Windows Server Active Directory Intranet Managed Access Managed Identities Integrated Business Apps.

Slides:



Advertisements
Similar presentations
Office 365 Identity June 2013 Microsoft Office365 4/2/2017
Advertisements

Agenda AD to Windows Azure AD Sync Options Federation Architecture
Core identity scenarios Federation and synchronization 2 3 Identity management overview 1 Additional features 4.
Office 365 Identity aka Azure Active Directory
Patterns & practices Symposium 2013 Windows Azure Active Directory Vittorio
Identity management integration options for Office 365
Federated sign-in WS-Federation WS-Trust SAML 2.0 Metadata Shibboleth Graph API Synchronize accounts Authentication.
Microsoft Ignite /16/2017 4:55 PM
1 Trillion Azure AD authentications since the release of the service 50 M Office 365 users active every month >1 Billion authentications every.
Problem Statement AD DB App1 DB App2 AD App4 App6 AD App5 Intranet Extranet Cloud AD App3 DB SSO Separate Sign-in Separate Sign-in Separate Sign-in.
GRDevDay March 21, 2015 Cloud-based Identity for Applications.
IT can provide users with a common identity across on-premises or cloud- based services, leveraging Windows Server Active Directory and Azure Active.
Active Directory federation user provisioning.
Active Directory Integration with Microsoft Office 365
Conditional access DirectAccess & automatic VPN Desktop Virtualization.
Esri UC2013. Technical Workshop. Technical Workshop 2013 Esri International User Conference July 8–12, 2013 | San Diego, California Building Secure Applications.
Cloud app Cloud app Cloud app Separate username/password sign-in Manual or semi-automated provisioning Active Directory App Separate username/password.
Active Directory Integration with Microsoft Office 365 Ross Adams & Jono Luk Program Managers Microsoft Corporation OSP321.
SIM205. (On-Premises) Storage Servers Networking O/S Middleware Virtualization Data Applications Runtime You manage Infrastructure (as a Service)
User Microsoft Account Ex: User Organizational Account Ex: Microsoft Account Windows Azure Active Directory.
Troubleshooting Federation, AD FS 2.0, and More…
Fraser Technical Solutions, LLC
Prabath Siriwardena Senior Software Architect. An open source Identity & Entitlement management server.
OFC-B317 Overview Identity Management in Office 365 Synchronization Topics Federation Topics Integration of SAML/OAUTH with Office Works with Office.
SPC204 Security Problems in SharePoint 2010 Authentication and Authorization.
OUC204. Recently Announced… Identity Integration Options 2 3 Identity Management Overview 1.
ArcGIS Server and Portal for ArcGIS An Introduction to Security
SharePoint Security Fundamentals Introduction to Claims-based Security Configuring Claims-based Security Development Opportunities.
Identity & Access Control in the Cloud Name Title Organization.
(Azure+O365) Identity Presenter Name Position or role Microsoft Azure.
Paul Andrew. Recently Announced… Identity Integration Options 2 3 Identity Management Overview 1.
101 ways to authenticate with Azure Active Directory
Authentication in the cloud: Step by Step Felix Jorkowski Senior Developer, Planet Software AZR317.
Session: MIX09-T27F. Web Developers Customizable identity UX Single Sign On Access to user data ISVs Federation for selling their applications to organizations.
ON YOUR TERMS Business needs * Enhanced by upcoming Azure IAAS features GoodBetterBest * * GoodBetterBestGoodBetterBestGoodBetterBestGoodBetterBestGoodBetterBest.
Get identities to the cloud Mix on-premises and cloud identity for improved PC, mobile, and web productivity Cloud identities help you run your business.
Adxstudio Portals Training
With ADFS and Azure Active Directory
Identities and Azure AD Premium
Slavko Kukrika MVP Connect Windows 10 to the Cloud – Cloud Join.
Today’s Applications Web API Browser Native app Web API Web API
Agenda  Microsoft Directory Synchronization Tool  Active Directory Federation Server  ADFS Proxy  Hybrid Features – LAB.
Prabath Siriwardena, Director of Security, WSO2 Twitter
Azure Active Directory is becoming one of, if not the, primary user identity management services for cloud applications. One of Azure Active Directory's.
EMS in action Hugh Simpson-Wells and Mark Riley 2016 Redmond Summit | Identity Without Boundaries
ADFS - Does it Still have a Place? Fitting into the EMS puzzle Frank C. Drewes III 2016 Redmond Summit | Identity.
Azure Active Directory Uday Hegde 2016 Redmond Summit | Identity Without Boundaries May 26, 2016 Group Program Manager, Azure AD
Secured Services Best Practices on ArcGIS for Server Patrick Jackson & Thomas Noble.
Protect your data Enable your users Desktop Virtualization Information protection Mobile device & application management Identity and Access Management.
Application Authentication using Azure AD
Azure Active Directory - Business 2 Consumer
Migrating SharePoint Add-ins from Azure ACS to Azure AD
SaaS Application Deep Dive
Power BI Security Best Practices
Azure AD Line Of Business Application Integration
Azure AD Application Proxy
Deep Dive into Cloud Identity, Identity Bridging and Cloud Tokens - EWUG.DK - Level Peter Selch Dahl - Sr. IT Architect, Cloud and.
Azure Active Directory
05 | AD to Windows Azure AD IT Professionals
TechEd /24/2018 4:00 PM © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered.
M7: New Features for Office 365 Identity Management
Office 365 Identity Management
Office 365 Identity Management
Matthew Levy Azure AD B2B vs B2C Matthew Levy
Office 365 Development.
ASP.NET Core 2.0 Identity and Azure Active Directory
Device Registration and Multi-Factor Authentication
4/15/2019 1:57 PM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN.
Microsoft Ignite NZ October 2016 SKYCITY, Auckland.
A Lap Around Windows Azure Active Directory
Presentation transcript:

Windows Server Active Directory Intranet Managed Access Managed Identities Integrated Business Apps

Windows Server Active Directory Intranet Managed Access Managed Identities Integrated Business Apps SAAS you buySAAS you build

Windows Server Active Directory On-Premises SAAS you buildSAAS you sell Windows Azure Active Directory Other Microsoft Services Office 3653 rd Party SAAS you buy DirSync

Small Businesses AD/ADFS Medium/Large Enterprises AD/LDAP Shibboleth Schools & Universities Windows Azure AD Directory Tenant 1 Directory Tenant 2 Directory Tenant n SAML2.0 WS-Federation Federation Metadata OAuth2.0 REST based Directory Graph API Web Applications Web APIs Rich Client Apps Single Tenant / Multi Tenant SAAS Applications Admin Consent / Application Install

Developer’s Organization’s Windows Azure AD (Identity Provider) Single Tenant App 1 ASP.net Web App Single Tenant App 2 PhP Web App Developer (Relying Parties) Registers App

Developer’s Organization’s Windows Azure AD (Identity Provider) Single Tenant App 1 ASP.net Web App Single Tenant App 2 PhP Web App Developer (Relying Parties) SAML2.0 WS-Federation Federation Metadata User from developer’s Organization Sign on

1 HTTP GET 2 HTTP 302 REDIRECT /wsfed ?wa=wsignin1.0 &wtrealm=https%3a%2f%2fresource.com &wct= T03%3a20%3a02Z /saml2 ?SAMLRequest=jZFNS8NA… &RelayState=http… HTTP GET /wsfed ?wa=wsignin1.0 &wtrealm=https%3a%2f%2fresource.com &wct= T03%3a20%3a02Z /saml2 ?SAMLRequest=jZFNS8NA… &RelayState=http… 3 User Authentication 4 HTTP 200 OK <input type=“hidden” name=“SAMLResponse” <input type=“hidden” name=“RelayState” HTTP POST wa=wsignin1.0&wresult=token SAMLResponse=token 5 HTTP 302 REDIRECT Cookie=Auth Cookie 6 HTTP GET Cookie=Auth Cookie 7 HTTP 200 OK

Name ID Tenant ID Object Identifier Name Audience

SAML-P Related SAML SSO URL SAML Logout URL Token Signing Key WS-Fed Related WS-Fed SSO & Signout URL EntityID

Developer’s Organization’s Windows Azure AD (Identity Provider) Single Tenant App 1 ASP.net Web App Single Tenant App 2 PhP Web App Developer (Relying Parties) SAML2.0 WS-Federation Federation Metadata User from developer’s Organization Sign on

Developer’s Organization’s Windows Azure AD (Identity Provider) Single Tenant App 1 ASP.net Web App Single Tenant App 2 PhP Web App Developer (Relying Parties) SAML2.0 WS-Federation Federation Metadata User from developer’s Organization Sign out

1 User initiates sign-out 2 HTTP 302 REDIRECT /wsfed ?wa=wsignout1.0 &wtrealm=https%3a%2f%2fresource.com &wreply=https%3a%2f%2fresource.com /saml2 ?SAMLRequest=jZFNS8NA… &Signature= … &SigAlg=… Clear Cookie HTTP GET /wsfed ?wa=wsignout1.0 &wtrealm=https%3a%2f%2fresource.com &wreply=https%3a%2f%2fresource.com /saml2 ?SAMLRequest=jZFNS8NA… &Signature= … &SigAlg=… 3 Sign-out Broadcast 4 HTTP 302 REDIRECT ?SAMLResponse=… &Signature=… &SignAlg=… HTTP GET ?SAMLResponse=… &Signature=… &SignAlg=… 5 HTTP 200 OK

Developer’s Organization’s Windows Azure AD (Identity Provider) Single Tenant App 1 ASP.net Web App Single Tenant App 2 PhP Web App Developer (Relying Parties) SAML2.0 WS-Federation Federation Metadata User from developer’s Organization Sign out

Developer’s Organization’s Windows Azure AD (Identity Provider) Single Tenant App 1 ASP.net Web App Single Tenant App 2 PhP Web App Developer (Relying Parties) SAML2.0 WS-Federation Federation Metadata Multi Tenant App Designates App to be Externally Available

Developer’s Organization’s Windows Azure AD (Identity Provider) Single Tenant App 1 ASP.net Web App Single Tenant App 2 PhP Web App Developer (Relying Parties) SAML2.0 WS-Federation Federation Metadata Multi Tenant App Customer’s Windows Azure AD (Identity Provider 2) Customer (Tenant Administrator) SAML2.0 WS-Federation Federation Metadata Consents to Application Install

1 Administrator initiates application install 2 HTTP 302 REDIRECT re.com/Consent.aspx ?ClientID=eb74… &RequestedPermissions=DirectoryReaders &ConsentReturnURL=https%3a%... 4 HTTP 302 REDIRECT ?Consent=Granted &TenantId=82869… HTTP GET re.com/Consent.aspx ?ClientID=eb74… &RequestedPermissions=DirectoryReaders &ConsentReturnURL=https%3a%... 3 Authentication & Consent UI HTTP GET ?Consent=Granted &TenantId=82869… AAD provisions app service principal in the tenant. The app service principal is assigned permissions per Tenant Admin’s consent. SAAS application completes on- boarding the new customer/organization

Developer’s Organization’s Windows Azure AD (Identity Provider) Single Tenant App 1 ASP.net Web App Single Tenant App 2 PhP Web App Developer (Relying Parties) SAML2.0 WS-Federation Federation Metadata Multi Tenant App Customer’s Windows Azure AD (Identity Provider 2) Customer (Tenant Administrator) SAML2.0 WS-Federation Federation Metadata Consents to Application Install

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.