identity Management for Office 365 and Microsoft Azure
Identity Management for Office 365 and Microsoft AzureIdentity Management for Office 365 and Microsoft Azure
Identity Management for Office 365 and Microsoft Azure
 
Share point 2013 in a hybrid world
Share point 2013 in a hybrid worldShare point 2013 in a hybrid world
Share point 2013 in a hybrid world
 
SPSVB - Office 365 and Cloud Identity - What Does It Mean for Me?
SPSVB - Office 365 and Cloud Identity - What Does It Mean for Me?SPSVB - Office 365 and Cloud Identity - What Does It Mean for Me?
SPSVB - Office 365 and Cloud Identity - What Does It Mean for Me?
 
Premier Webcast - Identity Management with Windows Azure AD
Premier Webcast - Identity Management with Windows Azure ADPremier Webcast - Identity Management with Windows Azure AD
Premier Webcast - Identity Management with Windows Azure AD
 
Hybrid SharePoint - Office 365 & On-prem SharePoint 2013 -part2
Hybrid SharePoint - Office 365 & On-prem SharePoint 2013 -part2Hybrid SharePoint - Office 365 & On-prem SharePoint 2013 -part2
Hybrid SharePoint - Office 365 & On-prem SharePoint 2013 -part2
 
Supporting architecture office 365 on windows azure
Supporting architecture office 365 on windows azure Supporting architecture office 365 on windows azure
Supporting architecture office 365 on windows azure
 
Supporting architecture office 365 on windows azure
Supporting architecture office 365 on windows azure Supporting architecture office 365 on windows azure
Supporting architecture office 365 on windows azure
 
04_Extending and Securing Enterprise Applications in Microsoft Azure_GAB2019
04_Extending and Securing Enterprise Applications in Microsoft Azure_GAB201904_Extending and Securing Enterprise Applications in Microsoft Azure_GAB2019
04_Extending and Securing Enterprise Applications in Microsoft Azure_GAB2019
 
1. Day 1 - Office 365 Trainning
1. Day 1 - Office 365 Trainning1. Day 1 - Office 365 Trainning
1. Day 1 - Office 365 Trainning
 
Azure Community Tour 2019 - AZUGDK
Azure Community Tour 2019 - AZUGDKAzure Community Tour 2019 - AZUGDK
Azure Community Tour 2019 - AZUGDK
 
SYDSP - Office 365 and Cloud Identity - What does it mean for me?
SYDSP - Office 365 and Cloud Identity - What does it mean for me?SYDSP - Office 365 and Cloud Identity - What does it mean for me?
SYDSP - Office 365 and Cloud Identity - What does it mean for me?
 
Mojemoje
MojemojeMojemoje
Mojemoje
 
JAXSPUG January 2016 - Microsoft Cloud Identities in Azure and Office 365
JAXSPUG January 2016 - Microsoft Cloud Identities in Azure and Office 365JAXSPUG January 2016 - Microsoft Cloud Identities in Azure and Office 365
JAXSPUG January 2016 - Microsoft Cloud Identities in Azure and Office 365
 
SPCA2013 - It’s Me, and Here’s My ProofIdentity & Authentication in SharePoin...
SPCA2013 - It’s Me, and Here’s My ProofIdentity & Authentication in SharePoin...SPCA2013 - It’s Me, and Here’s My ProofIdentity & Authentication in SharePoin...
SPCA2013 - It’s Me, and Here’s My ProofIdentity & Authentication in SharePoin...
 
AD Basic and Azure AD.pptx
AD Basic and Azure AD.pptxAD Basic and Azure AD.pptx
AD Basic and Azure AD.pptx
 

Último

Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxhariprasad279825
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionDilum Bandara
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxLoriGlavin3
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsNathaniel Shimoni
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningLars Bell
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfLoriGlavin3
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Manik S Magar
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxLoriGlavin3
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersRaghuram Pandurangan
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxunit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxBkGupta21
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 

Último (20)

Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An Introduction
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptx
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directions
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine Tuning
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdf
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information Developers
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxunit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptx
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 

Office 365-single-sign-on-with-adfs

  • 1. Single Sign on with Active Directory Federation in Office 365/SharePoint Online Presented by: Amit Chachra, Principal Lead Consultant with Magenic Allen Yu, Senior Systems Engineer with WCIRB of California © Magenic Technologies, Inc. 2011 Confidential and Proprietary Information 1
  • 2. Agenda • Office 365 Identity – Identity Management Overview – Identities for Microsoft Cloud Services – Core Identity Scenarios with Office 365 • Directory Sync with Password Sync • ADFS 2.0 – High Availability and Highly Resiliency • Single Sign On Experience – Demo • Tips, Tricks and Best Practices for configuring ADFS with Office 365 • References © Magenic Technologies, Inc. 2011 Confidential and Proprietary Information 2
  • 3. OFFICE 365 IDENTITY MANAGEMENT © Magenic Technologies, Inc. 2011 Confidential and Proprietary Information 3
  • 4. What is Identity Management • Identity management deals with identifying individuals in a system and controlling access to the resources in that system • Integral components of identity and access management – Authentication (Verifies who you are) Verifying that a user, device, or service such as an application provided on a network server is the entity that it claims to be – Authorization (Verified what you are authorized to do) Determining which actions an authenticated entity is authorized to perform on the network © Magenic Technologies, Inc. 2011 Confidential and Proprietary Information 4
  • 5. Identities for Microsoft Cloud Services Microsoft Account Organizational Account Organizational Account Ex: amitc@magenic.com User Microsoft Account e.g. User amitc@onmicrosoft.com or amitc@outlook.com © Magenic Technologies, Inc. 2011 Confidential and Proprietary Information 5
  • 6. Cloud vs. Federated Identity Cloud Identity • Separate credential from corporate credential • Authentication occurs via cloud directory service • Password policy stored in Office 365 © Magenic Technologies, Inc. 2011 Confidential and Proprietary Information Federated Identity • Same credential as corporate credential • Authentication occurs via on-premises Active Directory service • Password policy is stored on-premises • Requires Directory Synchronization 6
  • 7. Common Identity platform for Organizational Accounts Windows Azure Active Directory is the underlying identity platform for various cloud services that use Organizational Accounts Windows Azure Active Directory Authentication platform Directory store © Magenic Technologies, Inc. 2011 Confidential and Proprietary Information 7
  • 8. Core Identity Scenarios with Office 365 Cloud Identity no integration to onpremises directories Directory & Password Synchronization* Federated Identity Integration without federation* Single federated identity and credentials © Magenic Technologies, Inc. 2011 Confidential and Proprietary Information 8
  • 9. Identity Usage Scenarios Cloud Identity Cloud Identity + DirSync Federated Identity* Scenario • Smaller organizations without on-premises Active Directory • Medium to large organizations with Active Directory on-premises • Large enterprise organizations with Active Directory onpremises Pros • Doesn’t require on-premises server deployment • “Source of Authority” is on-premises Enables co-existence • Single Sign-on experience “Source of Authority” is on-premises Enables co-existence • • • Cons • • • No Single Sign-on No Two factor authentication options 2 sets of credentials to manage with potentially different password policies • • • • © Magenic Technologies, Inc. 2011 Confidential and Proprietary Information No Single Sign-On No 2-Factor Authentication options 2 sets of credentials to manage with potentially different password policies Requires on-premises server deployment • Requires on-premises server deployment in high availability scenario 9
  • 10. Prepare your Environment • Active Directory Attribute Cleanup – Minimum - User Name, First Name, Last Name, and Display Name – Unsupported characters - Space ( ) @ ‘ | = ? / • Only routable domains can be used with ADFS deployment – Non-routable domains: .local - .loc - .internal • Domain must be added and ownership verified • If organization has AD with only internal namespace, it must: – Add a routable UPN suffix in Active Directory Forests and Trusts. – Configure each user with that routable UserPrincipalName © Magenic Technologies, Inc. 2011 Confidential and Proprietary Information 10
  • 11. SSL Certificates • Why SSL certificates? – SSO experience; ActiveSync – Secure communications – Auto-discover the Exchange Server • Certificates required for these Office 365 components: – Exchange on-premises – Single sign-on (for both the ADFS federation servers and ADFS federation server proxies) – Auto-discover, Outlook Anywhere, Exchange ActiveSync, and Exchange Web Service (EWS) – Exchange hybrid server © Magenic Technologies, Inc. 2011 Confidential and Proprietary Information 11
  • 12. Network and Hardware Considerations • Ports and Protocols – Identify the port/protocol requirements for Active Directory, SharePoint, Lync, Exchange, and migration scenarios • Firewall Considerations – Accept connections based on wildcard domain names • Proxy Device Considerations – Allow connections from Microsoft Online Services – URLs • WAN Accelerators – Test and optimize your WAN accelerated proxy device(s) • Hardware and Software Load-Balancing Devices – These are required for single sign-on and Exchange hybrid deployments • Test and optimize your load-balancing device(s) © Magenic Technologies, Inc. 2011 Confidential and Proprietary Information 12
  • 13. DirSync • • • • • • • • • • • Application that synchronizes on-premises Active Directory with Office 365 x64 application based on FIM Designed as an appliance: “Set it and forget it” Entire Active Directory forest is scoped for synchronization What is synchronized? All user objects All group objects Mail-enabled contact objects Passwords (if you opt to sync passwords too) Synchronization is from on-premises to Office 365 only Synchronization occurs every 3 hours © Magenic Technologies, Inc. 2011 Confidential and Proprietary Information 13
  • 14. Single Sign On – Server Requirements • • • • • • • • Windows Server 2008/2008 R2 or Windows Server 2012 PowerShell Web Server (IIS) .NET 3.5 SP1 Windows Identity Foundation Publicly registered domain name SSL Trusted Public Certificates Windows Azure Active Directory Module for Windows PowerShell – Microsoft Online Sign In Assistant • High-availability design © Magenic Technologies, Inc. 2011 Confidential and Proprietary Information 14
  • 15. Deploying ADFS 2.0 for SSO • Deploy ADFS Server AD FS 2.x Server • Default topology for Office 365 is an AD FS 2.x federation server farm that consists of multiple servers hosting your organization’s Federation Service • Recommend using at least two federation servers in a load-balanced configuration • Deploy ADFS Server Proxy AD FS 2.x Proxy Server • Federation server proxies are used to redirect client authentication requests coming from outside your corporate network to the federation server farm • Federation server proxies should be deployed in the DMZ © Magenic Technologies, Inc. 2011 Confidential and Proprietary Information 15
  • 16. Preparing to deploy ADFS Active Directory running in Windows Server 2003, Windows Server 2008, or Windows Server 2008 R2 with a functional level of mixed or native mode AD FS 2.x deployed on Windows Server 2008/R2 or Windows Server 2012 AD FS 2.x Proxy deployed, if some users are connecting from outside the company’s network Windows Azure Active Directory Module for Windows PowerShell to establish a trust with Office 365 Required updates installed for Office 365 A unique third-party certificate when installing and configuring federation servers and federation server proxies © Magenic Technologies, Inc. 2011 Confidential and Proprietary Information 16
  • 17. ADFS Certs • • • Service communication certificate – AD FS uses this certificate to enable HTTPS which is a requirement for traffic to and from the federation server and federation server proxies ( to secure communication) So it is basically a SSL certificate which needs to be installed on the IIS for each federation server and federation server proxy Token signing certificate – AD FS uses this certificate to digitally sign outgoing AD FS tokens. This is not used to secure data but in fact it is used to ensure the integrity of the security tokens as they pass between the federation servers and application server via the client computer. Token decrypting certificate – AD FS 2.0 and above has the ability to encrypt the contents of the AD FS tokens. This is in addition to having these tokens signed by the server's token signing certificate. © Magenic Technologies, Inc. 2011 Confidential and Proprietary Information 17
  • 18. ADFS solution © Magenic Technologies, Inc. 2011 Confidential and Proprietary Information 18
  • 19. Federation using PowerShell Command Description $cred=Get-Credential Prompt for Office 365 credentials and store them in a variable Connect-MsolService –Credential $cred Connect to Office 365 using stored credentials Set-MSOLAdfscontext -Computer <AD FS 2.x primary server> Specify the local AD FS 2.x Server Convert-MSOLDomainToFederated – Domainname <domain.com> Get-MSOLFederationProperty Convert the standard local domain to an Identity Federated Domain Show Identity Federation Proprieties © Magenic Technologies, Inc. 2011 Confidential and Proprietary Information 19
  • 20. ADFS Farm Architecture – WID vs. SQL WID Advantages WID Disadvantages Very easy to setup and implement Supports up to five federation servers in a farm Load balancing and fault tolerance is possible if setup as a farm. SAML artifact resolution and SAML/WSFederation token replay detection feature is not available Supports multiple Federation Servers in a farm (limits to 5 federation server in a farm) It is not supported if there is more than 100 claim trust providers trust or more than 100 relying party trusts. © Magenic Technologies, Inc. 2011 Confidential and Proprietary Information 20
  • 21. ADFS Farm Architecture – WID vs. SQL contd… SQL Advantages SQL Disadvantages Supports multiple federation servers (not subject to the limitation of WID) Additional setup complexities. Require PowerShell to install it Load balancing and fault tolerance SQL cluster introduces another potential point of failure Easily Scalable SQL server must be performing well to service requests © Magenic Technologies, Inc. 2011 Confidential and Proprietary Information 21
  • 22. ADFS High Availability and High Resiliency © Magenic Technologies, Inc. 2011 Confidential and Proprietary Information 22
  • 23. Single Sign On Experience Demo © Magenic Technologies, Inc. 2011 Confidential and Proprietary Information 23
  • 24. TIPS, TRICKS AND BEST PRACTICES FOR ADFS WITH O365 © Magenic Technologies, Inc. 2011 Confidential and Proprietary Information 24
  • 25. OnRamp tool • OnRamp tool may give you errors and warnings which might not be applicable to your configuration. In most cases, you can ignore these errors and continue with ADFS Set up. © Magenic Technologies, Inc. 2011 Confidential and Proprietary Information 25
  • 26. OnRamp tool © Magenic Technologies, Inc. 2011 Confidential and Proprietary Information 26
  • 27. DirSync Tool Install DirSync tool installation may fail the first time when you run the installer in Windows Server 2012. Logs mention that a local security group (FlMSyncAdmins) is configured on the system during the installation, but the user doesn't have rights for that group membership because the user needs to log off. © Magenic Technologies, Inc. 2011 Confidential and Proprietary Information 27
  • 28. DirSync Tool Re-Install Uninstall DirSync tool, Reboot the system afterwards and rerun the installation. This time it should go through and locate the existing FIM groups created in first run of the install and will successfully complete the installation. © Magenic Technologies, Inc. 2011 Confidential and Proprietary Information 28
  • 29. Dedicated “Service” Account in O365 for DirSync Use a dedicated Microsoft cloud identity account as a “service” account (global administrator) for DirSync. By default, Azure automatically requires a password update every 90 days, but we should turn off the Password expiration for this account using Windows Azure Active Directory Module for Windows PowerShell, otherwise DirSync will break every 90 days. Set-MsolUser -UserPrincipalName user@domain.onmicrosoft.com PasswordNeverExpires $true © Magenic Technologies, Inc. 2011 Confidential and Proprietary Information 29
  • 30. Understand the Rollback mechanism (unfederation) Understand how un-federation works and how and what does it affect in O365 and in your underlying Active Directory. © Magenic Technologies, Inc. 2011 Confidential and Proprietary Information 30
  • 31. Unfederation Convert-MSOLDomainToStandard –DomainName mydomain – SkipUserConversion $false -PasswordFile c:tempuserpasswords.txt The password file stores all the temporary passwords assigned to the user accounts after federation is removed. © Magenic Technologies, Inc. 2011 Confidential and Proprietary Information 31
  • 32. Plan ahead to test the configuration with a trial version • No easy way to do a trial of federation in Office 365, so plan ahead on testing with a trial version of O365, a test domain and dedicated test infrastructure. • It is strongly recommended to test it before you federate your production domain with O365. © Magenic Technologies, Inc. 2011 Confidential and Proprietary Information 32
  • 33. Tips and Tricks for ADFS setup contd… • For full single sign on experience you need to implement a split DNS configuration so that external users are treated differently from internal users on the corporate network for security reasons. • It is strongly recommended to use a public facing SSL certificate for configuring Outlook clients using Microsoft autodiscover. • Office 365 Single Sign On experience works best with Internet Explorer. Other browsers may have varying experience. • You must set a group policy to have the federation service URL in the Local Intranet sites in IE. This is to allow IE’s windows integrated authentication to work seamlessly with ADFS. • Make sure you validate that the documentation you got on internet sites (sometimes even TechNet) is currently applicable to the Office 365 version you are working with. • Use the GUI tool Synchronization Service Manager after you have installed DirSync to monitor the synchronization. © Magenic Technologies, Inc. 2011 Confidential and Proprietary Information 33
  • 34. References • • • • • Checklist: Setting Up a Federation Server Windows Server 2012 AD FS Deployment Guide FAQ on ADFS AD FS Troubleshooting Converting from SSO domain to Non-Federated © Magenic Technologies, Inc. 2011 Confidential and Proprietary Information 34
  • 35. Questions? © Magenic Technologies, Inc. 2011 Confidential and Proprietary Information 35