Brian Puhl Principal Technology Architect MSIT Identity & Access Management Microsoft Corporation SESSION CODE: SIA302.

Slides:



Advertisements
Similar presentations
Tech Ed North America /31/2017 9:47 PM Required Slide
Advertisements

Ben Bernstein, Program Manager, UAG DirectAccess Tom Shinder, Knowledge Engineer, UAG DirectAccess Microsoft Corporation SESSION CODE: SIA310.
Office 365 Identity June 2013 Microsoft Office365 4/2/2017
Agenda AD to Windows Azure AD Sync Options Federation Architecture
Core identity scenarios Federation and synchronization 2 3 Identity management overview 1 Additional features 4.
Death of Security: Breached Hosts/Stolen Data/IP Espionage
Adwait JoshiJim Harrison Sr. Product ManagerProgram Manager Microsoft Corporation SESSION CODE: SIA308.
Problem Statement AD DB App1 DB App2 AD App4 App6 AD App5 Intranet Extranet Cloud AD App3 DB SSO Separate Sign-in Separate Sign-in Separate Sign-in.
Active Directory Integration with Microsoft Office 365
Cloud app Cloud app Cloud app Separate username/password sign-in Manual or semi-automated provisioning Active Directory App Separate username/password.
Active Directory Integration with Microsoft Office 365 Ross Adams & Jono Luk Program Managers Microsoft Corporation OSP321.
SIM205. (On-Premises) Storage Servers Networking O/S Middleware Virtualization Data Applications Runtime You manage Infrastructure (as a Service)
Building Integrated Microsoft Office 365, SharePoint Online, and Office Solutions Using BCS and LOB Data Donovan Follette Sr. Technical.
Troubleshooting Federation, AD FS 2.0, and More…
Christian Paquin Senior Program Manager Microsoft Corporation SESSION CODE: SIA305.
SIM402. Kerberos, NTLM, Basic, Digest, Forms?
Matt Steele Senior Program Manager Microsoft Corporation SESSION CODE: SIA326.
Business Productivity Suite Business Collaboration Platform Information Platform Reporting Services ReportsCentral Admin.
Clinton Ho Program Manager Microsoft Corporation SESSION CODE: SIA311.
Christopher Chapman | MCT Content PM, Microsoft Learning, PDG Planning, Microsoft.
Troubleshooting Federation, AD FS 2.0, and More…
Configuring and Troubleshooting Identity and Access Solutions with Windows Server® 2008 Active Directory®
Single Sign-On with Microsoft Azure
The Secrets of Effective Technical Talks: How to Explain Tech without Tucking Them In! Presented by Mark Minasi and Mark Russinovich SESSION CODE: SIA334.
Ashwin Sarin Program Manager Microsoft Corporation SESSION CODE: COS204.
Dan Kershaw Principal Program Manager Microsoft Corporation SESSION CODE: COS206.
Boris Jabes Senior Program Manager Microsoft Corporation SESSION CODE: DEV319 Scale & Productivity in Visual C
Mark Estberg, John Howie Senior Directors Microsoft Corporation SESSION CODE: SIA317.
Maggie Myslinska (Program Manager) Microsoft Corporation SESSION CODE: ASI204.
Rick Taylor Senior Technical Architect Perficient, Inc. SESSION CODE: OSP311.
Joe SchulmanAdrienne WuProgram ManagerMicrosoft Corporation SESSION CODE: SIA319.
END USER TOOLS AND PERFORMANCE MANAGEMENT APPS Excel PerformancePoint Svcs/ProClarity BI PLATFORM SQL Server Reporting Services SQL Server Reporting Services.
Janssen Jones Virtual Machine MVP Indiana University SESSION CODE: VIR403.
Tech Ed North America /24/2017 1:59 AM SESSION CODE: SIA327
Office 365 deployment choices Cutover, Staged, Hybrid What is AD FS (Active Directory Federation Services) Attribute Stores, ADFS Configuration Database.
Jim Harrison Program Manager, Forefront TMG Microsoft Corporation SESSION CODE: SIA325.
Suhail Dutta Program Manager Microsoft Corporation SESSION CODE: DEV402.
Aaron Skonnard & Keith Brown Cofounders, Pluralsight SESSION CODE: ASI308 Programming AppFabric: Moving.NET to the Cloud.
SIM401. A. Datum Account Forest Trey Research Resource Forest Federation Trust Microsoft (Users) E-Company Store (Resource) Contoso(Users)Contoso(Users)Fabrikam(Resource)Fabrikam(Resource)
Jeff King Senior Program Manager, Visual Studio Microsoft Corporation SESSION CODE: WEB305.
Lori Dirks Expression Community Manager Microsoft Corporation SESSION CODE: WEB309.
Chris Mayo Microsoft Corporation SESSION CODE: UNC207.
Olivier Bloch Technical Evangelist Microsoft Corporation SESSION CODE: WEM308.
Richard Campbell Co-Founder Strangeloop Networks SESSION CODE: WEB315.
Uri Lichtenfeld Security Specialist Certified Security Solutions – Microsoft Partner SESSION CODE: SIA312.
Younus Aftab Program Manager Microsoft Corporation SESSION CODE: WSV324.
SESSION CODE: MGT205 Chris Harris Program Manager Microsoft Corporation.
BIO202 | Building Effective Data Visualizations and Maps with Microsoft SQL Server 2008 Reporting Services BIU08-INT | Using.
Martin Woodward Program Manager Microsoft Corporation SESSION CODE: DEV308.
Mir Rosenberg & Refaat Issa Program Managers Microsoft Corporation SESSION CODE: WSV401.
David A. Carley Senior SDE Microsoft Corporation SESSION CODE: DEV318.
Maarten Struys Windows Phone Evangelist Alten PTS SESSION CODE: WPH303.
Rob Tiffany Mobility Architect Microsoft Corporation SESSION CODE: WPH306.
Christophe Fiessinger & Jan Kalis Senior Technical Product Manager Microsoft Corporation SESSION CODE: OSP209.
Slavko Kukrika MVP Connect Windows 10 to the Cloud – Cloud Join.
3 Business Intelligence with the world’s most popular business productivity suite and most widely deployed information platform IT management & developer.
Andrew Connell, MVP Developer, Instructor & Author Critical Path Training, LLC. SESSION CODE: OSP319.
Azure Active Directory - Business 2 Consumer
Introduction to Windows Azure AppFabric
6/17/2018 5:54 AM OSP322 Getting the best of both worlds, making the most of SharePoint hybrid search solutions Shyam Narayan Microsoft © 2013 Microsoft.
Excel Services Deployment and Administration
Tech Ed North America /22/2018 4:52 PM SESSION CODE: SIA201
Cross-Org Collaboration using SharePoint 2010 & AD FS 2.0
Advanced Dashboard Creation Using Microsoft SharePoint Server 2010
SharePoint Online Hybrid – Configure Outbound Search
M7: New Features for Office 365 Identity Management
Office 365 Identity Management
Vittorio Bertocci Principal Technical Evangelist Microsoft
2/27/2019 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks.
Azure AD Simon May Technical Evangelist.
Presentation transcript:

Brian Puhl Principal Technology Architect MSIT Identity & Access Management Microsoft Corporation SESSION CODE: SIA302

A. Datum Account Forest Trey Research Resource Forest Federation Trust Microsoft (Users) E-Company Store (Resource)

LOB Application 1 LOB Application …2 LOB Application …N SharePoint Sites File Servers Authorization Components Authentication Infrastructure Services

LOB Application 1 LOB Application …2 LOB Application …N SharePoint Sites File Servers Authentication and Authorization Infrastructure Services

Contract IDRegionCountryAccount Mgr.Sales Mgr. 101NAUSJasonJohn 102EUUKJoeSam 103EUFRArielJorge 104EUFRArielLinda 105EUDEJonSarah Business Policy Acct Mgrs: Read contracts in their region Edit contracts their country Create new contracts Sales Rep: Edit contracts they own Application Roles: Create Read Update How do you build the token for Ariel? Read ??? This doesn’t work Create - doesn’t reflect the policy Read Create~102/Read~103/Update~104/Update~105/Read Token bloat with too many values

Identity STS - Authentication - Partner Federation - Identity Normalization - Immutable Identifiers App Suite STS - Augmented claims - Authorization tokens

ADFS issues authentication tickets to the PARTNER REALM, not to any specific application Once a user is authenticated by ADFS, the PARTNER ADFS SERVER will issue tokens for any application which trusts it without going back for authorization

Policy does not allow service to issue a token based on the SERVICE PROVIDERS policy (ex. Subscription to services) X X

X X

Microsoft BPOS Policy must reflect the application access CONTOSO has for it’s users, but is enforced at the federation broker STS

Loss of personal/confidential data –Recoverability after termination –The enterprise should not have to provide access to corporate ID’s –Users should not have to find and re-permission their data to a new account

Microsoft Federation Gateway Exchange Online Corporate Network

Microsoft Federation Gateway Exchange Online Corporate Network ID: UPN: ID: UPN: PUID: E0A178 PUID: E0A178 MAIL:

Microsoft Federation Gateway Exchange Online Corporate Network ID: UPN: ID: UPN: PUID: E0A178 PUID: E0A178 MAIL:

Microsoft Federation Gateway Exchange Online Corporate Network ID: UPN: ID: UPN: PUID: E0A178 PUID: E0A178 MAIL: SSL TUNNEL Basic Auth - UPN & PW

Microsoft Federation Gateway Exchange Online Corporate Network ID: UPN: ID: UPN: PUID: E0A178 PUID: E0A178 MAIL: Home Realm Discovery UPN & PW STS URL

Microsoft Federation Gateway Exchange Online Corporate Network ID: UPN: ID: UPN: PUID: E0A178 PUID: E0A178 MAIL: UPN & PW & 12345

Microsoft Federation Gateway Exchange Online Corporate Network ID: UPN: ID: UPN: PUID: E0A178 PUID: E0A178 MAIL: & E0A178

Microsoft Federation Gateway Exchange Online Corporate Network ID: UPN: ID: UPN: PUID: E0A178 ID: UPN: PUID: E0A178 PWD: UPN: PUID: E0A178 MAIL:

Microsoft Federation Gateway Exchange Online Corporate Network ID: UPN: ID: UPN: PUID: E0A178 ID: UPN: PUID: E0A178 PWD: PUID: E0A178 MAIL: RPC/HTTPS

Breakout Sessions SIA321 |Business Ready Security: Exploring the Identity and Access Management Solution SIA201 |Understanding Claims-Based Applications: An Overview of Active Directory Federation Services (AD FS) 2.0 and Windows Identity Foundation SIA302 | Identity and Access Management: Centralizing Application Authorization Using Active Directory Federation Services 2.0 SIA303|Identity and Access Management: Windows Identity Foundation and Windows Azure SIA304 | Identity and Access Management: Windows Identity Foundation Overview SIA305 | Top 5 Security and Privacy Challenges in Identity Infrastructures and How to Overcome Them with U-Prove SIA306 | Night of the Living Directory: Understanding the Windows Server 2008 R2 Active Directory Recycle Bin SIA307 | Identity and Access Management: Deploying Microsoft Forefront Identity Manager 2010 Certificate Management for Microsoft IT SIA318 | Microsoft Forefront Identity Manager 2010: Deploying FIM SIA319 | Microsoft Forefront Identity Manager 2010: In Production SIA326 | Identity and Access Management: Single Sign-on Across Organizations and the Cloud - Active Directory Federation Services 2.0 Architecture Drilldown SIA327 | Identity and Access Management: Managing Active Directory Using Microsoft Forefront Identity Manager SIA01-INT | Identity and Access Management: Best Practices for Deploying and Managing Active Directory Federation Services (AD-FS) 2.0 SIA03-INT | Identity and Access Management: Best Practices for Deploying and Managing Microsoft Forefront Identity Manager SIA06-INT | Identity and Access Management Solution Demos Hands-On Labs SIA02-HOL | Microsoft Forefront Identity Manager 2010 Overview SIA06-HOL | Identity and Access Management Solution: Business Ready Security with Microsoft Forefront and Active Directory Product Demo Stations Red SIA-5 & SIA-6 | Microsoft Forefront Identity and Access Management Solution

Learn more about our solutions: Try our products:

Sign up for Tech·Ed 2011 and save $500 starting June 8 – June 31 st You can also register at the North America 2011 kiosk located at registration Join us in Atlanta next year

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.