Enviar búsqueda
Cargar
Office 365-single-sign-on-with-adfs
•
Descargar como PPTX, PDF
•
5 recomendaciones
•
5,416 vistas
A
amitchachra
Seguir
Active Directory Federation Services to achieve Single Sign on with Office 365
Leer menos
Leer más
Tecnología
Denunciar
Compartir
Denunciar
Compartir
1 de 35
Descargar ahora
Recomendados
Directory Synchronization Single Sign-On in Office 365
Directory Synchronization Single Sign-On in Office 365
InnoTech
How to provide AD, ADFS, DirSync in Windows Azure and hook it up with Office 365
How to provide AD, ADFS, DirSync in Windows Azure and hook it up with Office 365
Microsoft TechNet - Belgium and Luxembourg
OFM AIA FP Implementation View and Case Study
OFM AIA FP Implementation View and Case Study
Sreenivasa Setty
Adfs azure
Adfs azure
Jethro Seghers
Adfs Shib Interop Um Oxford
Adfs Shib Interop Um Oxford
guestd9aa5
The Who, What, Why and How of Active Directory Federation Services (AD FS)
The Who, What, Why and How of Active Directory Federation Services (AD FS)
Jay Simcox
Office 365 Identity Management options
Office 365 Identity Management options
Microsoft TechNet - Belgium and Luxembourg
Raymond Comvalius & Sander Berkouwer - Bring your own device essentials with ...
Raymond Comvalius & Sander Berkouwer - Bring your own device essentials with ...
Nordic Infrastructure Conference
Recomendados
Directory Synchronization Single Sign-On in Office 365
Directory Synchronization Single Sign-On in Office 365
InnoTech
How to provide AD, ADFS, DirSync in Windows Azure and hook it up with Office 365
How to provide AD, ADFS, DirSync in Windows Azure and hook it up with Office 365
Microsoft TechNet - Belgium and Luxembourg
OFM AIA FP Implementation View and Case Study
OFM AIA FP Implementation View and Case Study
Sreenivasa Setty
Adfs azure
Adfs azure
Jethro Seghers
Adfs Shib Interop Um Oxford
Adfs Shib Interop Um Oxford
guestd9aa5
The Who, What, Why and How of Active Directory Federation Services (AD FS)
The Who, What, Why and How of Active Directory Federation Services (AD FS)
Jay Simcox
Office 365 Identity Management options
Office 365 Identity Management options
Microsoft TechNet - Belgium and Luxembourg
Raymond Comvalius & Sander Berkouwer - Bring your own device essentials with ...
Raymond Comvalius & Sander Berkouwer - Bring your own device essentials with ...
Nordic Infrastructure Conference
Ad fs
Ad fs
Iván Sanchez Vera
Brian Desmond - Identity and directory synchronization with office 365 and wi...
Brian Desmond - Identity and directory synchronization with office 365 and wi...
Nordic Infrastructure Conference
SharePoint 2013 and ADFS
SharePoint 2013 and ADFS
Natallia Makarevich
Identity and o365 on Azure
Identity and o365 on Azure
Mostafa
Understanding SharePoint Apps, authentication and authorization infrastructur...
Understanding SharePoint Apps, authentication and authorization infrastructur...
SPC Adriatics
EWUG - Azure AD Pass-through Authentication and Seamless Single Sign-On
EWUG - Azure AD Pass-through Authentication and Seamless Single Sign-On
Peter Selch Dahl
Integrating your on-premises Active Directory with Azure and Office 365
Integrating your on-premises Active Directory with Azure and Office 365
nelmedia
Office 365 identity
Office 365 identity
Motty Ben Atia
[Toroman/Kranjac] Red Team vs. Blue Team in Microsoft Cloud
[Toroman/Kranjac] Red Team vs. Blue Team in Microsoft Cloud
European Collaboration Summit
Get your site microsoft edge ready
Get your site microsoft edge ready
Mostafa
Windows Azure Active Directory
Windows Azure Active Directory
Pavel Revenkov
Identity Management in SharePoint 2013
Identity Management in SharePoint 2013
SPC Adriatics
Microsoft Azure Identity and O365
Microsoft Azure Identity and O365
Kris Wagner
Office 365: Do’s and Don’ts, Lessons learned from the field
Office 365: Do’s and Don’ts, Lessons learned from the field
Microsoft TechNet - Belgium and Luxembourg
ADFS + IAM
ADFS + IAM
Richard Harvey
Understanding Azure AD
Understanding Azure AD
New Horizons Ireland
SPIntersection 2016 - TO THE CLOUD! USING IAAS AS A HOSTING PROVIDER FOR SHAR...
SPIntersection 2016 - TO THE CLOUD! USING IAAS AS A HOSTING PROVIDER FOR SHAR...
Scott Hoag
2. Day 2 - Identify and SSO
2. Day 2 - Identify and SSO
Huy Pham
Deploying an Extranet on SharePoint
Deploying an Extranet on SharePoint
Alan Marshall
SPIntersection 2016 - MICROSOFT CLOUD IDENTITIES IN AZURE AND OFFICE 365
SPIntersection 2016 - MICROSOFT CLOUD IDENTITIES IN AZURE AND OFFICE 365
Scott Hoag
Aboutsip - SIP Routing
Aboutsip - SIP Routing
Jonas Borjesson
What is the future of etl tools like ab initio
What is the future of etl tools like ab initio
maxonlinetr
Más contenido relacionado
La actualidad más candente
Ad fs
Ad fs
Iván Sanchez Vera
Brian Desmond - Identity and directory synchronization with office 365 and wi...
Brian Desmond - Identity and directory synchronization with office 365 and wi...
Nordic Infrastructure Conference
SharePoint 2013 and ADFS
SharePoint 2013 and ADFS
Natallia Makarevich
Identity and o365 on Azure
Identity and o365 on Azure
Mostafa
Understanding SharePoint Apps, authentication and authorization infrastructur...
Understanding SharePoint Apps, authentication and authorization infrastructur...
SPC Adriatics
EWUG - Azure AD Pass-through Authentication and Seamless Single Sign-On
EWUG - Azure AD Pass-through Authentication and Seamless Single Sign-On
Peter Selch Dahl
Integrating your on-premises Active Directory with Azure and Office 365
Integrating your on-premises Active Directory with Azure and Office 365
nelmedia
Office 365 identity
Office 365 identity
Motty Ben Atia
[Toroman/Kranjac] Red Team vs. Blue Team in Microsoft Cloud
[Toroman/Kranjac] Red Team vs. Blue Team in Microsoft Cloud
European Collaboration Summit
Get your site microsoft edge ready
Get your site microsoft edge ready
Mostafa
Windows Azure Active Directory
Windows Azure Active Directory
Pavel Revenkov
Identity Management in SharePoint 2013
Identity Management in SharePoint 2013
SPC Adriatics
Microsoft Azure Identity and O365
Microsoft Azure Identity and O365
Kris Wagner
Office 365: Do’s and Don’ts, Lessons learned from the field
Office 365: Do’s and Don’ts, Lessons learned from the field
Microsoft TechNet - Belgium and Luxembourg
ADFS + IAM
ADFS + IAM
Richard Harvey
Understanding Azure AD
Understanding Azure AD
New Horizons Ireland
SPIntersection 2016 - TO THE CLOUD! USING IAAS AS A HOSTING PROVIDER FOR SHAR...
SPIntersection 2016 - TO THE CLOUD! USING IAAS AS A HOSTING PROVIDER FOR SHAR...
Scott Hoag
2. Day 2 - Identify and SSO
2. Day 2 - Identify and SSO
Huy Pham
Deploying an Extranet on SharePoint
Deploying an Extranet on SharePoint
Alan Marshall
SPIntersection 2016 - MICROSOFT CLOUD IDENTITIES IN AZURE AND OFFICE 365
SPIntersection 2016 - MICROSOFT CLOUD IDENTITIES IN AZURE AND OFFICE 365
Scott Hoag
La actualidad más candente
(20)
Ad fs
Ad fs
Brian Desmond - Identity and directory synchronization with office 365 and wi...
Brian Desmond - Identity and directory synchronization with office 365 and wi...
SharePoint 2013 and ADFS
SharePoint 2013 and ADFS
Identity and o365 on Azure
Identity and o365 on Azure
Understanding SharePoint Apps, authentication and authorization infrastructur...
Understanding SharePoint Apps, authentication and authorization infrastructur...
EWUG - Azure AD Pass-through Authentication and Seamless Single Sign-On
EWUG - Azure AD Pass-through Authentication and Seamless Single Sign-On
Integrating your on-premises Active Directory with Azure and Office 365
Integrating your on-premises Active Directory with Azure and Office 365
Office 365 identity
Office 365 identity
[Toroman/Kranjac] Red Team vs. Blue Team in Microsoft Cloud
[Toroman/Kranjac] Red Team vs. Blue Team in Microsoft Cloud
Get your site microsoft edge ready
Get your site microsoft edge ready
Windows Azure Active Directory
Windows Azure Active Directory
Identity Management in SharePoint 2013
Identity Management in SharePoint 2013
Microsoft Azure Identity and O365
Microsoft Azure Identity and O365
Office 365: Do’s and Don’ts, Lessons learned from the field
Office 365: Do’s and Don’ts, Lessons learned from the field
ADFS + IAM
ADFS + IAM
Understanding Azure AD
Understanding Azure AD
SPIntersection 2016 - TO THE CLOUD! USING IAAS AS A HOSTING PROVIDER FOR SHAR...
SPIntersection 2016 - TO THE CLOUD! USING IAAS AS A HOSTING PROVIDER FOR SHAR...
2. Day 2 - Identify and SSO
2. Day 2 - Identify and SSO
Deploying an Extranet on SharePoint
Deploying an Extranet on SharePoint
SPIntersection 2016 - MICROSOFT CLOUD IDENTITIES IN AZURE AND OFFICE 365
SPIntersection 2016 - MICROSOFT CLOUD IDENTITIES IN AZURE AND OFFICE 365
Destacado
Aboutsip - SIP Routing
Aboutsip - SIP Routing
Jonas Borjesson
What is the future of etl tools like ab initio
What is the future of etl tools like ab initio
maxonlinetr
Tanglewood 3
Tanglewood 3
Amanda Fraser
Optimization Analysis Case Example
Optimization Analysis Case Example
bjk002
The welch way
The welch way
Sajjan Pandey
Teamcenter – sap integration gateway
Teamcenter – sap integration gateway
Panso Solutions India Pvt Ltd
Advanced Work Packaging in Construction: An Introduction
Advanced Work Packaging in Construction: An Introduction
The Advanced Work Packaging Institute
Hedge Fund Strategies: Credit Funds
Hedge Fund Strategies: Credit Funds
HedgeFundFundamentals
Real-time, Sensor-based Monitoring of Shipping Containers
Real-time, Sensor-based Monitoring of Shipping Containers
benaam
Designing your Product as a Platform
Designing your Product as a Platform
Micah Laaker
Pilling and abrasion Testing of fabrics
Pilling and abrasion Testing of fabrics
Chaitanya Chaudhary
Shear centre
Shear centre
Anirudh Ashok
Chapter 1 modes of international trade transactions
Chapter 1 modes of international trade transactions
Dao Hoa
Revenue assurance 101
Revenue assurance 101
ntel
XRF Theory and Application
XRF Theory and Application
Sirwan Hasan
One Page Talent Management
One Page Talent Management
The Talent Strategy Group
Acquisition Candidate Analysis
Acquisition Candidate Analysis
John Mecke
Textile management system review iii
Textile management system review iii
Antony Alex
Branding in Pharmaceuticals
Branding in Pharmaceuticals
Sheraz Pervaiz
Metadata in data warehouse
Metadata in data warehouse
Siddique Ibrahim
Destacado
(20)
Aboutsip - SIP Routing
Aboutsip - SIP Routing
What is the future of etl tools like ab initio
What is the future of etl tools like ab initio
Tanglewood 3
Tanglewood 3
Optimization Analysis Case Example
Optimization Analysis Case Example
The welch way
The welch way
Teamcenter – sap integration gateway
Teamcenter – sap integration gateway
Advanced Work Packaging in Construction: An Introduction
Advanced Work Packaging in Construction: An Introduction
Hedge Fund Strategies: Credit Funds
Hedge Fund Strategies: Credit Funds
Real-time, Sensor-based Monitoring of Shipping Containers
Real-time, Sensor-based Monitoring of Shipping Containers
Designing your Product as a Platform
Designing your Product as a Platform
Pilling and abrasion Testing of fabrics
Pilling and abrasion Testing of fabrics
Shear centre
Shear centre
Chapter 1 modes of international trade transactions
Chapter 1 modes of international trade transactions
Revenue assurance 101
Revenue assurance 101
XRF Theory and Application
XRF Theory and Application
One Page Talent Management
One Page Talent Management
Acquisition Candidate Analysis
Acquisition Candidate Analysis
Textile management system review iii
Textile management system review iii
Branding in Pharmaceuticals
Branding in Pharmaceuticals
Metadata in data warehouse
Metadata in data warehouse
Similar a Office 365-single-sign-on-with-adfs
Understanding Office 365’s Identity Solutions: Deep Dive - EPC Group
Understanding Office 365’s Identity Solutions: Deep Dive - EPC Group
EPC Group
Understanding Identity Management with Office 365
Understanding Identity Management with Office 365
Perficient, Inc.
SharePoint Fest Chicago 2014 - Anatomy of SharePoint and Office 365 Hybrid De...
SharePoint Fest Chicago 2014 - Anatomy of SharePoint and Office 365 Hybrid De...
Nik Patel
O365con14 - moving from on-premises to online, the road to follow
O365con14 - moving from on-premises to online, the road to follow
NCCOMMS
O365-AzureAD Identity management
O365-AzureAD Identity management
David Pechon
Identity Management for Office 365 and Microsoft Azure
Identity Management for Office 365 and Microsoft Azure
Sparkhound Inc.
Share point 2013 in a hybrid world
Share point 2013 in a hybrid world
Jethro Seghers
SPSVB - Office 365 and Cloud Identity - What Does It Mean for Me?
SPSVB - Office 365 and Cloud Identity - What Does It Mean for Me?
Scott Hoag
Premier Webcast - Identity Management with Windows Azure AD
Premier Webcast - Identity Management with Windows Azure AD
uberbaum
Hybrid SharePoint - Office 365 & On-prem SharePoint 2013 -part2
Hybrid SharePoint - Office 365 & On-prem SharePoint 2013 -part2
WinWire Technologies Inc
Supporting architecture office 365 on windows azure
Supporting architecture office 365 on windows azure
Jethro Seghers
Supporting architecture office 365 on windows azure
Supporting architecture office 365 on windows azure
Jethro Seghers
04_Extending and Securing Enterprise Applications in Microsoft Azure_GAB2019
04_Extending and Securing Enterprise Applications in Microsoft Azure_GAB2019
Kumton Suttiraksiri
1. Day 1 - Office 365 Trainning
1. Day 1 - Office 365 Trainning
Huy Pham
Azure Community Tour 2019 - AZUGDK
Azure Community Tour 2019 - AZUGDK
Peter Selch Dahl
SYDSP - Office 365 and Cloud Identity - What does it mean for me?
SYDSP - Office 365 and Cloud Identity - What does it mean for me?
Scott Hoag
Mojemoje
Mojemoje
Martin Vokoun
JAXSPUG January 2016 - Microsoft Cloud Identities in Azure and Office 365
JAXSPUG January 2016 - Microsoft Cloud Identities in Azure and Office 365
Scott Hoag
SPCA2013 - It’s Me, and Here’s My ProofIdentity & Authentication in SharePoin...
SPCA2013 - It’s Me, and Here’s My ProofIdentity & Authentication in SharePoin...
NCCOMMS
AD Basic and Azure AD.pptx
AD Basic and Azure AD.pptx
SumTingWong8
Similar a Office 365-single-sign-on-with-adfs
(20)
Understanding Office 365’s Identity Solutions: Deep Dive - EPC Group
Understanding Office 365’s Identity Solutions: Deep Dive - EPC Group
Understanding Identity Management with Office 365
Understanding Identity Management with Office 365
SharePoint Fest Chicago 2014 - Anatomy of SharePoint and Office 365 Hybrid De...
SharePoint Fest Chicago 2014 - Anatomy of SharePoint and Office 365 Hybrid De...
O365con14 - moving from on-premises to online, the road to follow
O365con14 - moving from on-premises to online, the road to follow
O365-AzureAD Identity management
O365-AzureAD Identity management
Identity Management for Office 365 and Microsoft Azure
Identity Management for Office 365 and Microsoft Azure
Share point 2013 in a hybrid world
Share point 2013 in a hybrid world
SPSVB - Office 365 and Cloud Identity - What Does It Mean for Me?
SPSVB - Office 365 and Cloud Identity - What Does It Mean for Me?
Premier Webcast - Identity Management with Windows Azure AD
Premier Webcast - Identity Management with Windows Azure AD
Hybrid SharePoint - Office 365 & On-prem SharePoint 2013 -part2
Hybrid SharePoint - Office 365 & On-prem SharePoint 2013 -part2
Supporting architecture office 365 on windows azure
Supporting architecture office 365 on windows azure
Supporting architecture office 365 on windows azure
Supporting architecture office 365 on windows azure
04_Extending and Securing Enterprise Applications in Microsoft Azure_GAB2019
04_Extending and Securing Enterprise Applications in Microsoft Azure_GAB2019
1. Day 1 - Office 365 Trainning
1. Day 1 - Office 365 Trainning
Azure Community Tour 2019 - AZUGDK
Azure Community Tour 2019 - AZUGDK
SYDSP - Office 365 and Cloud Identity - What does it mean for me?
SYDSP - Office 365 and Cloud Identity - What does it mean for me?
Mojemoje
Mojemoje
JAXSPUG January 2016 - Microsoft Cloud Identities in Azure and Office 365
JAXSPUG January 2016 - Microsoft Cloud Identities in Azure and Office 365
SPCA2013 - It’s Me, and Here’s My ProofIdentity & Authentication in SharePoin...
SPCA2013 - It’s Me, and Here’s My ProofIdentity & Authentication in SharePoin...
AD Basic and Azure AD.pptx
AD Basic and Azure AD.pptx
Último
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
hariprasad279825
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
BookNet Canada
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
Fwdays
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
Curtis Poe
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An Introduction
Dilum Bandara
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptx
LoriGlavin3
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Mark Simos
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directions
Nathaniel Shimoni
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
BookNet Canada
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine Tuning
Lars Bell
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
gvaughan
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdf
LoriGlavin3
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
Lonnie McRorey
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
Manik S Magar
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
LoriGlavin3
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information Developers
Raghuram Pandurangan
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
Alan Dix
unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptx
BkGupta21
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
Fwdays
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
Hervé Boutemy
Último
(20)
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An Introduction
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptx
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directions
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine Tuning
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdf
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information Developers
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptx
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
Office 365-single-sign-on-with-adfs
1.
Single Sign on
with Active Directory Federation in Office 365/SharePoint Online Presented by: Amit Chachra, Principal Lead Consultant with Magenic Allen Yu, Senior Systems Engineer with WCIRB of California © Magenic Technologies, Inc. 2011 Confidential and Proprietary Information 1
2.
Agenda • Office 365 Identity –
Identity Management Overview – Identities for Microsoft Cloud Services – Core Identity Scenarios with Office 365 • Directory Sync with Password Sync • ADFS 2.0 – High Availability and Highly Resiliency • Single Sign On Experience – Demo • Tips, Tricks and Best Practices for configuring ADFS with Office 365 • References © Magenic Technologies, Inc. 2011 Confidential and Proprietary Information 2
3.
OFFICE 365 IDENTITY
MANAGEMENT © Magenic Technologies, Inc. 2011 Confidential and Proprietary Information 3
4.
What is Identity
Management • Identity management deals with identifying individuals in a system and controlling access to the resources in that system • Integral components of identity and access management – Authentication (Verifies who you are) Verifying that a user, device, or service such as an application provided on a network server is the entity that it claims to be – Authorization (Verified what you are authorized to do) Determining which actions an authenticated entity is authorized to perform on the network © Magenic Technologies, Inc. 2011 Confidential and Proprietary Information 4
5.
Identities for Microsoft
Cloud Services Microsoft Account Organizational Account Organizational Account Ex: amitc@magenic.com User Microsoft Account e.g. User amitc@onmicrosoft.com or amitc@outlook.com © Magenic Technologies, Inc. 2011 Confidential and Proprietary Information 5
6.
Cloud vs. Federated
Identity Cloud Identity • Separate credential from corporate credential • Authentication occurs via cloud directory service • Password policy stored in Office 365 © Magenic Technologies, Inc. 2011 Confidential and Proprietary Information Federated Identity • Same credential as corporate credential • Authentication occurs via on-premises Active Directory service • Password policy is stored on-premises • Requires Directory Synchronization 6
7.
Common Identity platform
for Organizational Accounts Windows Azure Active Directory is the underlying identity platform for various cloud services that use Organizational Accounts Windows Azure Active Directory Authentication platform Directory store © Magenic Technologies, Inc. 2011 Confidential and Proprietary Information 7
8.
Core Identity Scenarios
with Office 365 Cloud Identity no integration to onpremises directories Directory & Password Synchronization* Federated Identity Integration without federation* Single federated identity and credentials © Magenic Technologies, Inc. 2011 Confidential and Proprietary Information 8
9.
Identity Usage Scenarios Cloud
Identity Cloud Identity + DirSync Federated Identity* Scenario • Smaller organizations without on-premises Active Directory • Medium to large organizations with Active Directory on-premises • Large enterprise organizations with Active Directory onpremises Pros • Doesn’t require on-premises server deployment • “Source of Authority” is on-premises Enables co-existence • Single Sign-on experience “Source of Authority” is on-premises Enables co-existence • • • Cons • • • No Single Sign-on No Two factor authentication options 2 sets of credentials to manage with potentially different password policies • • • • © Magenic Technologies, Inc. 2011 Confidential and Proprietary Information No Single Sign-On No 2-Factor Authentication options 2 sets of credentials to manage with potentially different password policies Requires on-premises server deployment • Requires on-premises server deployment in high availability scenario 9
10.
Prepare your Environment •
Active Directory Attribute Cleanup – Minimum - User Name, First Name, Last Name, and Display Name – Unsupported characters - Space ( ) @ ‘ | = ? / • Only routable domains can be used with ADFS deployment – Non-routable domains: .local - .loc - .internal • Domain must be added and ownership verified • If organization has AD with only internal namespace, it must: – Add a routable UPN suffix in Active Directory Forests and Trusts. – Configure each user with that routable UserPrincipalName © Magenic Technologies, Inc. 2011 Confidential and Proprietary Information 10
11.
SSL Certificates • Why
SSL certificates? – SSO experience; ActiveSync – Secure communications – Auto-discover the Exchange Server • Certificates required for these Office 365 components: – Exchange on-premises – Single sign-on (for both the ADFS federation servers and ADFS federation server proxies) – Auto-discover, Outlook Anywhere, Exchange ActiveSync, and Exchange Web Service (EWS) – Exchange hybrid server © Magenic Technologies, Inc. 2011 Confidential and Proprietary Information 11
12.
Network and Hardware
Considerations • Ports and Protocols – Identify the port/protocol requirements for Active Directory, SharePoint, Lync, Exchange, and migration scenarios • Firewall Considerations – Accept connections based on wildcard domain names • Proxy Device Considerations – Allow connections from Microsoft Online Services – URLs • WAN Accelerators – Test and optimize your WAN accelerated proxy device(s) • Hardware and Software Load-Balancing Devices – These are required for single sign-on and Exchange hybrid deployments • Test and optimize your load-balancing device(s) © Magenic Technologies, Inc. 2011 Confidential and Proprietary Information 12
13.
DirSync • • • • • • • • • • • Application that synchronizes
on-premises Active Directory with Office 365 x64 application based on FIM Designed as an appliance: “Set it and forget it” Entire Active Directory forest is scoped for synchronization What is synchronized? All user objects All group objects Mail-enabled contact objects Passwords (if you opt to sync passwords too) Synchronization is from on-premises to Office 365 only Synchronization occurs every 3 hours © Magenic Technologies, Inc. 2011 Confidential and Proprietary Information 13
14.
Single Sign On
– Server Requirements • • • • • • • • Windows Server 2008/2008 R2 or Windows Server 2012 PowerShell Web Server (IIS) .NET 3.5 SP1 Windows Identity Foundation Publicly registered domain name SSL Trusted Public Certificates Windows Azure Active Directory Module for Windows PowerShell – Microsoft Online Sign In Assistant • High-availability design © Magenic Technologies, Inc. 2011 Confidential and Proprietary Information 14
15.
Deploying ADFS 2.0
for SSO • Deploy ADFS Server AD FS 2.x Server • Default topology for Office 365 is an AD FS 2.x federation server farm that consists of multiple servers hosting your organization’s Federation Service • Recommend using at least two federation servers in a load-balanced configuration • Deploy ADFS Server Proxy AD FS 2.x Proxy Server • Federation server proxies are used to redirect client authentication requests coming from outside your corporate network to the federation server farm • Federation server proxies should be deployed in the DMZ © Magenic Technologies, Inc. 2011 Confidential and Proprietary Information 15
16.
Preparing to deploy
ADFS Active Directory running in Windows Server 2003, Windows Server 2008, or Windows Server 2008 R2 with a functional level of mixed or native mode AD FS 2.x deployed on Windows Server 2008/R2 or Windows Server 2012 AD FS 2.x Proxy deployed, if some users are connecting from outside the company’s network Windows Azure Active Directory Module for Windows PowerShell to establish a trust with Office 365 Required updates installed for Office 365 A unique third-party certificate when installing and configuring federation servers and federation server proxies © Magenic Technologies, Inc. 2011 Confidential and Proprietary Information 16
17.
ADFS Certs • • • Service communication
certificate – AD FS uses this certificate to enable HTTPS which is a requirement for traffic to and from the federation server and federation server proxies ( to secure communication) So it is basically a SSL certificate which needs to be installed on the IIS for each federation server and federation server proxy Token signing certificate – AD FS uses this certificate to digitally sign outgoing AD FS tokens. This is not used to secure data but in fact it is used to ensure the integrity of the security tokens as they pass between the federation servers and application server via the client computer. Token decrypting certificate – AD FS 2.0 and above has the ability to encrypt the contents of the AD FS tokens. This is in addition to having these tokens signed by the server's token signing certificate. © Magenic Technologies, Inc. 2011 Confidential and Proprietary Information 17
18.
ADFS solution © Magenic
Technologies, Inc. 2011 Confidential and Proprietary Information 18
19.
Federation using PowerShell Command Description $cred=Get-Credential Prompt
for Office 365 credentials and store them in a variable Connect-MsolService –Credential $cred Connect to Office 365 using stored credentials Set-MSOLAdfscontext -Computer <AD FS 2.x primary server> Specify the local AD FS 2.x Server Convert-MSOLDomainToFederated – Domainname <domain.com> Get-MSOLFederationProperty Convert the standard local domain to an Identity Federated Domain Show Identity Federation Proprieties © Magenic Technologies, Inc. 2011 Confidential and Proprietary Information 19
20.
ADFS Farm Architecture
– WID vs. SQL WID Advantages WID Disadvantages Very easy to setup and implement Supports up to five federation servers in a farm Load balancing and fault tolerance is possible if setup as a farm. SAML artifact resolution and SAML/WSFederation token replay detection feature is not available Supports multiple Federation Servers in a farm (limits to 5 federation server in a farm) It is not supported if there is more than 100 claim trust providers trust or more than 100 relying party trusts. © Magenic Technologies, Inc. 2011 Confidential and Proprietary Information 20
21.
ADFS Farm Architecture
– WID vs. SQL contd… SQL Advantages SQL Disadvantages Supports multiple federation servers (not subject to the limitation of WID) Additional setup complexities. Require PowerShell to install it Load balancing and fault tolerance SQL cluster introduces another potential point of failure Easily Scalable SQL server must be performing well to service requests © Magenic Technologies, Inc. 2011 Confidential and Proprietary Information 21
22.
ADFS High Availability
and High Resiliency © Magenic Technologies, Inc. 2011 Confidential and Proprietary Information 22
23.
Single Sign On
Experience Demo © Magenic Technologies, Inc. 2011 Confidential and Proprietary Information 23
24.
TIPS, TRICKS AND
BEST PRACTICES FOR ADFS WITH O365 © Magenic Technologies, Inc. 2011 Confidential and Proprietary Information 24
25.
OnRamp tool • OnRamp
tool may give you errors and warnings which might not be applicable to your configuration. In most cases, you can ignore these errors and continue with ADFS Set up. © Magenic Technologies, Inc. 2011 Confidential and Proprietary Information 25
26.
OnRamp tool © Magenic
Technologies, Inc. 2011 Confidential and Proprietary Information 26
27.
DirSync Tool Install DirSync
tool installation may fail the first time when you run the installer in Windows Server 2012. Logs mention that a local security group (FlMSyncAdmins) is configured on the system during the installation, but the user doesn't have rights for that group membership because the user needs to log off. © Magenic Technologies, Inc. 2011 Confidential and Proprietary Information 27
28.
DirSync Tool Re-Install Uninstall
DirSync tool, Reboot the system afterwards and rerun the installation. This time it should go through and locate the existing FIM groups created in first run of the install and will successfully complete the installation. © Magenic Technologies, Inc. 2011 Confidential and Proprietary Information 28
29.
Dedicated “Service” Account
in O365 for DirSync Use a dedicated Microsoft cloud identity account as a “service” account (global administrator) for DirSync. By default, Azure automatically requires a password update every 90 days, but we should turn off the Password expiration for this account using Windows Azure Active Directory Module for Windows PowerShell, otherwise DirSync will break every 90 days. Set-MsolUser -UserPrincipalName user@domain.onmicrosoft.com PasswordNeverExpires $true © Magenic Technologies, Inc. 2011 Confidential and Proprietary Information 29
30.
Understand the Rollback
mechanism (unfederation) Understand how un-federation works and how and what does it affect in O365 and in your underlying Active Directory. © Magenic Technologies, Inc. 2011 Confidential and Proprietary Information 30
31.
Unfederation Convert-MSOLDomainToStandard –DomainName mydomain
– SkipUserConversion $false -PasswordFile c:tempuserpasswords.txt The password file stores all the temporary passwords assigned to the user accounts after federation is removed. © Magenic Technologies, Inc. 2011 Confidential and Proprietary Information 31
32.
Plan ahead to
test the configuration with a trial version • No easy way to do a trial of federation in Office 365, so plan ahead on testing with a trial version of O365, a test domain and dedicated test infrastructure. • It is strongly recommended to test it before you federate your production domain with O365. © Magenic Technologies, Inc. 2011 Confidential and Proprietary Information 32
33.
Tips and Tricks
for ADFS setup contd… • For full single sign on experience you need to implement a split DNS configuration so that external users are treated differently from internal users on the corporate network for security reasons. • It is strongly recommended to use a public facing SSL certificate for configuring Outlook clients using Microsoft autodiscover. • Office 365 Single Sign On experience works best with Internet Explorer. Other browsers may have varying experience. • You must set a group policy to have the federation service URL in the Local Intranet sites in IE. This is to allow IE’s windows integrated authentication to work seamlessly with ADFS. • Make sure you validate that the documentation you got on internet sites (sometimes even TechNet) is currently applicable to the Office 365 version you are working with. • Use the GUI tool Synchronization Service Manager after you have installed DirSync to monitor the synchronization. © Magenic Technologies, Inc. 2011 Confidential and Proprietary Information 33
34.
References • • • • • Checklist: Setting Up
a Federation Server Windows Server 2012 AD FS Deployment Guide FAQ on ADFS AD FS Troubleshooting Converting from SSO domain to Non-Federated © Magenic Technologies, Inc. 2011 Confidential and Proprietary Information 34
35.
Questions? © Magenic Technologies,
Inc. 2011 Confidential and Proprietary Information 35
Descargar ahora