SlideShare una empresa de Scribd logo

Office 365 integration using organizational identities

Nixu Corporation
Nixu Corporation

Presentation held at SharePoint User Group & Office 365 User Group Finland September meeting 17.9.2014 by Joonatan Henriksson.

Presentaciones y charlas públicas
1 de 16
Office 365 integration using organizational identities Joonatan Henriksson Nixu Oy 9.10.2014 © Nixu 2014 1
9.10.2014 © Nixu 2014 One-stop shop for security consulting
Keys for success in security consulting 9.10.2014 © Nixu 2014 • Security consulting since 1988 • Capacity and reliability: 120 persons, 14 M€ turnover • Secure premises: Finnish Defence Forces audited facilities • No strings attached: Product vendor independent Trust • Certifications: CISSP, CISA, CISM, CSSLP, CPTS, GCIH, GCFA, GCIA, GSNA, GSSPC, CCNA, ISO27001 Auditor, MCSE, QSA, PA-QSA, etc • Payment Card Industry (PCI DSS) Qualified Security Assessor and ASV company • ca. 140 clients in over 400 assignments during year 2013 • Assignments in around 20 countries Experience • Productized methodology for projects guarantees high quality • Global standards: TOGAF, ITIL, OWASP, ISO27001, ISF, PCI DSS, etc • Quality assurance included in each project, each project has a team • Secure practices for transmitting, storing and destroying confidential data Methodology 99% of our clients say they can recommend Nixu* * Fall 2013 Customer satisfaction study
We have SAML 2.0 support!! (March 2014) 9.10.2014 © Nixu 2014 4 Source: http://blogs.office.com/2014/03/06/announcing-support-for-saml-2-0-federation-with-office-365/
…well, at least soon?! “…the following scenarios are blocked when using SAML 2.0 or Shibboleth.  Lync desktop client  Applications such as Word, Excel, PowerPoint, Visio, etc. when accessing files from SharePoint Online  Office 365 ProPlus licensing for Office desktop applications  PowerShell access to Office 365 The update to the Office 2013 client applications is expected to be released later in 2014.”* 9.10.2014 © Nixu 2014 5 Source: http://blogs.office.com/2014/03/06/announcing-support-for-saml-2-0-federation-with-office-365/
Possibilities until then (and with legacy clients)  Standards support – SAML 2.0 support has evolved slowly during 2013-2014 – WS-Federation – WS-Trust 9.10.2014 © Nixu 2014 6
Customer requirements (in 2013)  Office 365 “reseller” business case  Existing local user base with external users  Existing authentication service with SAML 2.0 support (non-ADFS)  Flexible authentication to Office 365 for email  Mobile clients must work with Active Sync  IMAP must work  Multitenant and multidomain environment 9.10.2014 © Nixu 2014 7
High level architecture for passive authentication 9.10.2014 © Nixu 2014 8 SSO Outlook Web Access Azure AD IDM Browser Access AuthN AuthZ User store first name last name display name UPN=[default email address] immutableID=[unique ID] license type location (SMTP address if other value than UPN is required) Forms based authentication
High level architecture for proxy authentication 9.10.2014 © Nixu 2014 9 SSO Exchange Online Azure AD IDM Client Basic auth AuthN AuthZ User store SAML 2.0 ECP first name last name display name UPN=[default email address] immutableID=[unique ID] license type location (SMTP address if other value than UPN is required)
Challenges with integration  Active Sync client requires the use of the SAML 2.0 ECP-profile (Enhanced Client or Proxy) with HTTP Basic Auth  Multitenancy, i.e. separating different domains in the IdP/SSO  Lack of logging in O365  Converting and modifying identities might take time 9.10.2014 © Nixu 2014 10
Multiple clients in multiple platforms Client Platform AuthN mechanism Browser for MS Online and Outlook Web Access PC / MAC SAML 2.0 (Passive authentication) Outlook 2007/Outlook 2010/2013?, Exchange ActiveSync, POP/IMAP/SMTP client PC / MAC? Basic authentication over SSL, SAML 2.0 (Proxy authentication) Lync 2010 PC / MAC? WS-Federation and WS- Trust Lync mobile >5.2 iOS, Windows Phone SAML 2.0 (Passive authentication) Office 2010/Office 2007/2013? applications PC / MAC? Active authentication with WS-Trust 9.10.2014 © Nixu 2014 11
Identity provisioning alternatives  Manual  PowerShell  DirSync  Forefront Identity Manager (Windows Azure Active Directory Connector)  Azure AD Graph API (2014) 9.10.2014 © Nixu 2014 12
Other uses for SAML based federation  Many SaaS and cloud providers support SAML 2.0 – E.g. SalesForce, Yammer, Zendesk, Google Apps etc. 9.10.2014 © Nixu 2014 13
Main takeaways  Standards based integration is still in the making  Plan your business case  Plan your use cases  You need to know your authentication protocols  ADFS not the only option, other SSO products work as well – Currently with mixed protocols, in the future with SAML 2.0* 9.10.2014 © Nixu 2014 14 * source: http://blogs.office.com/2014/03/06/announcing-support-for-saml-2-0-federation-with-office-365/
Links  Announcing support for SAML 2.0 federation with Office 365 http://blogs.office.com/2014/03/06/announcing-support-for-saml-2- 0-federation-with-office-365/  O365 SAML 2.0 implementors guide http://go.microsoft.com/?linkid=9844221 9.10.2014 © Nixu 2014 15
Thank you! Nixu Oy www.nixu.fi/blogi - www.tietovastuu.fi - twitter: @nixutigerteam P.O. Box 39 (Keilaranta 15), FI-02150 Espoo, Finland Tel +358 9 478 1011, Fax +358 9 478 1030, nixu.sales@nixu.com Joonatan Henriksson joonatan.henriksson@nixu.com +358 50 342 3472 Twitter: @jonttuh 9.10.2014 © Nixu 2014 16

Recomendados

Framework WSo2 orientato ai servizi
Framework WSo2 orientato ai serviziFramework WSo2 orientato ai servizi
Framework WSo2 orientato ai servizi
Profesia Srl, Lynx Group
 
WSO2Con ASIA 2016: An Introduction to the WSO2 Integration Platform
WSO2Con ASIA 2016: An Introduction to the WSO2 Integration PlatformWSO2Con ASIA 2016: An Introduction to the WSO2 Integration Platform
WSO2Con ASIA 2016: An Introduction to the WSO2 Integration Platform
WSO2
 
Boost Your Managed Services and Profits by Adding Disaster Recovery to any Ac...
Boost Your Managed Services and Profits by Adding Disaster Recovery to any Ac...Boost Your Managed Services and Profits by Adding Disaster Recovery to any Ac...
Boost Your Managed Services and Profits by Adding Disaster Recovery to any Ac...
Kaseya
 
Office 365 and Cloud Identity – What Does It Mean For Me?
Office 365 and Cloud Identity – What Does It Mean For Me?Office 365 and Cloud Identity – What Does It Mean For Me?
Office 365 and Cloud Identity – What Does It Mean For Me?
Scott Hoag
 
WSO2Con USA 2017: Multi-tenanted, Role-based Identity & Access Management sol...
WSO2Con USA 2017: Multi-tenanted, Role-based Identity & Access Management sol...WSO2Con USA 2017: Multi-tenanted, Role-based Identity & Access Management sol...
WSO2Con USA 2017: Multi-tenanted, Role-based Identity & Access Management sol...
WSO2
 
365 Command: Managing Exchange in Office 365
365 Command: Managing Exchange in Office 365365 Command: Managing Exchange in Office 365
365 Command: Managing Exchange in Office 365
Kaseya
 
Kaseya Monitoring Suite Overview
Kaseya Monitoring Suite OverviewKaseya Monitoring Suite Overview
Kaseya Monitoring Suite Overview
Kaseya
 
Webinar combining WSO2 API Manager with WSO2 BAM for billing in the energy in...
Webinar combining WSO2 API Manager with WSO2 BAM for billing in the energy in...Webinar combining WSO2 API Manager with WSO2 BAM for billing in the energy in...
Webinar combining WSO2 API Manager with WSO2 BAM for billing in the energy in...
Yenlo
 

Recomendados

Framework WSo2 orientato ai servizi
Framework WSo2 orientato ai serviziFramework WSo2 orientato ai servizi
Framework WSo2 orientato ai servizi
Profesia Srl, Lynx Group
 
WSO2Con ASIA 2016: An Introduction to the WSO2 Integration Platform
WSO2Con ASIA 2016: An Introduction to the WSO2 Integration PlatformWSO2Con ASIA 2016: An Introduction to the WSO2 Integration Platform
WSO2Con ASIA 2016: An Introduction to the WSO2 Integration Platform
WSO2
 
Boost Your Managed Services and Profits by Adding Disaster Recovery to any Ac...
Boost Your Managed Services and Profits by Adding Disaster Recovery to any Ac...Boost Your Managed Services and Profits by Adding Disaster Recovery to any Ac...
Boost Your Managed Services and Profits by Adding Disaster Recovery to any Ac...
Kaseya
 
Office 365 and Cloud Identity – What Does It Mean For Me?
Office 365 and Cloud Identity – What Does It Mean For Me?Office 365 and Cloud Identity – What Does It Mean For Me?
Office 365 and Cloud Identity – What Does It Mean For Me?
Scott Hoag
 
WSO2Con USA 2017: Multi-tenanted, Role-based Identity & Access Management sol...
WSO2Con USA 2017: Multi-tenanted, Role-based Identity & Access Management sol...WSO2Con USA 2017: Multi-tenanted, Role-based Identity & Access Management sol...
WSO2Con USA 2017: Multi-tenanted, Role-based Identity & Access Management sol...
WSO2
 
365 Command: Managing Exchange in Office 365
365 Command: Managing Exchange in Office 365365 Command: Managing Exchange in Office 365
365 Command: Managing Exchange in Office 365
Kaseya
 
Kaseya Monitoring Suite Overview
Kaseya Monitoring Suite OverviewKaseya Monitoring Suite Overview
Kaseya Monitoring Suite Overview
Kaseya
 
Webinar combining WSO2 API Manager with WSO2 BAM for billing in the energy in...
Webinar combining WSO2 API Manager with WSO2 BAM for billing in the energy in...Webinar combining WSO2 API Manager with WSO2 BAM for billing in the energy in...
Webinar combining WSO2 API Manager with WSO2 BAM for billing in the energy in...
Yenlo
 
Coral Active HTML5 Agent Desktop
Coral Active HTML5 Agent DesktopCoral Active HTML5 Agent Desktop
Coral Active HTML5 Agent Desktop
PSS Help
 
Coral Active HTML5 Agent Desktop
Coral Active HTML5 Agent DesktopCoral Active HTML5 Agent Desktop
Coral Active HTML5 Agent Desktop
PSS Help
 
Software as a Service .pptx
Software as a Service .pptxSoftware as a Service .pptx
Software as a Service .pptx
juergenJaeckel
 
RapidScale CloudOffice
RapidScale CloudOfficeRapidScale CloudOffice
RapidScale CloudOffice
RapidScale
 
Proven Practices for Office 365 Deployment, Security and Management
Proven Practices for Office 365 Deployment, Security and ManagementProven Practices for Office 365 Deployment, Security and Management
Proven Practices for Office 365 Deployment, Security and Management
Perficient, Inc.
 
Mobilize employees with the cisco mobile workspace solution
Mobilize employees with the cisco mobile workspace solutionMobilize employees with the cisco mobile workspace solution
Mobilize employees with the cisco mobile workspace solution
Cisco Mobility
 
BWW KickOff DMS-Mia.2.pptx
BWW KickOff DMS-Mia.2.pptxBWW KickOff DMS-Mia.2.pptx
BWW KickOff DMS-Mia.2.pptx
Deni Nasrullah
 
Hybrid SharePoint - Office 365 & On-prem SharePoint 2013 -part2
Hybrid SharePoint - Office 365 & On-prem SharePoint 2013 -part2Hybrid SharePoint - Office 365 & On-prem SharePoint 2013 -part2
Hybrid SharePoint - Office 365 & On-prem SharePoint 2013 -part2
WinWire Technologies Inc
 
TugaIT 2017 Office 365 Multi-factor authentication with Microsoft Azure Activ...
TugaIT 2017 Office 365 Multi-factor authentication with Microsoft Azure Activ...TugaIT 2017 Office 365 Multi-factor authentication with Microsoft Azure Activ...
TugaIT 2017 Office 365 Multi-factor authentication with Microsoft Azure Activ...
Nuno Árias Silva
 
Transform IT services-
Transform IT services-Transform IT services-
Transform IT services-
Prasanth Konoth
 
Love Cloud: 28 June 2017
Love Cloud: 28 June 2017 Love Cloud: 28 June 2017
Love Cloud: 28 June 2017
Chloe Mustafa
 
Atelier Poste de travail - FWT15 Paris Citrix
Atelier Poste de travail - FWT15 Paris CitrixAtelier Poste de travail - FWT15 Paris Citrix
Atelier Poste de travail - FWT15 Paris Citrix
Fujitsu France
 
Bridgeworks IT Solutions 2013
Bridgeworks IT Solutions 2013Bridgeworks IT Solutions 2013
Bridgeworks IT Solutions 2013
StraightDrive Softlab LLP
 
Session 1: Einführung in Windows Azure
Session 1: Einführung in Windows AzureSession 1: Einführung in Windows Azure
Session 1: Einführung in Windows Azure
Digicomp Academy AG
 
Bhadale group of companies multi cloud services catalogue
Bhadale group of companies multi cloud services catalogueBhadale group of companies multi cloud services catalogue
Bhadale group of companies multi cloud services catalogue
Vijayananda Mohire
 
Get Started with Microsoft Azure.pptx
Get Started with Microsoft Azure.pptxGet Started with Microsoft Azure.pptx
Get Started with Microsoft Azure.pptx
AnjaliMishra647628
 
Cloud Customer Architecture for Securing Workloads on Cloud Services
Cloud Customer Architecture for Securing Workloads on Cloud ServicesCloud Customer Architecture for Securing Workloads on Cloud Services
Cloud Customer Architecture for Securing Workloads on Cloud Services
Cloud Standards Customer Council
 
Azure_Business_Opportunity
Azure_Business_OpportunityAzure_Business_Opportunity
Azure_Business_Opportunity
Nojan Emad
 
WEBINAR: Uncover the Benefits of Office 365 and Windows Azure
WEBINAR: Uncover the Benefits of Office 365 and Windows Azure WEBINAR: Uncover the Benefits of Office 365 and Windows Azure
WEBINAR: Uncover the Benefits of Office 365 and Windows Azure
Sentri
 
RapidScale Product Training
RapidScale Product TrainingRapidScale Product Training
RapidScale Product Training
RapidScale
 
Cyber warfare in the context of major military innovations by mattias almeflo...
Cyber warfare in the context of major military innovations by mattias almeflo...Cyber warfare in the context of major military innovations by mattias almeflo...
Cyber warfare in the context of major military innovations by mattias almeflo...
Nixu Corporation
 
oAuth presentation
oAuth presentationoAuth presentation
oAuth presentation
Nixu Corporation
 

Más contenido relacionado

Similar a Office 365 integration using organizational identities

Coral Active HTML5 Agent Desktop
Coral Active HTML5 Agent DesktopCoral Active HTML5 Agent Desktop
Coral Active HTML5 Agent Desktop
PSS Help
 
RapidScale CloudOffice
RapidScale CloudOfficeRapidScale CloudOffice
RapidScale CloudOffice
RapidScale
 
BWW KickOff DMS-Mia.2.pptx
BWW KickOff DMS-Mia.2.pptxBWW KickOff DMS-Mia.2.pptx
BWW KickOff DMS-Mia.2.pptx
Deni Nasrullah
 
Hybrid SharePoint - Office 365 & On-prem SharePoint 2013 -part2
Hybrid SharePoint - Office 365 & On-prem SharePoint 2013 -part2Hybrid SharePoint - Office 365 & On-prem SharePoint 2013 -part2
Hybrid SharePoint - Office 365 & On-prem SharePoint 2013 -part2
WinWire Technologies Inc
 
Cloud Customer Architecture for Securing Workloads on Cloud Services
Cloud Customer Architecture for Securing Workloads on Cloud ServicesCloud Customer Architecture for Securing Workloads on Cloud Services
Cloud Customer Architecture for Securing Workloads on Cloud Services
Cloud Standards Customer Council
 
Azure_Business_Opportunity
Azure_Business_OpportunityAzure_Business_Opportunity
Azure_Business_Opportunity
Nojan Emad
 
RapidScale Product Training
RapidScale Product TrainingRapidScale Product Training
RapidScale Product Training
RapidScale
 

Similar a Office 365 integration using organizational identities (20)

Coral Active HTML5 Agent Desktop
Coral Active HTML5 Agent DesktopCoral Active HTML5 Agent Desktop
Coral Active HTML5 Agent Desktop
 
Coral Active HTML5 Agent Desktop
Coral Active HTML5 Agent DesktopCoral Active HTML5 Agent Desktop
Coral Active HTML5 Agent Desktop
 
Software as a Service .pptx
Software as a Service .pptxSoftware as a Service .pptx
Software as a Service .pptx
 
RapidScale CloudOffice
RapidScale CloudOfficeRapidScale CloudOffice
RapidScale CloudOffice
 
Proven Practices for Office 365 Deployment, Security and Management
Proven Practices for Office 365 Deployment, Security and ManagementProven Practices for Office 365 Deployment, Security and Management
Proven Practices for Office 365 Deployment, Security and Management
 
Mobilize employees with the cisco mobile workspace solution
Mobilize employees with the cisco mobile workspace solutionMobilize employees with the cisco mobile workspace solution
Mobilize employees with the cisco mobile workspace solution
 
BWW KickOff DMS-Mia.2.pptx
BWW KickOff DMS-Mia.2.pptxBWW KickOff DMS-Mia.2.pptx
BWW KickOff DMS-Mia.2.pptx
 
Hybrid SharePoint - Office 365 & On-prem SharePoint 2013 -part2
Hybrid SharePoint - Office 365 & On-prem SharePoint 2013 -part2Hybrid SharePoint - Office 365 & On-prem SharePoint 2013 -part2
Hybrid SharePoint - Office 365 & On-prem SharePoint 2013 -part2
 
TugaIT 2017 Office 365 Multi-factor authentication with Microsoft Azure Activ...
TugaIT 2017 Office 365 Multi-factor authentication with Microsoft Azure Activ...TugaIT 2017 Office 365 Multi-factor authentication with Microsoft Azure Activ...
TugaIT 2017 Office 365 Multi-factor authentication with Microsoft Azure Activ...
 
Transform IT services-
Transform IT services-Transform IT services-
Transform IT services-
 
Love Cloud: 28 June 2017
Love Cloud: 28 June 2017 Love Cloud: 28 June 2017
Love Cloud: 28 June 2017
 
Atelier Poste de travail - FWT15 Paris Citrix
Atelier Poste de travail - FWT15 Paris CitrixAtelier Poste de travail - FWT15 Paris Citrix
Atelier Poste de travail - FWT15 Paris Citrix
 
Bridgeworks IT Solutions 2013
Bridgeworks IT Solutions 2013Bridgeworks IT Solutions 2013
Bridgeworks IT Solutions 2013
 
Session 1: Einführung in Windows Azure
Session 1: Einführung in Windows AzureSession 1: Einführung in Windows Azure
Session 1: Einführung in Windows Azure
 
Bhadale group of companies multi cloud services catalogue
Bhadale group of companies multi cloud services catalogueBhadale group of companies multi cloud services catalogue
Bhadale group of companies multi cloud services catalogue
 
Get Started with Microsoft Azure.pptx
Get Started with Microsoft Azure.pptxGet Started with Microsoft Azure.pptx
Get Started with Microsoft Azure.pptx
 
Cloud Customer Architecture for Securing Workloads on Cloud Services
Cloud Customer Architecture for Securing Workloads on Cloud ServicesCloud Customer Architecture for Securing Workloads on Cloud Services
Cloud Customer Architecture for Securing Workloads on Cloud Services
 
Azure_Business_Opportunity
Azure_Business_OpportunityAzure_Business_Opportunity
Azure_Business_Opportunity
 
WEBINAR: Uncover the Benefits of Office 365 and Windows Azure
WEBINAR: Uncover the Benefits of Office 365 and Windows Azure WEBINAR: Uncover the Benefits of Office 365 and Windows Azure
WEBINAR: Uncover the Benefits of Office 365 and Windows Azure
 
RapidScale Product Training
RapidScale Product TrainingRapidScale Product Training
RapidScale Product Training
 

Más de Nixu Corporation

TIEKE IoT Business-treffit: Virusten Internet, Kairinen, Nixu 2014
TIEKE IoT Business-treffit: Virusten Internet, Kairinen, Nixu 2014TIEKE IoT Business-treffit: Virusten Internet, Kairinen, Nixu 2014
TIEKE IoT Business-treffit: Virusten Internet, Kairinen, Nixu 2014
Nixu Corporation
 

Más de Nixu Corporation (20)

Cyber warfare in the context of major military innovations by mattias almeflo...
Cyber warfare in the context of major military innovations by mattias almeflo...Cyber warfare in the context of major military innovations by mattias almeflo...
Cyber warfare in the context of major military innovations by mattias almeflo...
 
oAuth presentation
oAuth presentationoAuth presentation
oAuth presentation
 
Mitre ATT&CK by Mattias Almeflo Nixu
Mitre ATT&CK by Mattias Almeflo NixuMitre ATT&CK by Mattias Almeflo Nixu
Mitre ATT&CK by Mattias Almeflo Nixu
 
Infosec2018 NL IAM archeaology Presentation
Infosec2018 NL IAM archeaology PresentationInfosec2018 NL IAM archeaology Presentation
Infosec2018 NL IAM archeaology Presentation
 
Cyber Defense in 2016
Cyber Defense in 2016Cyber Defense in 2016
Cyber Defense in 2016
 
Nixu Cyber Defense Center - You have one fear less.
Nixu Cyber Defense Center - You have one fear less.Nixu Cyber Defense Center - You have one fear less.
Nixu Cyber Defense Center - You have one fear less.
 
Koko rahalla palomuureja?
Koko rahalla palomuureja? Koko rahalla palomuureja?
Koko rahalla palomuureja?
 
Digitaalinen identiteetti turvallisen verkkoliiketoiminnan mahdollistajana
Digitaalinen identiteetti turvallisen verkkoliiketoiminnan mahdollistajanaDigitaalinen identiteetti turvallisen verkkoliiketoiminnan mahdollistajana
Digitaalinen identiteetti turvallisen verkkoliiketoiminnan mahdollistajana
 
Kuinka toimitaan oikeammin kun havaitaan tietoturvapoikkeama
Kuinka toimitaan oikeammin kun havaitaan tietoturvapoikkeamaKuinka toimitaan oikeammin kun havaitaan tietoturvapoikkeama
Kuinka toimitaan oikeammin kun havaitaan tietoturvapoikkeama
 
Tekninen näkökulma: Lokienhallinta vai SIEM?
Tekninen näkökulma: Lokienhallinta vai SIEM?Tekninen näkökulma: Lokienhallinta vai SIEM?
Tekninen näkökulma: Lokienhallinta vai SIEM?
 
Tietoturva teollisen internetin vauhdittajana
Tietoturva teollisen internetin vauhdittajanaTietoturva teollisen internetin vauhdittajana
Tietoturva teollisen internetin vauhdittajana
 
What has changed in Corporate Cybersecurity?
What has changed in Corporate Cybersecurity?What has changed in Corporate Cybersecurity?
What has changed in Corporate Cybersecurity?
 
Mittaristot kyberturvan tilannejohtamiseen
Mittaristot kyberturvan tilannejohtamiseenMittaristot kyberturvan tilannejohtamiseen
Mittaristot kyberturvan tilannejohtamiseen
 
TIEKE IoT Business-treffit: Virusten Internet, Kairinen, Nixu 2014
TIEKE IoT Business-treffit: Virusten Internet, Kairinen, Nixu 2014TIEKE IoT Business-treffit: Virusten Internet, Kairinen, Nixu 2014
TIEKE IoT Business-treffit: Virusten Internet, Kairinen, Nixu 2014
 
PCI DSS 3.0 - Merkittävimmät muutokset
PCI DSS 3.0 - Merkittävimmät muutoksetPCI DSS 3.0 - Merkittävimmät muutokset
PCI DSS 3.0 - Merkittävimmät muutokset
 
PCI DSS 3.0 muutokset – “editor’s pick”
PCI DSS 3.0 muutokset – “editor’s pick”PCI DSS 3.0 muutokset – “editor’s pick”
PCI DSS 3.0 muutokset – “editor’s pick”
 
"Hakkerihyökkäys terveydenhoitoalan organisaatioon – näin se tapahtuisi”
"Hakkerihyökkäys terveydenhoitoalan organisaatioon – näin se tapahtuisi”"Hakkerihyökkäys terveydenhoitoalan organisaatioon – näin se tapahtuisi”
"Hakkerihyökkäys terveydenhoitoalan organisaatioon – näin se tapahtuisi”
 
Miten tietomurron voi havaita lokeista?
Miten tietomurron voi havaita lokeista?Miten tietomurron voi havaita lokeista?
Miten tietomurron voi havaita lokeista?
 
Verkkopalveluiden tietoturva markkinointi- ja viestintäasiantuntijoille, kevä...
Verkkopalveluiden tietoturva markkinointi- ja viestintäasiantuntijoille, kevä...Verkkopalveluiden tietoturva markkinointi- ja viestintäasiantuntijoille, kevä...
Verkkopalveluiden tietoturva markkinointi- ja viestintäasiantuntijoille, kevä...
 
Kysely NSA-vakoilusta yrityspäättäjille
Kysely NSA-vakoilusta yrityspäättäjilleKysely NSA-vakoilusta yrityspäättäjille
Kysely NSA-vakoilusta yrityspäättäjille
 

Último

Busty Desi⚡Call Girls in Sector 51 Noida Escorts >༒8448380779 Escort Service-...
Busty Desi⚡Call Girls in Sector 51 Noida Escorts >༒8448380779 Escort Service-...Busty Desi⚡Call Girls in Sector 51 Noida Escorts >༒8448380779 Escort Service-...
Busty Desi⚡Call Girls in Sector 51 Noida Escorts >༒8448380779 Escort Service-...
Delhi Call girls
 
Uncommon Grace The Autobiography of Isaac Folorunso
Uncommon Grace The Autobiography of Isaac FolorunsoUncommon Grace The Autobiography of Isaac Folorunso
Uncommon Grace The Autobiography of Isaac Folorunso
Kayode Fayemi
 
No Advance 8868886958 Chandigarh Call Girls , Indian Call Girls For Full Nigh...
No Advance 8868886958 Chandigarh Call Girls , Indian Call Girls For Full Nigh...No Advance 8868886958 Chandigarh Call Girls , Indian Call Girls For Full Nigh...
No Advance 8868886958 Chandigarh Call Girls , Indian Call Girls For Full Nigh...
Sheetaleventcompany
 
If this Giant Must Walk: A Manifesto for a New Nigeria
If this Giant Must Walk: A Manifesto for a New NigeriaIf this Giant Must Walk: A Manifesto for a New Nigeria
If this Giant Must Walk: A Manifesto for a New Nigeria
Kayode Fayemi
 
BDSM⚡Call Girls in Sector 97 Noida Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Sector 97 Noida Escorts >༒8448380779 Escort ServiceBDSM⚡Call Girls in Sector 97 Noida Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Sector 97 Noida Escorts >༒8448380779 Escort Service
Delhi Call girls
 
Sector 62, Noida Call girls :8448380779 Noida Escorts | 100% verified
Sector 62, Noida Call girls :8448380779 Noida Escorts | 100% verifiedSector 62, Noida Call girls :8448380779 Noida Escorts | 100% verified
Sector 62, Noida Call girls :8448380779 Noida Escorts | 100% verified
Delhi Call girls
 
Bring back lost lover in USA, Canada ,Uk ,Australia ,London Lost Love Spell C...
Bring back lost lover in USA, Canada ,Uk ,Australia ,London Lost Love Spell C...Bring back lost lover in USA, Canada ,Uk ,Australia ,London Lost Love Spell C...
Bring back lost lover in USA, Canada ,Uk ,Australia ,London Lost Love Spell C...
amilabibi1
 

Último (20)

AWS Data Engineer Associate (DEA-C01) Exam Dumps 2024.pdf
AWS Data Engineer Associate (DEA-C01) Exam Dumps 2024.pdfAWS Data Engineer Associate (DEA-C01) Exam Dumps 2024.pdf
AWS Data Engineer Associate (DEA-C01) Exam Dumps 2024.pdf
 
Busty Desi⚡Call Girls in Sector 51 Noida Escorts >༒8448380779 Escort Service-...
Busty Desi⚡Call Girls in Sector 51 Noida Escorts >༒8448380779 Escort Service-...Busty Desi⚡Call Girls in Sector 51 Noida Escorts >༒8448380779 Escort Service-...
Busty Desi⚡Call Girls in Sector 51 Noida Escorts >༒8448380779 Escort Service-...
 
ICT role in 21st century education and it's challenges.pdf
ICT role in 21st century education and it's challenges.pdfICT role in 21st century education and it's challenges.pdf
ICT role in 21st century education and it's challenges.pdf
 
Causes of poverty in France presentation.pptx
Causes of poverty in France presentation.pptxCauses of poverty in France presentation.pptx
Causes of poverty in France presentation.pptx
 
The workplace ecosystem of the future 24.4.2024 Fabritius_share ii.pdf
The workplace ecosystem of the future 24.4.2024 Fabritius_share ii.pdfThe workplace ecosystem of the future 24.4.2024 Fabritius_share ii.pdf
The workplace ecosystem of the future 24.4.2024 Fabritius_share ii.pdf
 
Introduction to Prompt Engineering (Focusing on ChatGPT)
Introduction to Prompt Engineering (Focusing on ChatGPT)Introduction to Prompt Engineering (Focusing on ChatGPT)
Introduction to Prompt Engineering (Focusing on ChatGPT)
 
My Presentation "In Your Hands" by Halle Bailey
My Presentation "In Your Hands" by Halle BaileyMy Presentation "In Your Hands" by Halle Bailey
My Presentation "In Your Hands" by Halle Bailey
 
Thirunelveli call girls Tamil escorts 7877702510
Thirunelveli call girls Tamil escorts 7877702510Thirunelveli call girls Tamil escorts 7877702510
Thirunelveli call girls Tamil escorts 7877702510
 
Uncommon Grace The Autobiography of Isaac Folorunso
Uncommon Grace The Autobiography of Isaac FolorunsoUncommon Grace The Autobiography of Isaac Folorunso
Uncommon Grace The Autobiography of Isaac Folorunso
 
Dreaming Music Video Treatment _ Project & Portfolio III
Dreaming Music Video Treatment _ Project & Portfolio IIIDreaming Music Video Treatment _ Project & Portfolio III
Dreaming Music Video Treatment _ Project & Portfolio III
 
No Advance 8868886958 Chandigarh Call Girls , Indian Call Girls For Full Nigh...
No Advance 8868886958 Chandigarh Call Girls , Indian Call Girls For Full Nigh...No Advance 8868886958 Chandigarh Call Girls , Indian Call Girls For Full Nigh...
No Advance 8868886958 Chandigarh Call Girls , Indian Call Girls For Full Nigh...
 
If this Giant Must Walk: A Manifesto for a New Nigeria
If this Giant Must Walk: A Manifesto for a New NigeriaIf this Giant Must Walk: A Manifesto for a New Nigeria
If this Giant Must Walk: A Manifesto for a New Nigeria
 
BDSM⚡Call Girls in Sector 97 Noida Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Sector 97 Noida Escorts >༒8448380779 Escort ServiceBDSM⚡Call Girls in Sector 97 Noida Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Sector 97 Noida Escorts >༒8448380779 Escort Service
 
Aesthetic Colaba Mumbai Cst Call girls 📞 7738631006 Grant road Call Girls ❤️-...
Aesthetic Colaba Mumbai Cst Call girls 📞 7738631006 Grant road Call Girls ❤️-...Aesthetic Colaba Mumbai Cst Call girls 📞 7738631006 Grant road Call Girls ❤️-...
Aesthetic Colaba Mumbai Cst Call girls 📞 7738631006 Grant road Call Girls ❤️-...
 
Sector 62, Noida Call girls :8448380779 Noida Escorts | 100% verified
Sector 62, Noida Call girls :8448380779 Noida Escorts | 100% verifiedSector 62, Noida Call girls :8448380779 Noida Escorts | 100% verified
Sector 62, Noida Call girls :8448380779 Noida Escorts | 100% verified
 
Presentation on Engagement in Book Clubs
Presentation on Engagement in Book ClubsPresentation on Engagement in Book Clubs
Presentation on Engagement in Book Clubs
 
Dreaming Marissa Sánchez Music Video Treatment
Dreaming Marissa Sánchez Music Video TreatmentDreaming Marissa Sánchez Music Video Treatment
Dreaming Marissa Sánchez Music Video Treatment
 
Bring back lost lover in USA, Canada ,Uk ,Australia ,London Lost Love Spell C...
Bring back lost lover in USA, Canada ,Uk ,Australia ,London Lost Love Spell C...Bring back lost lover in USA, Canada ,Uk ,Australia ,London Lost Love Spell C...
Bring back lost lover in USA, Canada ,Uk ,Australia ,London Lost Love Spell C...
 
lONG QUESTION ANSWER PAKISTAN STUDIES10.
lONG QUESTION ANSWER PAKISTAN STUDIES10.lONG QUESTION ANSWER PAKISTAN STUDIES10.
lONG QUESTION ANSWER PAKISTAN STUDIES10.
 
Air breathing and respiratory adaptations in diver animals
Air breathing and respiratory adaptations in diver animalsAir breathing and respiratory adaptations in diver animals
Air breathing and respiratory adaptations in diver animals
 

Office 365 integration using organizational identities

  • 1. Office 365 integration using organizational identities Joonatan Henriksson Nixu Oy 9.10.2014 © Nixu 2014 1
  • 2. 9.10.2014 © Nixu 2014 One-stop shop for security consulting
  • 3. Keys for success in security consulting 9.10.2014 © Nixu 2014 • Security consulting since 1988 • Capacity and reliability: 120 persons, 14 M€ turnover • Secure premises: Finnish Defence Forces audited facilities • No strings attached: Product vendor independent Trust • Certifications: CISSP, CISA, CISM, CSSLP, CPTS, GCIH, GCFA, GCIA, GSNA, GSSPC, CCNA, ISO27001 Auditor, MCSE, QSA, PA-QSA, etc • Payment Card Industry (PCI DSS) Qualified Security Assessor and ASV company • ca. 140 clients in over 400 assignments during year 2013 • Assignments in around 20 countries Experience • Productized methodology for projects guarantees high quality • Global standards: TOGAF, ITIL, OWASP, ISO27001, ISF, PCI DSS, etc • Quality assurance included in each project, each project has a team • Secure practices for transmitting, storing and destroying confidential data Methodology 99% of our clients say they can recommend Nixu* * Fall 2013 Customer satisfaction study
  • 4. We have SAML 2.0 support!! (March 2014) 9.10.2014 © Nixu 2014 4 Source: http://blogs.office.com/2014/03/06/announcing-support-for-saml-2-0-federation-with-office-365/
  • 5. …well, at least soon?! “…the following scenarios are blocked when using SAML 2.0 or Shibboleth.  Lync desktop client  Applications such as Word, Excel, PowerPoint, Visio, etc. when accessing files from SharePoint Online  Office 365 ProPlus licensing for Office desktop applications  PowerShell access to Office 365 The update to the Office 2013 client applications is expected to be released later in 2014.”* 9.10.2014 © Nixu 2014 5 Source: http://blogs.office.com/2014/03/06/announcing-support-for-saml-2-0-federation-with-office-365/
  • 6. Possibilities until then (and with legacy clients)  Standards support – SAML 2.0 support has evolved slowly during 2013-2014 – WS-Federation – WS-Trust 9.10.2014 © Nixu 2014 6
  • 7. Customer requirements (in 2013)  Office 365 “reseller” business case  Existing local user base with external users  Existing authentication service with SAML 2.0 support (non-ADFS)  Flexible authentication to Office 365 for email  Mobile clients must work with Active Sync  IMAP must work  Multitenant and multidomain environment 9.10.2014 © Nixu 2014 7
  • 8. High level architecture for passive authentication 9.10.2014 © Nixu 2014 8 SSO Outlook Web Access Azure AD IDM Browser Access AuthN AuthZ User store first name last name display name UPN=[default email address] immutableID=[unique ID] license type location (SMTP address if other value than UPN is required) Forms based authentication
  • 9. High level architecture for proxy authentication 9.10.2014 © Nixu 2014 9 SSO Exchange Online Azure AD IDM Client Basic auth AuthN AuthZ User store SAML 2.0 ECP first name last name display name UPN=[default email address] immutableID=[unique ID] license type location (SMTP address if other value than UPN is required)
  • 10. Challenges with integration  Active Sync client requires the use of the SAML 2.0 ECP-profile (Enhanced Client or Proxy) with HTTP Basic Auth  Multitenancy, i.e. separating different domains in the IdP/SSO  Lack of logging in O365  Converting and modifying identities might take time 9.10.2014 © Nixu 2014 10
  • 11. Multiple clients in multiple platforms Client Platform AuthN mechanism Browser for MS Online and Outlook Web Access PC / MAC SAML 2.0 (Passive authentication) Outlook 2007/Outlook 2010/2013?, Exchange ActiveSync, POP/IMAP/SMTP client PC / MAC? Basic authentication over SSL, SAML 2.0 (Proxy authentication) Lync 2010 PC / MAC? WS-Federation and WS- Trust Lync mobile >5.2 iOS, Windows Phone SAML 2.0 (Passive authentication) Office 2010/Office 2007/2013? applications PC / MAC? Active authentication with WS-Trust 9.10.2014 © Nixu 2014 11
  • 12. Identity provisioning alternatives  Manual  PowerShell  DirSync  Forefront Identity Manager (Windows Azure Active Directory Connector)  Azure AD Graph API (2014) 9.10.2014 © Nixu 2014 12
  • 13. Other uses for SAML based federation  Many SaaS and cloud providers support SAML 2.0 – E.g. SalesForce, Yammer, Zendesk, Google Apps etc. 9.10.2014 © Nixu 2014 13
  • 14. Main takeaways  Standards based integration is still in the making  Plan your business case  Plan your use cases  You need to know your authentication protocols  ADFS not the only option, other SSO products work as well – Currently with mixed protocols, in the future with SAML 2.0* 9.10.2014 © Nixu 2014 14 * source: http://blogs.office.com/2014/03/06/announcing-support-for-saml-2-0-federation-with-office-365/
  • 15. Links  Announcing support for SAML 2.0 federation with Office 365 http://blogs.office.com/2014/03/06/announcing-support-for-saml-2- 0-federation-with-office-365/  O365 SAML 2.0 implementors guide http://go.microsoft.com/?linkid=9844221 9.10.2014 © Nixu 2014 15
  • 16. Thank you! Nixu Oy www.nixu.fi/blogi - www.tietovastuu.fi - twitter: @nixutigerteam P.O. Box 39 (Keilaranta 15), FI-02150 Espoo, Finland Tel +358 9 478 1011, Fax +358 9 478 1030, nixu.sales@nixu.com Joonatan Henriksson joonatan.henriksson@nixu.com +358 50 342 3472 Twitter: @jonttuh 9.10.2014 © Nixu 2014 16

Notas del editor

  1. CCNA  Cisco Certified Network Associate  1  CISA  Certified Information Systems Auditor  4  CISM  Certified Information Security Manager  2  CISSP  Certified Information Systems Security Professional  10  CompTIA Security+    1  CPTS  Certified Penetration Testing Specialist  2  CSSLP  Certified Secure Software Lifecycle Professional  5  GCFA  Giac Certified Forensic Analyst  1  GCIA Gold  Giac Certified Intrusion Analyst  1  GCIH  Giac Certified Incident Handler  2  GSEC  Giac Security Essentials Certification  1  GSNA  Giac Systems and Network Auditor  2  GSSPC  Giac Secure Software Programmer - C  2  ISO/IEC 27001:2005 Certified Auditor (BVQI)    1  ISO/IEC 9000:2000 series Certified Auditor (BVQI)    1  ITIL foundations v2    2  ITIL foundations v3    2  MCSE  Microsoft Certified Systems Engineer  1  PA-QSA  Payment Application Qualified Security Assessor  1  QPASP  Qualified Payment Application Security Professional  1  QSA  Qualified Security Assessor  6  RHCT  Red Hat Certified Technician  1  Terena Certified CSIRT member    1  Ubisecure IAM Academy Qualified    2  VMWare Certified Professional    1