2. The Short Bio
• Solution Architect with focus on Office 365 platform
• Collaborative solutions at my core for over 15 years
• Expertise with Active Directory including full Forest migrations
• Extensive Directory Synchronization work
• Covered various industries including law, logistics, manufacturing and others
Brice McDowell
3. Agenda
• What is Azure Active Directory?
• Azure Active Directory editions
• Azure AD Connect
• Azure Single Sign On
• Cloud App Discovery
12. Windows Azure Active Directory
connecting Office 365
4/15/2016 12
Connecting Office 365
components from a
single directory
? ??
Why start from scratch?
15. Agenda
• What is Azure Active Directory?
• Azure Active Directory editions
• Azure AD Connect
• Azure Single Sign On
• Cloud App Discovery
16. Your directory in the cloud with Single Sign On
4/15/2016 16
Connect and sync on-premises
directories with Azure
2500+ pre-integrated popular
SaaS apps
SaaS apps
17. 3 supported ways to sign in
4/15/2016 17
Federated Single Sign-On
Password-based Single Sign-On
Existing Single Sign-On
It combines
directory services
advanced identity governance – control and standardization to build in predictability
application access management (SSO and publication of certain apps to use) –and-
a rich standards-based platform for developers (Windows Azure services are exposed via REST APIs to enable their use from various languages)
Who would want to manage access to each of these individually?
Who would want to manage a password for each of these? Or your service desk handling a frustrated user who can’t even tell you where the FILE menu is?
Federated: auto sign-on to 3rd party SaaS application by Azure AD using the account info (Supported through SAML 2.0, WS-Federation or Open ID connect protocols)
Password based: Azure collects the password and other account info from the 3d party SaaS app and uses that for auto sign-on
Existing Single Sign-On: Utilizes ADFS to sign on to the 3rd party SaaS app. (think of this as Oking access instead of giving auth directly)
You won’t always have a user going to a portal site to sign on…
The dashboard here is hard to see, but you get the idea…
You can also assign Apps that groups of users can see and deploy them to have better management over use – and even over the expectations and adoption.