OUC204. Recently Announced… Identity Integration Options 2 3 Identity Management Overview 1.

Slides:



Advertisements
Similar presentations
Office 365 Identity June 2013 Microsoft Office365 4/2/2017
Advertisements

Office 365 Deployment FastTrack Overview
Server side Industrial Revolution Consumer devices Gold Rush.
Agenda AD to Windows Azure AD Sync Options Federation Architecture
Core identity scenarios Federation and synchronization 2 3 Identity management overview 1 Additional features 4.
Configuring SharePoint 2013 and Office 365 Hybrid – Part 1
Authentication solutions for Outlook and Office 365 Multi-factor authentication for Office 365 Outlook client futures.
[Speaker] [Title] [Company] Identity management integration options for Office 365.
Office 365 Identity aka Azure Active Directory
RequirementsDeployment Options 2 3 Dirsync Overview 1 Understanding Synchronization 4.
Identity management integration options for Office 365
Peter Ginnegar Technical Solution Professional Microsoft Corporation
Federated sign-in WS-Federation WS-Trust SAML 2.0 Metadata Shibboleth Graph API Synchronize accounts Authentication.
Microsoft Ignite /16/2017 4:55 PM
Sessions about to start – Get your rig on!. Notes from the field – Implement Hybrid Search and OneDrive for Business Chris Zhong - Microsoft Aaron Dinnage.
4/17/2017 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks.
Active Directory Integration with Microsoft Office 365
Version 2.0 for Office 365. Day 1 Administering Office 365 Day 2 Administering Office 365 Office 365 Overview & InfrastructureAdministering Lync Online.
Cloud app Cloud app Cloud app Separate username/password sign-in Manual or semi-automated provisioning Active Directory App Separate username/password.
Active Directory Integration with Microsoft Office 365 Ross Adams & Jono Luk Program Managers Microsoft Corporation OSP321.
SIM205. (On-Premises) Storage Servers Networking O/S Middleware Virtualization Data Applications Runtime You manage Infrastructure (as a Service)
User Microsoft Account Ex: User Organizational Account Ex: Microsoft Account Windows Azure Active Directory.
OFC-B317 Overview Identity Management in Office 365 Synchronization Topics Federation Topics Integration of SAML/OAUTH with Office Works with Office.
Introduction Please answer the survey questions posted at the end of this meeting. Let us know what sessions you want! Josh Topal at
Scenario covered in this presentation Separate credential from on- premises credential Authentication occurs via cloud directory service Does not.
5 | Microsoft Confidential 6 | Microsoft Confidential.
Single Sign-On with Microsoft Azure
Windows Azure Conference 2014 Windows Azure AD – All about WAAD & integration with on- premises AD.
…. PrePlanPrepareMigratePost Pre- Deployment PlanPrepareMigrate Post- Deployment First Mailbox.
Microsoft NDA Confidential Enabling users to be productive, responsibly Finding the right balance Devices & Experiences Users Want Applications and.
Microsoft ® Official Course Module 13 Implementing Windows Azure Active Directory.
Empowering people-centric IT Unified device management Access and information protection Desktop Virtualization Hybrid Identity.
Paul Andrew. Recently Announced… Identity Integration Options 2 3 Identity Management Overview 1.
Office 365 deployment choices Cutover, Staged, Hybrid What is AD FS (Active Directory Federation Services) Attribute Stores, ADFS Configuration Database.
Office 365: Identity and Access Solutions Suresh Menon Technology Specialist – Office 365 Microsoft Corporation India.
Version 2.0 for Office 365. Day 1 Administering Office 365 Day 2 Administering Office 365 Office 365 Overview & InfrastructureAdministering Lync Online.
Office 365 Directory Synchronization Update: Deploying Password Sync.
Bronze Sky customer premises AD MS Online Directory Sync Provisioning platform Provisioning platform Lync Online Lync Online SharePoint Online SharePoint.
Get identities to the cloud Mix on-premises and cloud identity for improved PC, mobile, and web productivity Cloud identities help you run your business.
Access resources in a federation partner organization.
Configuration Manager and InTune Gemeinsam oder einsam?
DNS DNS changes required to validate domains in Office 365 UPN – User Principal Name Every user must have a UPN UPN suffixes must match a validated.
Identities and Azure AD Premium
BE-com.eu Brussel, 26 april 2016 EXCHANGE 2010 HYBRID (IN THE EXCHANGE 2016 WORLD)
Agenda  Microsoft Directory Synchronization Tool  Active Directory Federation Server  ADFS Proxy  Hybrid Features – LAB.
Provides an overview of Lync Online Dates and capabilities are subject to change Screen captures are for illustration purposes and subject to change.
 Step 2 Deployment Overview  What is DirSync?  Purpose – What does it do?  Understanding Synchronization  Understanding Coexistence  Understanding.
 What is DirSync?  Purpose – What does it do?  Understanding Synchronization  Understanding Coexistence  Demo.
EMS in action Hugh Simpson-Wells and Mark Riley 2016 Redmond Summit | Identity Without Boundaries
ADFS - Does it Still have a Place? Fitting into the EMS puzzle Frank C. Drewes III 2016 Redmond Summit | Identity.
Private KEEP OFF! Private KEEP OFF! Open! What is a cloud? Cloud computing is a model for enabling convenient, on-demand network access to a shared.
Azure Active Directory Uday Hegde 2016 Redmond Summit | Identity Without Boundaries May 26, 2016 Group Program Manager, Azure AD
Protect your data Enable your users Desktop Virtualization Information protection Mobile device & application management Identity and Access Management.
Recording Brief EMS Partner Bootcamp Variables Values Module Title
Web SSO with Cloud Resources using AD Federation Services
SaaS Application Deep Dive
Directory Synchronization in Office 365
Office 365 Identity Management
05 | AD to Windows Azure AD IT Professionals
TechEd /24/2018 4:00 PM © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered.
Microsoft Ignite NZ October 2016 SKYCITY, Auckland.
SharePoint Online Hybrid – Configure Outbound Search
M7: New Features for Office 365 Identity Management
Office 365 Identity Management
Office 365 Identity Management
M3: Guidance for choosing the right integration option
AD FS Integration Active Directory Federation Services (AD FS) 7.4
Microsoft Ignite /24/2019 6:23 PM
4/20/ :04 PM © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or.
M6: Advanced Identity Management topics for Office 365
Presentation transcript:

OUC204

Recently Announced… Identity Integration Options 2 3 Identity Management Overview 1

Verifying that a user, device, or service such as an application provided on a network server is the entity that it claims to be. Determining which actions an authenticated entity is authorized to perform on the network

SAML is a public standard managed by OASIS. SAML is the identity token and also the protocol. SAML 2.0 is built on SAML 1.1, ID-FF and Shibboleth. The Relying Party (RP) is the system that relies on the Identity Provider to authenticate a user. WS-Federation is used for web browser based authentication with an IDP. WS- Trust is used by Office rich client apps to authenticate.

User Microsoft Account Ex: User Organizational Account Ex: Microsoft Account Windows Azure Active Directory

Directory store Authentication platform Windows Azure Active Directory Your App

Cloud Identity Single identity in the cloud Suitable for small organizations with no integration to on- premises directories Directory Synchronization Single identity suitable for medium and large organizations without federation Federated Identity Single federated identity and credentials suitable for medium and large organizations

SAML2 Identity Provider More Details on TechNet:

* Azure AD offers some 2FA features that are available with ADFS deployment on-premises. Password SyncSSO with AD FS Same password to access resources Can control password policies on- premises Support for two factor authentication * No password re-entry if on premises Client access filtering by IP or by time schedule Authentication occurs on-premises. Can immediately block disabled accounts. Change password available from web Works with Forefront Identity Manager

Your data and applications are under attack Passwords are easily compromised Consumerization of IT has only increased the scope of vulnerability Strengthening regulatory requirements call for strongly authenticating access

Azure Active Directory GRAPH API REST API for programmatic access to data in Azure AD Can build multi-tenant applications, or custom LOB Apps Azure Active Directory Connector for FIM 2010 R2 Can be used for multi-forest synchronization and non- AD sources Public Beta starts on Connect soon

Cloud IdentityDirectory SyncPassword SyncGraph APIFIMSingle Sign-On Org sizeSmallAll Large Control of attributes in directory Least controlFull control via on-premises directory Can control core attributes and select optional Full control via on-premises directory Source of authority CloudOn-premisesOn-PremisesCloudOn-premises Hardware requirements No on-premises hardware required Windows Server OS for DirSync appliance Machine to run Powershell jobs on Federated Identity Manager with office 365 Connector DirSync appliance ADFS (or other STS) deployment Login experienceDisjoint username, password for on- premises and cloud Enter credentials twice Disjoint username, password for on- premises and cloud Enter credentials twice Same username, password for on- premises and cloud Enter credentials twice Disjoint username, password for on- premises and cloud Enter credentials twice Disjoint username, password for on- premises and cloud Enter credentials twice Same username, password for on- premises and cloud Login once if on- premises

Windows Azure Active Directory User Cloud Identity Ex:

Windows Azure Active Directory User On-Premises Identity Ex: Domain\Alice Directory Synchronization Cloud Identity Ex: AD

On-Premises Identity Ex: Domain\Alice Directory Synchronization with one way Password Hash Cloud Identity Ex: AD Windows Azure Active Directory User

On-Premises Identity Ex: Domain\Alice Federation using ADFS AD DirSync on FIM AD Windows Azure Active Directory User

Number Active Directory forests See consolidation whitepaper Use Single Forest DirSync Use Office 365 Connector Use Multi Forest DirSync Need on- premises org consolidation Number Exchange Orgs “Disjoint” Account Forests? “Disjoint” account forests and exchange org accessed by accounts in the same forest? Want to consolidate single forest? After consolidation Single (1) Multiple (>1) Yes None (0) Multiple (>1) Start After consolidation No Single (1) Yes No Multi-forest decision flowchart

Suitable for small/medium size organizations with AD or Non-AD Performance limitations apply with PowerShell and Graph API provisioning PowerShell requires scripting experience PowerShell option can be used where the customer/partner may have wrappers around PowerShell scripts (eg: Self Service Provisioning)

Suitable for large organizations with certain AD and Non-AD scenarios Complex multi-forest AD scenarios Non-AD synchronization through Microsoft premier deployment support Requires Forefront Identity Manager and additional software licenses

Windows Azure Active Directory User On-Premises Identity Ex: Domain\Alice Federation AD Non-AD Directory Synchronization or

Suitable for educational organizations Recommended where customers may use existing non-ADFS Identity systems Single sign-on Secure token based authentication Support for web clients and outlook (ECP) only Microsoft supported for integration only, no shibboleth deployment support Requires on-premises servers & support Works with AD and other directories on-premises Shibboleth (SAML) Works with AD & Non-AD Suitable for medium, large enterprises including educational organizations Recommended option for Active Directory (AD) based customers Single sign-on Secure token based authentication Support for web and rich clients Microsoft supported Works for Office 365 Hybrid Scenarios Requires on-premises servers, licenses & support Suitable for medium, large enterprises including educational organizations Recommended where customers may use existing non-ADFS Identity systems with AD or Non-AD Single sign-on Secure token based authentication Support for web and rich clients Third-party supported Works for Office 365 Hybrid Scenarios Requires on-premises servers, licenses & support Verified through ‘works with Office 365’ program Works for Office 365 Hybrid Scenarios

Qualified by Microsoft Reuse Investments

WS-Trust & WS-Federation WS-Federation SAML-P Active Directory with ADFS

Win. Attend any Office 365 or Lync Session and be in-to-win a 1 Year Subscription to Office 365 Home Premium, Spot Prizes, Your $2,500 Office in the Cloud, or one of 30 Attacknid Doom Razors!

Head to... aka.ms/te

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.