SlideShare una empresa de Scribd logo

Directory Synchronization Single Sign-On in Office 365

Descargar como PPTX, PDF
InnoTech
InnoTech

Presented at SharePoint TechFest Dallas 2014. All rights reserved.

EmpresarialesTecnología
1 de 24
Directory Synchronization and Single Sign-On in Office 365 Christopher Webb MCM: SharePoint 2010 MCSM SharePoint MCT
• Create your tenant • http://office.microsoft.com/en-us/business/office-365-enterprise-e3-business-software- FX103030346.aspx • Activate Directory Synchronization - http://technet.microsoft.com/en- us/library/jj151831 • Prepare Active Directory • Activate Directory Sync feature on tenant admin site • Add Domain • DNS Verification • Configure UPNs & Prep AD • Download DirSync tool • Account Permissions for synchronization • Install DirSync • Configure Single Sign-On - http://technet.microsoft.com/en-us/library/jj151786 • ADFS install • ADFS Configuration • ADFS Proxy Configuration • Azure AD Module for PowerShell Install • Connecting to O365 and converting to a federated domain • Activate Users • Internet Zones for SSO
Prepare Active Directory • Deployment Readiness Tool - http://community.office365.com/en-us/forums/183/p/2285/8155.aspx or https://portal.microsoftonline.com/tools • The UPN domain suffix must be under the domain that you choose to set up for single sign-on. • The domain you choose to federate must be registered as a public domain with a domain registrar or within your own public DNS servers. • To create UPNs, follow the instructions in the Active Directory topic Add User Principal Name Suffixes. Keep in mind that UPNs that are used for single sign-on can only contain letters, numbers, periods, dashes, and underscores. • If your Active Directory domain name is not a public Internet domain (for example, it ends with a “.local” suffix), you must set a UPN to have a domain suffix that is under a Internet domain name that can be registered publically. We recommend that you use something familiar to your users, such as their email domain. • If you have already set up Active Directory synchronization, the user’s UPN may not match the user’s on- premises UPN defined in Active Directory. To fix this, rename the user’s UPN using the Set- MsolUserPrincipalName cmdlet in the Windows Azure Active Directory Module for Windows PowerShell. • Be sure to set UPNs prior to DirSync, as this can be harder to fix than running this command. Including, sometimes, having to delete users from cloud and re-setup the DirSync wizard.
Additional Considerations • DirSync is designed for only 1 domain. FIM can handle multiforest scenarios, but requires customization. • DirSync requires Server 2003+ Forest functional level
Activate Directory Sync on Tenant Admin site • Users and Groups • Active Directory Synchronization • Takes 24 hours, do it first 1 2 3 4
Adding domains for synchronization 1 2 3
DNS Verification • Just a simple txt record in public DNS
Download & Install DirSync • Download DirSync from tenant admin site 1 2 3
DirSync Machine notes • http://technet.microsoft.com/en-us/library/jj151831#BKMK_ComputerRequirements • The Windows Azure AD service supports synchronization of up to 50,000 objects • It must run 64-bit Windows Server OS • 64-bit edition of Server 2008 R2 SP1 Standard or Enterprise, or Server 2008 Datacenter or Server 2008 R2 Datacenter. • 64-bit edition of Server 2012 Standard or Datacenter or 2012 R2 S/D. • It must be joined to Active Directory. • It cannot be a domain controller New version was released 11/2 that allows install on DC http://social.technet.microsoft.com/wiki/contents/articles/18429.windows-azure-active-directory-sync-tool-version- release-history.aspx • It must run .NET Framework 3.5 SP1 and .NET Framework 4.0. • You can only have one instance of the Directory Sync tool between an on-premises Active Directory and an Office 365 tenant. • Must be local admin to install
DirSync Install and Configuration • Access account on AD side • Must have Domain Administrator as well as Enterprise Administrator permissions for the domain being synchronized • Access account on O365 side • Must be Global Administrator. Also will need to have a license if it’s a service account • Follow the wizard, only has a couple steps • If installing DirSync on ADFS box, MUST install DirSync first. It will not install after ADFS is added. • All documentation says to have dedicated DirSync box, but it is supported to use the same machine • Sync Passwords option allows you to sync the domain account passwords to O365 as well as the account. This is not required if you use ADFS, but if you are not doing single sign-on, this helps to make things easier for your end users.
DirSync “Hybrid Mode” option • Hybrid Mode is only for Exchange & Lync hybrid deployments, not SharePoint. It allows DirSync to modify mailbox server attributes and ProxyAddresses. Object Type (objectClass) Property (LDAP attribute name) contact proxyAddresses group proxyAddresses inetOrgPerson proxyAddresses user msExchArchiveStatus msExchBlockedSendersHash msExchSafeRecipientsHash msExchSafeSendersHash msExchUCVoiceMailSettings proxyAddresses
Source of Authority • When you create objects by using either the Windows PowerShell cmdlet or account portal tools such as the Office 365 portal, you are mastering objects from within the cloud. All subsequent changes to these objects are also made by using the same tools. In this scenario, the source of authority is in the cloud. For more information about the various tools that you can use to create and manage objects in Windows Azure AD, see Administering your Windows Azure AD tenant. • Alternatively, when you are running Active Directory synchronization, you are mastering objects from within your on-premises Active Directory. Once Directory Synchronization has been activated, and after the first sync cycle has been completed, the source of authority is transferred from the cloud to the on-premises Active Directory. In this scenario, users, contacts, and groups are created on-premises and then synchronized to the cloud. All subsequent changes to the cloud objects (with the exception of licensing) are mastered from the on-premises Active Directory tools. The corresponding cloud objects are read-only. Administrators cannot edit cloud objects if the source of authority is on-premises. • *This means 1-way sync from AD to O365 (consider UPS can not sync updates back to AD, but Lync still pulls from O365 if Lync is O365 license. On-Prem Lync is configurable to either)
Soft Matching • New feature of DirSync • Matches accounts that exist in O365 to accounts in AD based off of PrimarySMTPAddress attribute • In my experience, it will match based on UPN over the PrimarySMTPAddress, but documentation does not say anything on this. • Details: http://support.microsoft.com/kb/2641663
Requirements for single sign-on •Server 2003 R2, Server 2008, Server 2008 R2, or Server 2012 mixed or native mode functional Forest and Domain levels. •If you plan to use AD FS as your STS, you will need to do one of the following: •Download, install and deploy AD FS 2.0 on a Server 2008 or Server 2008 R2 server. •Install the AD FS role service on a Windows Server 2012 server. •Also, if users will be connecting from outside your company’s network, you must deploy an AD FS 2.0 proxy.* •Use the Windows Azure Active Directory Module for Windows PowerShell to establish a federated trust between your on-premises STS and Windows Azure AD. •Ports 80 & 443 must be open bi-directionally to the ADFS Proxy and outbound for ADFS Back End Server http://technet.microsoft.com/en-us/library/jj151786 http://technet.microsoft.com/en-us/library/jj205462
• Must have SAN (UCC) certificate or named certificate. • Wildcards not supported • ADFS service account needs to be a domain admin initially to configure the ADFS container. Then can be rolled back to a standard domain user. Service account must remain local admin on ADFS box, though. • Public cert and full cert chain imported to the certificate store on ADFS and Proxy • Internal DNS record for the ADFS service endpoint pointing to the ADFS server. Proxy must be able to resolve the service endpoint to the ADFS server. • Port 443 Open between Proxy and ADFS • External DNS record for the ADFS endpoint that points to the public IP that is NAT'd to the ADFS Proxy
• For a base installation platform, AD FS requires either Server 2008, Server 2008 R2, or Server 2012. AD FS has a separate install package for Server 2008, Server 2008 R2 operating systems (and it is commonly referred to as AD FS 2.0) or it can be installed by adding the Federation Service server role as part of the Server 2012 operating system. • The ADFS Role included in 2008/2008R2 is v1.0. Do NOT use it. You cannot upgrade the version without uninstalling, just download the package, or use the ADFS Role built into 2012 • For Server 2012, Server Manager>Roles>Add Roles>ADFS • Use defaults, don’t add the ADFS 1.1 features or the proxy service as 1.1 causes issues with O365 and the proxy wont install on the same machine as the full ADFS service.
• Add your certificates and the chains to the machine store on ADFS box • Make sure they show in IIS manager as selectable • Load the AD FS Management console and start the configuration wizard • Create new Federation Service and a New Farm. • Select the SSL certificate desired, a name for the service, and enter Service account credentials. • That’s it, no need to configure anything from the O365 tenant • Test ADFS basic function via https://<ADFS_FQDN>/adfs/ls/IdpInitiatedSignon.aspx
If only using for O365, this is what you want
• Install the certificate & chain on the proxy server • Proxy server should be on a non- domain computer • Same pre-reqs as ADFS service, recommend sticking with 2012 again • Proxy must resolve the token signing address to the service, not the public URL. (host-file or internal DNS) • Install only the Proxy, not the 1.1 services or the ADFS service
• Assign certificate to default site in IIS • Run the configuration wizard • It should AutoDetect the service name from the certificate • Insert the ADFS service account credentials when prompted • Done
• Set up trust between ADFS and Azure AD - http://technet.microsoft.com/en-us/library/jj205461 • Download Azure AD Module from Tenant Admin site and install on any domain-joined machine where tenant will be managed from • When converting domains to federated (final line in script below), this is not your AD domain, but the public DNS Domain used as UPN suffix and verified through DNS TXT records previously. $cred=Get-Credential. ##When the cmdlet prompts you for credentials, type your cloud service administrator account credentials. Connect-MsolService –Credential $cred. ##This cmdlet connects you to Windows Azure AD. Creating a context that connects you to Windows Azure AD is required before running any of the additional cmdlets installed by the tool. Set-MsolAdfscontext -Computer <AD FS primary server> ##, where <AD FS primary server> is the internal FQDN name of the primary AD FS server. This cmdlet creates a context that connects you to AD FS. Convert-MsolDomainToFederated –DomainName <domain> ##, where <domain> is the domain to be converted. This cmdlet changes the domain from standard authentication to single sign-on.
• You need to include only the URL of the service endpoint in the local intranet zone. • https://<tenant and/or tenant-my>.sharepoint.com should probably still be included for other features of SharePoint, but not required for SSO
Christopher Webb MCM: SharePoint 2010 MCSM SharePoint Senior Engineer Planet Technologies @chriswebb18 http://www.ChristopherMichaelWebb.com

Recomendados

Office 365-single-sign-on-with-adfs
Office 365-single-sign-on-with-adfsOffice 365-single-sign-on-with-adfs
Office 365-single-sign-on-with-adfsamitchachra
 
How to provide AD, ADFS, DirSync in Windows Azure and hook it up with Office 365
How to provide AD, ADFS, DirSync in Windows Azure and hook it up with Office 365How to provide AD, ADFS, DirSync in Windows Azure and hook it up with Office 365
How to provide AD, ADFS, DirSync in Windows Azure and hook it up with Office 365Microsoft TechNet - Belgium and Luxembourg
 
Adfs azure
Adfs azureAdfs azure
Adfs azureJethro Seghers
 
OFM AIA FP Implementation View and Case Study
OFM AIA FP Implementation View and Case StudyOFM AIA FP Implementation View and Case Study
OFM AIA FP Implementation View and Case StudySreenivasa Setty
 
Adfs Shib Interop Um Oxford
Adfs Shib Interop Um OxfordAdfs Shib Interop Um Oxford
Adfs Shib Interop Um Oxfordguestd9aa5
 
Office 365 Identity Management options
Office 365 Identity Management options Office 365 Identity Management options
Office 365 Identity Management options Microsoft TechNet - Belgium and Luxembourg
 
Troubleshooting Federation, ADFS, and More
Troubleshooting Federation, ADFS, and More Troubleshooting Federation, ADFS, and More
Troubleshooting Federation, ADFS, and More Microsoft TechNet - Belgium and Luxembourg
 
Ad fs
Ad fsAd fs
Ad fsIván Sanchez Vera
 

Recomendados

Office 365-single-sign-on-with-adfs
Office 365-single-sign-on-with-adfsOffice 365-single-sign-on-with-adfs
Office 365-single-sign-on-with-adfsamitchachra
 
How to provide AD, ADFS, DirSync in Windows Azure and hook it up with Office 365
How to provide AD, ADFS, DirSync in Windows Azure and hook it up with Office 365How to provide AD, ADFS, DirSync in Windows Azure and hook it up with Office 365
How to provide AD, ADFS, DirSync in Windows Azure and hook it up with Office 365Microsoft TechNet - Belgium and Luxembourg
 
Adfs azure
Adfs azureAdfs azure
Adfs azureJethro Seghers
 
OFM AIA FP Implementation View and Case Study
OFM AIA FP Implementation View and Case StudyOFM AIA FP Implementation View and Case Study
OFM AIA FP Implementation View and Case StudySreenivasa Setty
 
Adfs Shib Interop Um Oxford
Adfs Shib Interop Um OxfordAdfs Shib Interop Um Oxford
Adfs Shib Interop Um Oxfordguestd9aa5
 
Office 365 Identity Management options
Office 365 Identity Management options Office 365 Identity Management options
Office 365 Identity Management options Microsoft TechNet - Belgium and Luxembourg
 
Troubleshooting Federation, ADFS, and More
Troubleshooting Federation, ADFS, and More Troubleshooting Federation, ADFS, and More
Troubleshooting Federation, ADFS, and More Microsoft TechNet - Belgium and Luxembourg
 
Ad fs
Ad fsAd fs
Ad fsIván Sanchez Vera
 
Raymond Comvalius & Sander Berkouwer - Bring your own device essentials with ...
Raymond Comvalius & Sander Berkouwer - Bring your own device essentials with ...Raymond Comvalius & Sander Berkouwer - Bring your own device essentials with ...
Raymond Comvalius & Sander Berkouwer - Bring your own device essentials with ...Nordic Infrastructure Conference
 
Brian Desmond - Identity and directory synchronization with office 365 and wi...
Brian Desmond - Identity and directory synchronization with office 365 and wi...Brian Desmond - Identity and directory synchronization with office 365 and wi...
Brian Desmond - Identity and directory synchronization with office 365 and wi...Nordic Infrastructure Conference
 
The Who, What, Why and How of Active Directory Federation Services (AD FS)
The Who, What, Why and How of Active Directory Federation Services (AD FS)The Who, What, Why and How of Active Directory Federation Services (AD FS)
The Who, What, Why and How of Active Directory Federation Services (AD FS)Jay Simcox
 
Office 365 identity
Office 365 identityOffice 365 identity
Office 365 identityMotty Ben Atia
 
Get your site microsoft edge ready
Get your site microsoft edge readyGet your site microsoft edge ready
Get your site microsoft edge readyMostafa
 
[Toroman/Kranjac] Red Team vs. Blue Team in Microsoft Cloud
[Toroman/Kranjac] Red Team vs. Blue Team in Microsoft Cloud[Toroman/Kranjac] Red Team vs. Blue Team in Microsoft Cloud
[Toroman/Kranjac] Red Team vs. Blue Team in Microsoft CloudEuropean Collaboration Summit
 
Understanding SharePoint Apps, authentication and authorization infrastructur...
Understanding SharePoint Apps, authentication and authorization infrastructur...Understanding SharePoint Apps, authentication and authorization infrastructur...
Understanding SharePoint Apps, authentication and authorization infrastructur...SPC Adriatics
 
Identity and o365 on Azure
Identity and o365 on AzureIdentity and o365 on Azure
Identity and o365 on AzureMostafa
 
SharePoint 2013 and ADFS
SharePoint 2013 and ADFSSharePoint 2013 and ADFS
SharePoint 2013 and ADFSNatallia Makarevich
 
Office 365: Do’s and Don’ts, Lessons learned from the field
Office 365: Do’s and Don’ts, Lessons learned from the fieldOffice 365: Do’s and Don’ts, Lessons learned from the field
Office 365: Do’s and Don’ts, Lessons learned from the fieldMicrosoft TechNet - Belgium and Luxembourg
 
Integrating your on-premises Active Directory with Azure and Office 365
Integrating your on-premises Active Directory with Azure and Office 365Integrating your on-premises Active Directory with Azure and Office 365
Integrating your on-premises Active Directory with Azure and Office 365nelmedia
 
O365-AzureAD Identity management
O365-AzureAD Identity managementO365-AzureAD Identity management
O365-AzureAD Identity managementDavid Pechon
 
Building Secure Extranets with Claims-Based Authentication #SPEvo13
Building Secure Extranets with Claims-Based Authentication #SPEvo13Building Secure Extranets with Claims-Based Authentication #SPEvo13
Building Secure Extranets with Claims-Based Authentication #SPEvo13Gus Fraser
 
Windows Azure Active Directory
Windows Azure Active DirectoryWindows Azure Active Directory
Windows Azure Active DirectoryPavel Revenkov
 
AD FS Workshop | Part 1 | Quick Overview
AD FS Workshop | Part 1 | Quick OverviewAD FS Workshop | Part 1 | Quick Overview
AD FS Workshop | Part 1 | Quick OverviewGranikos GmbH & Co. KG
 
EWUG - Azure AD Pass-through Authentication and Seamless Single Sign-On
EWUG - Azure AD Pass-through Authentication and Seamless Single Sign-OnEWUG - Azure AD Pass-through Authentication and Seamless Single Sign-On
EWUG - Azure AD Pass-through Authentication and Seamless Single Sign-OnPeter Selch Dahl
 
2. Day 2 - Identify and SSO
2. Day 2 - Identify and SSO2. Day 2 - Identify and SSO
2. Day 2 - Identify and SSOHuy Pham
 
Identity Management in SharePoint 2013
Identity Management in SharePoint 2013Identity Management in SharePoint 2013
Identity Management in SharePoint 2013SPC Adriatics
 
Enter The Matrix Securing Azure’s Assets
Enter The Matrix Securing Azure’s AssetsEnter The Matrix Securing Azure’s Assets
Enter The Matrix Securing Azure’s AssetsBizTalk360
 
ADFS + IAM
ADFS + IAMADFS + IAM
ADFS + IAMRichard Harvey
 
Understanding Azure AD Webinar Presentation
Understanding Azure AD Webinar PresentationUnderstanding Azure AD Webinar Presentation
Understanding Azure AD Webinar PresentationNew Horizons Ireland
 
Identity Management for Office 365 and Microsoft Azure
Identity Management for Office 365 and Microsoft AzureIdentity Management for Office 365 and Microsoft Azure
Identity Management for Office 365 and Microsoft AzureSparkhound Inc.
 

Más contenido relacionado

La actualidad más candente

Raymond Comvalius & Sander Berkouwer - Bring your own device essentials with ...
Raymond Comvalius & Sander Berkouwer - Bring your own device essentials with ...Raymond Comvalius & Sander Berkouwer - Bring your own device essentials with ...
Raymond Comvalius & Sander Berkouwer - Bring your own device essentials with ...Nordic Infrastructure Conference
 
Brian Desmond - Identity and directory synchronization with office 365 and wi...
Brian Desmond - Identity and directory synchronization with office 365 and wi...Brian Desmond - Identity and directory synchronization with office 365 and wi...
Brian Desmond - Identity and directory synchronization with office 365 and wi...Nordic Infrastructure Conference
 
The Who, What, Why and How of Active Directory Federation Services (AD FS)
The Who, What, Why and How of Active Directory Federation Services (AD FS)The Who, What, Why and How of Active Directory Federation Services (AD FS)
The Who, What, Why and How of Active Directory Federation Services (AD FS)Jay Simcox
 
Get your site microsoft edge ready
Get your site microsoft edge readyGet your site microsoft edge ready
Get your site microsoft edge readyMostafa
 
[Toroman/Kranjac] Red Team vs. Blue Team in Microsoft Cloud
[Toroman/Kranjac] Red Team vs. Blue Team in Microsoft Cloud[Toroman/Kranjac] Red Team vs. Blue Team in Microsoft Cloud
[Toroman/Kranjac] Red Team vs. Blue Team in Microsoft CloudEuropean Collaboration Summit
 
Understanding SharePoint Apps, authentication and authorization infrastructur...
Understanding SharePoint Apps, authentication and authorization infrastructur...Understanding SharePoint Apps, authentication and authorization infrastructur...
Understanding SharePoint Apps, authentication and authorization infrastructur...SPC Adriatics
 
Identity and o365 on Azure
Identity and o365 on AzureIdentity and o365 on Azure
Identity and o365 on AzureMostafa
 
Integrating your on-premises Active Directory with Azure and Office 365
Integrating your on-premises Active Directory with Azure and Office 365Integrating your on-premises Active Directory with Azure and Office 365
Integrating your on-premises Active Directory with Azure and Office 365nelmedia
 
O365-AzureAD Identity management
O365-AzureAD Identity managementO365-AzureAD Identity management
O365-AzureAD Identity managementDavid Pechon
 
Building Secure Extranets with Claims-Based Authentication #SPEvo13
Building Secure Extranets with Claims-Based Authentication #SPEvo13Building Secure Extranets with Claims-Based Authentication #SPEvo13
Building Secure Extranets with Claims-Based Authentication #SPEvo13Gus Fraser
 
Windows Azure Active Directory
Windows Azure Active DirectoryWindows Azure Active Directory
Windows Azure Active DirectoryPavel Revenkov
 
AD FS Workshop | Part 1 | Quick Overview
AD FS Workshop | Part 1 | Quick OverviewAD FS Workshop | Part 1 | Quick Overview
AD FS Workshop | Part 1 | Quick OverviewGranikos GmbH & Co. KG
 
EWUG - Azure AD Pass-through Authentication and Seamless Single Sign-On
EWUG - Azure AD Pass-through Authentication and Seamless Single Sign-OnEWUG - Azure AD Pass-through Authentication and Seamless Single Sign-On
EWUG - Azure AD Pass-through Authentication and Seamless Single Sign-OnPeter Selch Dahl
 
2. Day 2 - Identify and SSO
2. Day 2 - Identify and SSO2. Day 2 - Identify and SSO
2. Day 2 - Identify and SSOHuy Pham
 
Identity Management in SharePoint 2013
Identity Management in SharePoint 2013Identity Management in SharePoint 2013
Identity Management in SharePoint 2013SPC Adriatics
 
Enter The Matrix Securing Azure’s Assets
Enter The Matrix Securing Azure’s AssetsEnter The Matrix Securing Azure’s Assets
Enter The Matrix Securing Azure’s AssetsBizTalk360
 

La actualidad más candente (20)

Raymond Comvalius & Sander Berkouwer - Bring your own device essentials with ...
Raymond Comvalius & Sander Berkouwer - Bring your own device essentials with ...Raymond Comvalius & Sander Berkouwer - Bring your own device essentials with ...
Raymond Comvalius & Sander Berkouwer - Bring your own device essentials with ...
 
Brian Desmond - Identity and directory synchronization with office 365 and wi...
Brian Desmond - Identity and directory synchronization with office 365 and wi...Brian Desmond - Identity and directory synchronization with office 365 and wi...
Brian Desmond - Identity and directory synchronization with office 365 and wi...
 
The Who, What, Why and How of Active Directory Federation Services (AD FS)
The Who, What, Why and How of Active Directory Federation Services (AD FS)The Who, What, Why and How of Active Directory Federation Services (AD FS)
The Who, What, Why and How of Active Directory Federation Services (AD FS)
 
Office 365 identity
Office 365 identityOffice 365 identity
Office 365 identity
 
Get your site microsoft edge ready
Get your site microsoft edge readyGet your site microsoft edge ready
Get your site microsoft edge ready
 
[Toroman/Kranjac] Red Team vs. Blue Team in Microsoft Cloud
[Toroman/Kranjac] Red Team vs. Blue Team in Microsoft Cloud[Toroman/Kranjac] Red Team vs. Blue Team in Microsoft Cloud
[Toroman/Kranjac] Red Team vs. Blue Team in Microsoft Cloud
 
Understanding SharePoint Apps, authentication and authorization infrastructur...
Understanding SharePoint Apps, authentication and authorization infrastructur...Understanding SharePoint Apps, authentication and authorization infrastructur...
Understanding SharePoint Apps, authentication and authorization infrastructur...
 
Identity and o365 on Azure
Identity and o365 on AzureIdentity and o365 on Azure
Identity and o365 on Azure
 
SharePoint 2013 and ADFS
SharePoint 2013 and ADFSSharePoint 2013 and ADFS
SharePoint 2013 and ADFS
 
Office 365: Do’s and Don’ts, Lessons learned from the field
Office 365: Do’s and Don’ts, Lessons learned from the fieldOffice 365: Do’s and Don’ts, Lessons learned from the field
Office 365: Do’s and Don’ts, Lessons learned from the field
 
Integrating your on-premises Active Directory with Azure and Office 365
Integrating your on-premises Active Directory with Azure and Office 365Integrating your on-premises Active Directory with Azure and Office 365
Integrating your on-premises Active Directory with Azure and Office 365
 
O365-AzureAD Identity management
O365-AzureAD Identity managementO365-AzureAD Identity management
O365-AzureAD Identity management
 
Building Secure Extranets with Claims-Based Authentication #SPEvo13
Building Secure Extranets with Claims-Based Authentication #SPEvo13Building Secure Extranets with Claims-Based Authentication #SPEvo13
Building Secure Extranets with Claims-Based Authentication #SPEvo13
 
Windows Azure Active Directory
Windows Azure Active DirectoryWindows Azure Active Directory
Windows Azure Active Directory
 
AD FS Workshop | Part 1 | Quick Overview
AD FS Workshop | Part 1 | Quick OverviewAD FS Workshop | Part 1 | Quick Overview
AD FS Workshop | Part 1 | Quick Overview
 
EWUG - Azure AD Pass-through Authentication and Seamless Single Sign-On
EWUG - Azure AD Pass-through Authentication and Seamless Single Sign-OnEWUG - Azure AD Pass-through Authentication and Seamless Single Sign-On
EWUG - Azure AD Pass-through Authentication and Seamless Single Sign-On
 
2. Day 2 - Identify and SSO
2. Day 2 - Identify and SSO2. Day 2 - Identify and SSO
2. Day 2 - Identify and SSO
 
Identity Management in SharePoint 2013
Identity Management in SharePoint 2013Identity Management in SharePoint 2013
Identity Management in SharePoint 2013
 
Enter The Matrix Securing Azure’s Assets
Enter The Matrix Securing Azure’s AssetsEnter The Matrix Securing Azure’s Assets
Enter The Matrix Securing Azure’s Assets
 
ADFS + IAM
ADFS + IAMADFS + IAM
ADFS + IAM
 

Similar a Directory Synchronization Single Sign-On in Office 365

Understanding Azure AD Webinar Presentation
Understanding Azure AD Webinar PresentationUnderstanding Azure AD Webinar Presentation
Understanding Azure AD Webinar PresentationNew Horizons Ireland
 
Identity Management for Office 365 and Microsoft Azure
Identity Management for Office 365 and Microsoft AzureIdentity Management for Office 365 and Microsoft Azure
Identity Management for Office 365 and Microsoft AzureSparkhound Inc.
 
Microsoft Offical Course 20410C_02
Microsoft Offical Course 20410C_02Microsoft Offical Course 20410C_02
Microsoft Offical Course 20410C_02gameaxt
 
Azure - Identity as a service
Azure - Identity as a serviceAzure - Identity as a service
Azure - Identity as a serviceBizTalk360
 
Share point 2013 in a hybrid world
Share point 2013 in a hybrid worldShare point 2013 in a hybrid world
Share point 2013 in a hybrid worldJethro Seghers
 
Supporting architecture office 365 on windows azure
Supporting architecture office 365 on windows azure Supporting architecture office 365 on windows azure
Supporting architecture office 365 on windows azure Jethro Seghers
 
Supporting architecture office 365 on windows azure
Supporting architecture office 365 on windows azure Supporting architecture office 365 on windows azure
Supporting architecture office 365 on windows azure Jethro Seghers
 
Using Active Directory in AWS
Using Active Directory in AWSUsing Active Directory in AWS
Using Active Directory in AWSAllice Shandler
 
Using Active Directory in AWS
Using Active Directory in AWSUsing Active Directory in AWS
Using Active Directory in AWSTriNimbus
 
Understanding Office 365’s Identity Solutions: Deep Dive - EPC Group
Understanding Office 365’s Identity Solutions: Deep Dive - EPC GroupUnderstanding Office 365’s Identity Solutions: Deep Dive - EPC Group
Understanding Office 365’s Identity Solutions: Deep Dive - EPC GroupEPC Group
 
Office 365 Identity Management - SMBNation 2015
Office 365 Identity Management - SMBNation 2015Office 365 Identity Management - SMBNation 2015
Office 365 Identity Management - SMBNation 2015Robert Crane
 
AD Basic and Azure AD.pptx
AD Basic and Azure AD.pptxAD Basic and Azure AD.pptx
AD Basic and Azure AD.pptxSumTingWong8
 
Preparing your enteprise for Hybrid AD Join and Conditional Access
Preparing your enteprise for Hybrid AD Join and Conditional AccessPreparing your enteprise for Hybrid AD Join and Conditional Access
Preparing your enteprise for Hybrid AD Join and Conditional AccessJason Condo
 
SharePoint 2013 Platform Options - office 365, Azure, On premise
SharePoint 2013 Platform Options - office 365, Azure, On premiseSharePoint 2013 Platform Options - office 365, Azure, On premise
SharePoint 2013 Platform Options - office 365, Azure, On premiseDavid J Rosenthal
 
Best Practices for Active Directory with AWS Workloads | AWS Public Sector Su...
Best Practices for Active Directory with AWS Workloads | AWS Public Sector Su...Best Practices for Active Directory with AWS Workloads | AWS Public Sector Su...
Best Practices for Active Directory with AWS Workloads | AWS Public Sector Su...Amazon Web Services
 
Best Practices for Integrating Active Directory with AWS Workloads
Best Practices for Integrating Active Directory with AWS WorkloadsBest Practices for Integrating Active Directory with AWS Workloads
Best Practices for Integrating Active Directory with AWS WorkloadsAmazon Web Services
 
Running Active Directory in the AWS Cloud
Running Active Directory in the AWS Cloud Running Active Directory in the AWS Cloud
Running Active Directory in the AWS Cloud Amazon Web Services
 

Similar a Directory Synchronization Single Sign-On in Office 365 (20)

Understanding Azure AD Webinar Presentation
Understanding Azure AD Webinar PresentationUnderstanding Azure AD Webinar Presentation
Understanding Azure AD Webinar Presentation
 
Identity Management for Office 365 and Microsoft Azure
Identity Management for Office 365 and Microsoft AzureIdentity Management for Office 365 and Microsoft Azure
Identity Management for Office 365 and Microsoft Azure
 
Microsoft Offical Course 20410C_02
Microsoft Offical Course 20410C_02Microsoft Offical Course 20410C_02
Microsoft Offical Course 20410C_02
 
Azure - Identity as a service
Azure - Identity as a serviceAzure - Identity as a service
Azure - Identity as a service
 
Share point 2013 in a hybrid world
Share point 2013 in a hybrid worldShare point 2013 in a hybrid world
Share point 2013 in a hybrid world
 
Supporting architecture office 365 on windows azure
Supporting architecture office 365 on windows azure Supporting architecture office 365 on windows azure
Supporting architecture office 365 on windows azure
 
Supporting architecture office 365 on windows azure
Supporting architecture office 365 on windows azure Supporting architecture office 365 on windows azure
Supporting architecture office 365 on windows azure
 
Using Active Directory in AWS
Using Active Directory in AWSUsing Active Directory in AWS
Using Active Directory in AWS
 
Using Active Directory in AWS
Using Active Directory in AWSUsing Active Directory in AWS
Using Active Directory in AWS
 
Understanding Office 365’s Identity Solutions: Deep Dive - EPC Group
Understanding Office 365’s Identity Solutions: Deep Dive - EPC GroupUnderstanding Office 365’s Identity Solutions: Deep Dive - EPC Group
Understanding Office 365’s Identity Solutions: Deep Dive - EPC Group
 
Office 365 Identity Management - SMBNation 2015
Office 365 Identity Management - SMBNation 2015Office 365 Identity Management - SMBNation 2015
Office 365 Identity Management - SMBNation 2015
 
Understanding Azure AD
Understanding Azure ADUnderstanding Azure AD
Understanding Azure AD
 
AD Basic and Azure AD.pptx
AD Basic and Azure AD.pptxAD Basic and Azure AD.pptx
AD Basic and Azure AD.pptx
 
Preparing your enteprise for Hybrid AD Join and Conditional Access
Preparing your enteprise for Hybrid AD Join and Conditional AccessPreparing your enteprise for Hybrid AD Join and Conditional Access
Preparing your enteprise for Hybrid AD Join and Conditional Access
 
SharePoint 2013 Platform Options - office 365, Azure, On premise
SharePoint 2013 Platform Options - office 365, Azure, On premiseSharePoint 2013 Platform Options - office 365, Azure, On premise
SharePoint 2013 Platform Options - office 365, Azure, On premise
 
Best Practices for Active Directory with AWS Workloads | AWS Public Sector Su...
Best Practices for Active Directory with AWS Workloads | AWS Public Sector Su...Best Practices for Active Directory with AWS Workloads | AWS Public Sector Su...
Best Practices for Active Directory with AWS Workloads | AWS Public Sector Su...
 
Best Practices for Integrating Active Directory with AWS Workloads
Best Practices for Integrating Active Directory with AWS WorkloadsBest Practices for Integrating Active Directory with AWS Workloads
Best Practices for Integrating Active Directory with AWS Workloads
 
Chapter Two.pptx
Chapter Two.pptxChapter Two.pptx
Chapter Two.pptx
 
Running Active Directory in the AWS Cloud
Running Active Directory in the AWS Cloud Running Active Directory in the AWS Cloud
Running Active Directory in the AWS Cloud
 
Oktane13-O365_v3_custom_SKO
Oktane13-O365_v3_custom_SKOOktane13-O365_v3_custom_SKO
Oktane13-O365_v3_custom_SKO
 

Más de InnoTech

"So you want to raise funding and build a team?"
"So you want to raise funding and build a team?""So you want to raise funding and build a team?"
"So you want to raise funding and build a team?"InnoTech
 
Artificial Intelligence is Maturing
Artificial Intelligence is MaturingArtificial Intelligence is Maturing
Artificial Intelligence is MaturingInnoTech
 
What is AI without Data?
What is AI without Data?What is AI without Data?
What is AI without Data?InnoTech
 
Courageous Leadership - When it Matters Most
Courageous Leadership - When it Matters MostCourageous Leadership - When it Matters Most
Courageous Leadership - When it Matters MostInnoTech
 
The Gathering Storm
The Gathering StormThe Gathering Storm
The Gathering StormInnoTech
 
Sql Server tips from the field
Sql Server tips from the fieldSql Server tips from the field
Sql Server tips from the fieldInnoTech
 
Quantum Computing and its security implications
Quantum Computing and its security implicationsQuantum Computing and its security implications
Quantum Computing and its security implicationsInnoTech
 
Converged Infrastructure
Converged InfrastructureConverged Infrastructure
Converged InfrastructureInnoTech
 
Making the most out of collaboration with Office 365
Making the most out of collaboration with Office 365Making the most out of collaboration with Office 365
Making the most out of collaboration with Office 365InnoTech
 
Blockchain use cases and case studies
Blockchain use cases and case studiesBlockchain use cases and case studies
Blockchain use cases and case studiesInnoTech
 
Blockchain: Exploring the Fundamentals and Promising Potential
Blockchain: Exploring the Fundamentals and Promising Potential Blockchain: Exploring the Fundamentals and Promising Potential
Blockchain: Exploring the Fundamentals and Promising Potential InnoTech
 
Business leaders are engaging labor differently - Is your IT ready?
Business leaders are engaging labor differently - Is your IT ready?Business leaders are engaging labor differently - Is your IT ready?
Business leaders are engaging labor differently - Is your IT ready?InnoTech
 
AI 3.0: Is it Finally Time for Artificial Intelligence and Sensor Networks to...
AI 3.0: Is it Finally Time for Artificial Intelligence and Sensor Networks to...AI 3.0: Is it Finally Time for Artificial Intelligence and Sensor Networks to...
AI 3.0: Is it Finally Time for Artificial Intelligence and Sensor Networks to...InnoTech
 
Using Business Intelligence to Bring Your Data to Life
Using Business Intelligence to Bring Your Data to LifeUsing Business Intelligence to Bring Your Data to Life
Using Business Intelligence to Bring Your Data to LifeInnoTech
 
User requirements is a fallacy
User requirements is a fallacyUser requirements is a fallacy
User requirements is a fallacyInnoTech
 
What I Wish I Knew Before I Signed that Contract - San Antonio
What I Wish I Knew Before I Signed that Contract - San Antonio What I Wish I Knew Before I Signed that Contract - San Antonio
What I Wish I Knew Before I Signed that Contract - San Antonio InnoTech
 
Disaster Recovery Plan - Quorum
Disaster Recovery Plan - QuorumDisaster Recovery Plan - Quorum
Disaster Recovery Plan - QuorumInnoTech
 
Share point saturday access services 2015 final 2
Share point saturday access services 2015 final 2Share point saturday access services 2015 final 2
Share point saturday access services 2015 final 2InnoTech
 
Sp tech festdallas - office 365 groups - planner session
Sp tech festdallas - office 365 groups - planner sessionSp tech festdallas - office 365 groups - planner session
Sp tech festdallas - office 365 groups - planner sessionInnoTech
 
Power apps presentation
Power apps presentationPower apps presentation
Power apps presentationInnoTech
 

Más de InnoTech (20)

"So you want to raise funding and build a team?"
"So you want to raise funding and build a team?""So you want to raise funding and build a team?"
"So you want to raise funding and build a team?"
 
Artificial Intelligence is Maturing
Artificial Intelligence is MaturingArtificial Intelligence is Maturing
Artificial Intelligence is Maturing
 
What is AI without Data?
What is AI without Data?What is AI without Data?
What is AI without Data?
 
Courageous Leadership - When it Matters Most
Courageous Leadership - When it Matters MostCourageous Leadership - When it Matters Most
Courageous Leadership - When it Matters Most
 
The Gathering Storm
The Gathering StormThe Gathering Storm
The Gathering Storm
 
Sql Server tips from the field
Sql Server tips from the fieldSql Server tips from the field
Sql Server tips from the field
 
Quantum Computing and its security implications
Quantum Computing and its security implicationsQuantum Computing and its security implications
Quantum Computing and its security implications
 
Converged Infrastructure
Converged InfrastructureConverged Infrastructure
Converged Infrastructure
 
Making the most out of collaboration with Office 365
Making the most out of collaboration with Office 365Making the most out of collaboration with Office 365
Making the most out of collaboration with Office 365
 
Blockchain use cases and case studies
Blockchain use cases and case studiesBlockchain use cases and case studies
Blockchain use cases and case studies
 
Blockchain: Exploring the Fundamentals and Promising Potential
Blockchain: Exploring the Fundamentals and Promising Potential Blockchain: Exploring the Fundamentals and Promising Potential
Blockchain: Exploring the Fundamentals and Promising Potential
 
Business leaders are engaging labor differently - Is your IT ready?
Business leaders are engaging labor differently - Is your IT ready?Business leaders are engaging labor differently - Is your IT ready?
Business leaders are engaging labor differently - Is your IT ready?
 
AI 3.0: Is it Finally Time for Artificial Intelligence and Sensor Networks to...
AI 3.0: Is it Finally Time for Artificial Intelligence and Sensor Networks to...AI 3.0: Is it Finally Time for Artificial Intelligence and Sensor Networks to...
AI 3.0: Is it Finally Time for Artificial Intelligence and Sensor Networks to...
 
Using Business Intelligence to Bring Your Data to Life
Using Business Intelligence to Bring Your Data to LifeUsing Business Intelligence to Bring Your Data to Life
Using Business Intelligence to Bring Your Data to Life
 
User requirements is a fallacy
User requirements is a fallacyUser requirements is a fallacy
User requirements is a fallacy
 
What I Wish I Knew Before I Signed that Contract - San Antonio
What I Wish I Knew Before I Signed that Contract - San Antonio What I Wish I Knew Before I Signed that Contract - San Antonio
What I Wish I Knew Before I Signed that Contract - San Antonio
 
Disaster Recovery Plan - Quorum
Disaster Recovery Plan - QuorumDisaster Recovery Plan - Quorum
Disaster Recovery Plan - Quorum
 
Share point saturday access services 2015 final 2
Share point saturday access services 2015 final 2Share point saturday access services 2015 final 2
Share point saturday access services 2015 final 2
 
Sp tech festdallas - office 365 groups - planner session
Sp tech festdallas - office 365 groups - planner sessionSp tech festdallas - office 365 groups - planner session
Sp tech festdallas - office 365 groups - planner session
 
Power apps presentation
Power apps presentationPower apps presentation
Power apps presentation
 

Último

Bangalore Call Girl Just Call♥️ 8084732287 ♥️Top Class Call Girl Service Avai...
Bangalore Call Girl Just Call♥️ 8084732287 ♥️Top Class Call Girl Service Avai...Bangalore Call Girl Just Call♥️ 8084732287 ♥️Top Class Call Girl Service Avai...
Bangalore Call Girl Just Call♥️ 8084732287 ♥️Top Class Call Girl Service Avai...pr788182
 
Berhampur CALL GIRL❤7091819311❤CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDING
Berhampur CALL GIRL❤7091819311❤CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDINGBerhampur CALL GIRL❤7091819311❤CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDING
Berhampur CALL GIRL❤7091819311❤CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDINGpr788182
 
Cuttack Call Girl Just Call 8084732287 Top Class Call Girl Service Available
Cuttack Call Girl Just Call 8084732287 Top Class Call Girl Service AvailableCuttack Call Girl Just Call 8084732287 Top Class Call Girl Service Available
Cuttack Call Girl Just Call 8084732287 Top Class Call Girl Service Availablepr788182
 
Putting the SPARK into Virtual Training.pptx
Putting the SPARK into Virtual Training.pptxPutting the SPARK into Virtual Training.pptx
Putting the SPARK into Virtual Training.pptxCynthia Clay
 
KOTA 💋 Call Girl 9827461493 Call Girls in Escort service book now
KOTA 💋 Call Girl 9827461493 Call Girls in Escort service book nowKOTA 💋 Call Girl 9827461493 Call Girls in Escort service book now
KOTA 💋 Call Girl 9827461493 Call Girls in Escort service book nowkapoorjyoti4444
 
Getting Real with AI - Columbus DAW - May 2024 - Nick Woo from AlignAI
Getting Real with AI - Columbus DAW - May 2024 - Nick Woo from AlignAIGetting Real with AI - Columbus DAW - May 2024 - Nick Woo from AlignAI
Getting Real with AI - Columbus DAW - May 2024 - Nick Woo from AlignAITim Wilson
 
Al Mizhar Dubai Escorts +971561403006 Escorts Service In Al Mizhar
Al Mizhar Dubai Escorts +971561403006 Escorts Service In Al MizharAl Mizhar Dubai Escorts +971561403006 Escorts Service In Al Mizhar
Al Mizhar Dubai Escorts +971561403006 Escorts Service In Al Mizharallensay1
 
Puri CALL GIRL ❤️8084732287❤️ CALL GIRLS IN ESCORT SERVICE WE ARW PROVIDING
Puri CALL GIRL ❤️8084732287❤️ CALL GIRLS IN ESCORT SERVICE WE ARW PROVIDINGPuri CALL GIRL ❤️8084732287❤️ CALL GIRLS IN ESCORT SERVICE WE ARW PROVIDING
Puri CALL GIRL ❤️8084732287❤️ CALL GIRLS IN ESCORT SERVICE WE ARW PROVIDINGpriyakumari801827
 
Falcon Invoice Discounting: Empowering Your Business Growth
Falcon Invoice Discounting: Empowering Your Business GrowthFalcon Invoice Discounting: Empowering Your Business Growth
Falcon Invoice Discounting: Empowering Your Business GrowthFalcon investment
 
PHX May 2024 Corporate Presentation Final
PHX May 2024 Corporate Presentation FinalPHX May 2024 Corporate Presentation Final
PHX May 2024 Corporate Presentation FinalPanhandleOilandGas
 
PARK STREET 💋 Call Girl 9827461493 Call Girls in Escort service book now
PARK STREET 💋 Call Girl 9827461493 Call Girls in Escort service book nowPARK STREET 💋 Call Girl 9827461493 Call Girls in Escort service book now
PARK STREET 💋 Call Girl 9827461493 Call Girls in Escort service book nowkapoorjyoti4444
 
Horngren’s Cost Accounting A Managerial Emphasis, Canadian 9th edition soluti...
Horngren’s Cost Accounting A Managerial Emphasis, Canadian 9th edition soluti...Horngren’s Cost Accounting A Managerial Emphasis, Canadian 9th edition soluti...
Horngren’s Cost Accounting A Managerial Emphasis, Canadian 9th edition soluti...ssuserf63bd7
 
UAE Bur Dubai Call Girls ☏ 0564401582 Call Girl in Bur Dubai
UAE Bur Dubai Call Girls ☏ 0564401582 Call Girl in Bur DubaiUAE Bur Dubai Call Girls ☏ 0564401582 Call Girl in Bur Dubai
UAE Bur Dubai Call Girls ☏ 0564401582 Call Girl in Bur Dubaijaehdlyzca
 
Pre Engineered Building Manufacturers Hyderabad.pptx
Pre Engineered Building Manufacturers Hyderabad.pptxPre Engineered Building Manufacturers Hyderabad.pptx
Pre Engineered Building Manufacturers Hyderabad.pptxRoofing Contractor
 
Only Cash On Delivery Call Girls In Sikandarpur Gurgaon ❤️8448577510 ⊹Escorts...
Only Cash On Delivery Call Girls In Sikandarpur Gurgaon ❤️8448577510 ⊹Escorts...Only Cash On Delivery Call Girls In Sikandarpur Gurgaon ❤️8448577510 ⊹Escorts...
Only Cash On Delivery Call Girls In Sikandarpur Gurgaon ❤️8448577510 ⊹Escorts...lizamodels9
 
Arti Languages Pre Seed Teaser Deck 2024.pdf
Arti Languages Pre Seed Teaser Deck 2024.pdfArti Languages Pre Seed Teaser Deck 2024.pdf
Arti Languages Pre Seed Teaser Deck 2024.pdfwill854175
 
Nanded Call Girl Just Call 8084732287 Top Class Call Girl Service Available
Nanded Call Girl Just Call 8084732287 Top Class Call Girl Service AvailableNanded Call Girl Just Call 8084732287 Top Class Call Girl Service Available
Nanded Call Girl Just Call 8084732287 Top Class Call Girl Service Availablepr788182
 
Berhampur 70918*19311 CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDING
Berhampur 70918*19311 CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDINGBerhampur 70918*19311 CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDING
Berhampur 70918*19311 CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDINGpr788182
 
Phases of Negotiation .pptx
Phases of Negotiation .pptx Phases of Negotiation .pptx
Phases of Negotiation .pptxnandhinijagan9867
 
KALYANI 💋 Call Girl 9827461493 Call Girls in Escort service book now
KALYANI 💋 Call Girl 9827461493 Call Girls in Escort service book nowKALYANI 💋 Call Girl 9827461493 Call Girls in Escort service book now
KALYANI 💋 Call Girl 9827461493 Call Girls in Escort service book nowkapoorjyoti4444
 

Último (20)

Bangalore Call Girl Just Call♥️ 8084732287 ♥️Top Class Call Girl Service Avai...
Bangalore Call Girl Just Call♥️ 8084732287 ♥️Top Class Call Girl Service Avai...Bangalore Call Girl Just Call♥️ 8084732287 ♥️Top Class Call Girl Service Avai...
Bangalore Call Girl Just Call♥️ 8084732287 ♥️Top Class Call Girl Service Avai...
 
Berhampur CALL GIRL❤7091819311❤CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDING
Berhampur CALL GIRL❤7091819311❤CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDINGBerhampur CALL GIRL❤7091819311❤CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDING
Berhampur CALL GIRL❤7091819311❤CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDING
 
Cuttack Call Girl Just Call 8084732287 Top Class Call Girl Service Available
Cuttack Call Girl Just Call 8084732287 Top Class Call Girl Service AvailableCuttack Call Girl Just Call 8084732287 Top Class Call Girl Service Available
Cuttack Call Girl Just Call 8084732287 Top Class Call Girl Service Available
 
Putting the SPARK into Virtual Training.pptx
Putting the SPARK into Virtual Training.pptxPutting the SPARK into Virtual Training.pptx
Putting the SPARK into Virtual Training.pptx
 
KOTA 💋 Call Girl 9827461493 Call Girls in Escort service book now
KOTA 💋 Call Girl 9827461493 Call Girls in Escort service book nowKOTA 💋 Call Girl 9827461493 Call Girls in Escort service book now
KOTA 💋 Call Girl 9827461493 Call Girls in Escort service book now
 
Getting Real with AI - Columbus DAW - May 2024 - Nick Woo from AlignAI
Getting Real with AI - Columbus DAW - May 2024 - Nick Woo from AlignAIGetting Real with AI - Columbus DAW - May 2024 - Nick Woo from AlignAI
Getting Real with AI - Columbus DAW - May 2024 - Nick Woo from AlignAI
 
Al Mizhar Dubai Escorts +971561403006 Escorts Service In Al Mizhar
Al Mizhar Dubai Escorts +971561403006 Escorts Service In Al MizharAl Mizhar Dubai Escorts +971561403006 Escorts Service In Al Mizhar
Al Mizhar Dubai Escorts +971561403006 Escorts Service In Al Mizhar
 
Puri CALL GIRL ❤️8084732287❤️ CALL GIRLS IN ESCORT SERVICE WE ARW PROVIDING
Puri CALL GIRL ❤️8084732287❤️ CALL GIRLS IN ESCORT SERVICE WE ARW PROVIDINGPuri CALL GIRL ❤️8084732287❤️ CALL GIRLS IN ESCORT SERVICE WE ARW PROVIDING
Puri CALL GIRL ❤️8084732287❤️ CALL GIRLS IN ESCORT SERVICE WE ARW PROVIDING
 
Falcon Invoice Discounting: Empowering Your Business Growth
Falcon Invoice Discounting: Empowering Your Business GrowthFalcon Invoice Discounting: Empowering Your Business Growth
Falcon Invoice Discounting: Empowering Your Business Growth
 
PHX May 2024 Corporate Presentation Final
PHX May 2024 Corporate Presentation FinalPHX May 2024 Corporate Presentation Final
PHX May 2024 Corporate Presentation Final
 
PARK STREET 💋 Call Girl 9827461493 Call Girls in Escort service book now
PARK STREET 💋 Call Girl 9827461493 Call Girls in Escort service book nowPARK STREET 💋 Call Girl 9827461493 Call Girls in Escort service book now
PARK STREET 💋 Call Girl 9827461493 Call Girls in Escort service book now
 
Horngren’s Cost Accounting A Managerial Emphasis, Canadian 9th edition soluti...
Horngren’s Cost Accounting A Managerial Emphasis, Canadian 9th edition soluti...Horngren’s Cost Accounting A Managerial Emphasis, Canadian 9th edition soluti...
Horngren’s Cost Accounting A Managerial Emphasis, Canadian 9th edition soluti...
 
UAE Bur Dubai Call Girls ☏ 0564401582 Call Girl in Bur Dubai
UAE Bur Dubai Call Girls ☏ 0564401582 Call Girl in Bur DubaiUAE Bur Dubai Call Girls ☏ 0564401582 Call Girl in Bur Dubai
UAE Bur Dubai Call Girls ☏ 0564401582 Call Girl in Bur Dubai
 
Pre Engineered Building Manufacturers Hyderabad.pptx
Pre Engineered Building Manufacturers Hyderabad.pptxPre Engineered Building Manufacturers Hyderabad.pptx
Pre Engineered Building Manufacturers Hyderabad.pptx
 
Only Cash On Delivery Call Girls In Sikandarpur Gurgaon ❤️8448577510 ⊹Escorts...
Only Cash On Delivery Call Girls In Sikandarpur Gurgaon ❤️8448577510 ⊹Escorts...Only Cash On Delivery Call Girls In Sikandarpur Gurgaon ❤️8448577510 ⊹Escorts...
Only Cash On Delivery Call Girls In Sikandarpur Gurgaon ❤️8448577510 ⊹Escorts...
 
Arti Languages Pre Seed Teaser Deck 2024.pdf
Arti Languages Pre Seed Teaser Deck 2024.pdfArti Languages Pre Seed Teaser Deck 2024.pdf
Arti Languages Pre Seed Teaser Deck 2024.pdf
 
Nanded Call Girl Just Call 8084732287 Top Class Call Girl Service Available
Nanded Call Girl Just Call 8084732287 Top Class Call Girl Service AvailableNanded Call Girl Just Call 8084732287 Top Class Call Girl Service Available
Nanded Call Girl Just Call 8084732287 Top Class Call Girl Service Available
 
Berhampur 70918*19311 CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDING
Berhampur 70918*19311 CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDINGBerhampur 70918*19311 CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDING
Berhampur 70918*19311 CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDING
 
Phases of Negotiation .pptx
Phases of Negotiation .pptx Phases of Negotiation .pptx
Phases of Negotiation .pptx
 
KALYANI 💋 Call Girl 9827461493 Call Girls in Escort service book now
KALYANI 💋 Call Girl 9827461493 Call Girls in Escort service book nowKALYANI 💋 Call Girl 9827461493 Call Girls in Escort service book now
KALYANI 💋 Call Girl 9827461493 Call Girls in Escort service book now
 

Directory Synchronization Single Sign-On in Office 365

  • 1. Directory Synchronization and Single Sign-On in Office 365 Christopher Webb MCM: SharePoint 2010 MCSM SharePoint MCT
  • 2. • Create your tenant • http://office.microsoft.com/en-us/business/office-365-enterprise-e3-business-software- FX103030346.aspx • Activate Directory Synchronization - http://technet.microsoft.com/en- us/library/jj151831 • Prepare Active Directory • Activate Directory Sync feature on tenant admin site • Add Domain • DNS Verification • Configure UPNs & Prep AD • Download DirSync tool • Account Permissions for synchronization • Install DirSync • Configure Single Sign-On - http://technet.microsoft.com/en-us/library/jj151786 • ADFS install • ADFS Configuration • ADFS Proxy Configuration • Azure AD Module for PowerShell Install • Connecting to O365 and converting to a federated domain • Activate Users • Internet Zones for SSO
  • 3. Prepare Active Directory • Deployment Readiness Tool - http://community.office365.com/en-us/forums/183/p/2285/8155.aspx or https://portal.microsoftonline.com/tools • The UPN domain suffix must be under the domain that you choose to set up for single sign-on. • The domain you choose to federate must be registered as a public domain with a domain registrar or within your own public DNS servers. • To create UPNs, follow the instructions in the Active Directory topic Add User Principal Name Suffixes. Keep in mind that UPNs that are used for single sign-on can only contain letters, numbers, periods, dashes, and underscores. • If your Active Directory domain name is not a public Internet domain (for example, it ends with a “.local” suffix), you must set a UPN to have a domain suffix that is under a Internet domain name that can be registered publically. We recommend that you use something familiar to your users, such as their email domain. • If you have already set up Active Directory synchronization, the user’s UPN may not match the user’s on- premises UPN defined in Active Directory. To fix this, rename the user’s UPN using the Set- MsolUserPrincipalName cmdlet in the Windows Azure Active Directory Module for Windows PowerShell. • Be sure to set UPNs prior to DirSync, as this can be harder to fix than running this command. Including, sometimes, having to delete users from cloud and re-setup the DirSync wizard.
  • 4. Additional Considerations • DirSync is designed for only 1 domain. FIM can handle multiforest scenarios, but requires customization. • DirSync requires Server 2003+ Forest functional level
  • 5. Activate Directory Sync on Tenant Admin site • Users and Groups • Active Directory Synchronization • Takes 24 hours, do it first 1 2 3 4
  • 6. Adding domains for synchronization 1 2 3
  • 7. DNS Verification • Just a simple txt record in public DNS
  • 8. Download & Install DirSync • Download DirSync from tenant admin site 1 2 3
  • 9. DirSync Machine notes • http://technet.microsoft.com/en-us/library/jj151831#BKMK_ComputerRequirements • The Windows Azure AD service supports synchronization of up to 50,000 objects • It must run 64-bit Windows Server OS • 64-bit edition of Server 2008 R2 SP1 Standard or Enterprise, or Server 2008 Datacenter or Server 2008 R2 Datacenter. • 64-bit edition of Server 2012 Standard or Datacenter or 2012 R2 S/D. • It must be joined to Active Directory. • It cannot be a domain controller New version was released 11/2 that allows install on DC http://social.technet.microsoft.com/wiki/contents/articles/18429.windows-azure-active-directory-sync-tool-version- release-history.aspx • It must run .NET Framework 3.5 SP1 and .NET Framework 4.0. • You can only have one instance of the Directory Sync tool between an on-premises Active Directory and an Office 365 tenant. • Must be local admin to install
  • 10. DirSync Install and Configuration • Access account on AD side • Must have Domain Administrator as well as Enterprise Administrator permissions for the domain being synchronized • Access account on O365 side • Must be Global Administrator. Also will need to have a license if it’s a service account • Follow the wizard, only has a couple steps • If installing DirSync on ADFS box, MUST install DirSync first. It will not install after ADFS is added. • All documentation says to have dedicated DirSync box, but it is supported to use the same machine • Sync Passwords option allows you to sync the domain account passwords to O365 as well as the account. This is not required if you use ADFS, but if you are not doing single sign-on, this helps to make things easier for your end users.
  • 11. DirSync “Hybrid Mode” option • Hybrid Mode is only for Exchange & Lync hybrid deployments, not SharePoint. It allows DirSync to modify mailbox server attributes and ProxyAddresses. Object Type (objectClass) Property (LDAP attribute name) contact proxyAddresses group proxyAddresses inetOrgPerson proxyAddresses user msExchArchiveStatus msExchBlockedSendersHash msExchSafeRecipientsHash msExchSafeSendersHash msExchUCVoiceMailSettings proxyAddresses
  • 12. Source of Authority • When you create objects by using either the Windows PowerShell cmdlet or account portal tools such as the Office 365 portal, you are mastering objects from within the cloud. All subsequent changes to these objects are also made by using the same tools. In this scenario, the source of authority is in the cloud. For more information about the various tools that you can use to create and manage objects in Windows Azure AD, see Administering your Windows Azure AD tenant. • Alternatively, when you are running Active Directory synchronization, you are mastering objects from within your on-premises Active Directory. Once Directory Synchronization has been activated, and after the first sync cycle has been completed, the source of authority is transferred from the cloud to the on-premises Active Directory. In this scenario, users, contacts, and groups are created on-premises and then synchronized to the cloud. All subsequent changes to the cloud objects (with the exception of licensing) are mastered from the on-premises Active Directory tools. The corresponding cloud objects are read-only. Administrators cannot edit cloud objects if the source of authority is on-premises. • *This means 1-way sync from AD to O365 (consider UPS can not sync updates back to AD, but Lync still pulls from O365 if Lync is O365 license. On-Prem Lync is configurable to either)
  • 13. Soft Matching • New feature of DirSync • Matches accounts that exist in O365 to accounts in AD based off of PrimarySMTPAddress attribute • In my experience, it will match based on UPN over the PrimarySMTPAddress, but documentation does not say anything on this. • Details: http://support.microsoft.com/kb/2641663
  • 14. Requirements for single sign-on •Server 2003 R2, Server 2008, Server 2008 R2, or Server 2012 mixed or native mode functional Forest and Domain levels. •If you plan to use AD FS as your STS, you will need to do one of the following: •Download, install and deploy AD FS 2.0 on a Server 2008 or Server 2008 R2 server. •Install the AD FS role service on a Windows Server 2012 server. •Also, if users will be connecting from outside your company’s network, you must deploy an AD FS 2.0 proxy.* •Use the Windows Azure Active Directory Module for Windows PowerShell to establish a federated trust between your on-premises STS and Windows Azure AD. •Ports 80 & 443 must be open bi-directionally to the ADFS Proxy and outbound for ADFS Back End Server http://technet.microsoft.com/en-us/library/jj151786 http://technet.microsoft.com/en-us/library/jj205462
  • 15. • Must have SAN (UCC) certificate or named certificate. • Wildcards not supported • ADFS service account needs to be a domain admin initially to configure the ADFS container. Then can be rolled back to a standard domain user. Service account must remain local admin on ADFS box, though. • Public cert and full cert chain imported to the certificate store on ADFS and Proxy • Internal DNS record for the ADFS service endpoint pointing to the ADFS server. Proxy must be able to resolve the service endpoint to the ADFS server. • Port 443 Open between Proxy and ADFS • External DNS record for the ADFS endpoint that points to the public IP that is NAT'd to the ADFS Proxy
  • 16. • For a base installation platform, AD FS requires either Server 2008, Server 2008 R2, or Server 2012. AD FS has a separate install package for Server 2008, Server 2008 R2 operating systems (and it is commonly referred to as AD FS 2.0) or it can be installed by adding the Federation Service server role as part of the Server 2012 operating system. • The ADFS Role included in 2008/2008R2 is v1.0. Do NOT use it. You cannot upgrade the version without uninstalling, just download the package, or use the ADFS Role built into 2012 • For Server 2012, Server Manager>Roles>Add Roles>ADFS • Use defaults, don’t add the ADFS 1.1 features or the proxy service as 1.1 causes issues with O365 and the proxy wont install on the same machine as the full ADFS service.
  • 17. • Add your certificates and the chains to the machine store on ADFS box • Make sure they show in IIS manager as selectable • Load the AD FS Management console and start the configuration wizard • Create new Federation Service and a New Farm. • Select the SSL certificate desired, a name for the service, and enter Service account credentials. • That’s it, no need to configure anything from the O365 tenant • Test ADFS basic function via https://<ADFS_FQDN>/adfs/ls/IdpInitiatedSignon.aspx
  • 18. If only using for O365, this is what you want
  • 19. • Install the certificate & chain on the proxy server • Proxy server should be on a non- domain computer • Same pre-reqs as ADFS service, recommend sticking with 2012 again • Proxy must resolve the token signing address to the service, not the public URL. (host-file or internal DNS) • Install only the Proxy, not the 1.1 services or the ADFS service
  • 20. • Assign certificate to default site in IIS • Run the configuration wizard • It should AutoDetect the service name from the certificate • Insert the ADFS service account credentials when prompted • Done
  • 21. • Set up trust between ADFS and Azure AD - http://technet.microsoft.com/en-us/library/jj205461 • Download Azure AD Module from Tenant Admin site and install on any domain-joined machine where tenant will be managed from • When converting domains to federated (final line in script below), this is not your AD domain, but the public DNS Domain used as UPN suffix and verified through DNS TXT records previously. $cred=Get-Credential. ##When the cmdlet prompts you for credentials, type your cloud service administrator account credentials. Connect-MsolService –Credential $cred. ##This cmdlet connects you to Windows Azure AD. Creating a context that connects you to Windows Azure AD is required before running any of the additional cmdlets installed by the tool. Set-MsolAdfscontext -Computer <AD FS primary server> ##, where <AD FS primary server> is the internal FQDN name of the primary AD FS server. This cmdlet creates a context that connects you to AD FS. Convert-MsolDomainToFederated –DomainName <domain> ##, where <domain> is the domain to be converted. This cmdlet changes the domain from standard authentication to single sign-on.
  • 22.
  • 23. • You need to include only the URL of the service endpoint in the local intranet zone. • https://<tenant and/or tenant-my>.sharepoint.com should probably still be included for other features of SharePoint, but not required for SSO
  • 24. Christopher Webb MCM: SharePoint 2010 MCSM SharePoint Senior Engineer Planet Technologies @chriswebb18 http://www.ChristopherMichaelWebb.com