Presentation is loading. Please wait.

Presentation is loading. Please wait.

SaaS apps.

Published byCandice Miller Modified over 8 years ago

Similar presentations

Presentation on theme: "SaaS apps."— Presentation transcript:

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21 SaaS apps

22

23

24 https://azure.microsoft.com/en-us/documentation/articles/active-directory-saas-access-panel- introduction

25 Azure Active Directory Remote Access as a Service Easily Publish your on-prem applications outside the corporate network Extend Azure AD to on-prem Utilize Azure AD as a central management point for all your apps

26 Connector Http://sales Http://app1 Http://app2 Connector

27 Http://sales.contoso.com Http://app1 Http://app2 Connector

28

29 DMZ Azure Active Directory Datacenter DMZ https://sales-contoso.msappproxy.net https://sales.contoso.com Datacenter IaaS Network

30

31 Azure Active Directory Corporate Network DMZ

32

33 Azure Active Directory Corporate Network DMZ

34

35

36 Frontend App Custom App Girish **********

37

38

39

40

41 On-Premises applications Application Per application policy Client type (Native apps, web apps) Other Location (IP Range) Risk Profile (future) Devices Is Domain Joined Is Compliant Platform type Lost or Stolen User attributes User identity Group memberships Auth Strength Allow MFA Block Enroll

42 An Azure Identity and Access management service that prevents unauthorized access to both on- premises and cloud applications by providing an additional level of authentication Trusted by thousands of enterprises to authenticate employee, customer, and partner access.

43 How It Works

44 Users must also authenticate using their phone or mobile device before access is granted. Users sign in from any device using their existing username/password.

45

46

47

48

49

50

51

52

53

54

55

56

57 30 min – (Optional) Verify and test custom domain Needs to match existing UPN suffix on-prem 10 min – Set up accounts with correct perms Azure AD: Managed global admin with NO MFA AD DS: Admin on box & EA in domain 5 min – Address firewall rules 80 and 443 outbound, be aware of proxy settings, as well 15 min – Install and Configure Azure AD Connect Time required

58 Azure AD Connect getting started https://azure.microsoft.com/en-us/documentation/articles/active-directory-aadconnect/ Permissions https://azure.microsoft.com/en-us/documentation/articles/active-directory-aadconnect-account- summary/ https://azure.microsoft.com/en-us/documentation/articles/active-directory-aadconnect-account- summary/ Advanced deployments (multi-forest, etc) https://azure.microsoft.com/en-us/documentation/articles/active-directory-aadconnect-get-started- custom/ https://azure.microsoft.com/en-us/documentation/articles/active-directory-aadconnect-get-started- custom/ Networking requirements for AAD scenarios (generic) https://support.office.com/en-us/article/Office-365-URLs-and-IP-address-ranges-8548a211-3fe7- 47cb-abb1-355ea5aa88a2?ui=en-US&rs=en-US&ad=US *note, does not include password writeback, see next section https://support.office.com/en-us/article/Office-365-URLs-and-IP-address-ranges-8548a211-3fe7- 47cb-abb1-355ea5aa88a2?ui=en-US&rs=en-US&ad=US

59 5 min – Create some users and groups 2 users and 1 group minimum to demo self-service effectively. 1 min – Assign licenses http://manage.windowsazure.com -> licenses. Assign to a group to show off group-based licensing. http://manage.windowsazure.com 1 min – Enable SSPR and SSGM http://manage.windowsazure.com -> configure. http://manage.windowsazure.com 5 min – Add security data for SSPR and demo http://aka.ms/ssprsetup, or turn on enforced registration. http://aka.ms/ssprsetup <5 min – Add an owner to a group to demo approvals Select a group -> click on the “owners” tab -> add an owner. Demo approval from myapps.microsoft.com. Time required

60 Password management documentation https://azure.microsoft.com/en-us/documentation/articles/active-directory-passwords/ Group management documentation https://azure.microsoft.com/en-us/documentation/articles/active-directory-manage-groups/ How to enable password writeback https://azure.microsoft.com/en-us/documentation/articles/active-directory-passwords-getting- started/#enable-users-to-reset-or-change-their-ad-passwords https://azure.microsoft.com/en-us/documentation/articles/active-directory-passwords-getting- started/#enable-users-to-reset-or-change-their-ad-passwords Password writeback technical & security overview https://azure.microsoft.com/en-us/documentation/articles/active-directory-passwords-learn- more/#password-writeback-overview https://azure.microsoft.com/en-us/documentation/articles/active-directory-passwords-learn- more/#password-writeback-overview

61 10 min – Get a Twitter account + set up SSO Make a free account at twitter.com, add application in the Management portal + add users & groups 10 min – Get a Salesforce account (developer edition) https://developer.salesforce.com/signup + domain name config 10 min – Set up SSO with Salesforce https://azure.microsoft.com/documentation/articles/active-directory-saas-salesforce-tutorial/ + add to directory + add users & groups = ready to sign in! 20 min – Set up Provisioning with Salesforce https://azure.microsoft.com/documentation/articles/active-directory-saas-salesforce-tutorial/ + certs + wait for users to provision = newly assigned users, ready to sign in! Advanced – Create App proxy app + set up SSO Use default IIS webserver on Azure VM, configure Azure AD App Proxy + add users & groups Time required

62 Application access in AAD https://msdn.microsoft.com/library/azure/dn308590.aspx Setting up Salesforce https://azure.microsoft.com/documentation/articles/active-directory-saas-salesforce-tutorial/ Enable Application Proxy Services https://msdn.microsoft.com/en-us/library/azure/Dn768214.aspx

63 5-20 min – Make sure you’ve got audit data Check Management Portal > Reports > Audit report – if there’s nothing there, go run some population scripts and continue anyway (they’ll show up later) 20 min – Install Splunk on an Azure VM Get Splunk Enterprise image, install on Windows VM 5 min – Import Azure AD audit data into Splunk Management Portal > Reports > Audit report > Download, drag and drop into “Add Data” section of Splunk 30 min – Set Splunk to automatically get audit data Powershell script with AAD app client id and secret, uploaded to Splunk, executed every 24h 30 min – Set up a dashboard in Splunk to visualize Data already searchable in Splunk; can set up fancy pie charts and trendlines and graphs Time required

64 Getting started with the Reporting API https://azure.microsoft.com/en-us/documentation/articles/active-directory-reporting-api-getting- started/ https://azure.microsoft.com/en-us/documentation/articles/active-directory-reporting-api-getting- started/ API Schema and endpoints https://msdn.microsoft.com/en-us/library/azure/mt126081.aspx Audit report events https://azure.microsoft.com/en-us/documentation/articles/active-directory-reporting-audit-events/ PowerShell import script http://azure.microsoft.com/en-us/documentation/articles/active-directory-reporting-api-getting-started/

65

66

67 Что же мы будем делать сегодня?

68

69 Артём Синицын artsin@microsoft.com @ArtyomSinitsyn

Download ppt "SaaS apps."

Similar presentations

Agenda AD to Windows Azure AD Sync Options Federation Architecture

Agenda AD to Windows Azure AD Sync Options Federation Architecture
Core identity scenarios Federation and synchronization 2 3 Identity management overview 1 Additional features 4.

Core identity scenarios Federation and synchronization 2 3 Identity management overview 1 Additional features 4.
Configuring SharePoint 2013 and Office 365 Hybrid – Part 1

Configuring SharePoint 2013 and Office 365 Hybrid – Part 1
Forefront UAG/TMG Web Application Proxy + AD FS.

Forefront UAG/TMG Web Application Proxy + AD FS.
Microsoft Ignite /16/2017 3:28 PM

Microsoft Ignite /16/2017 3:28 PM
SharePoint Server Exchange Server CORPORATE NETWORK Mobile devices PCs Browsers INTERNET DMZ Active Directory Policies Filter EAS Filter web access.

SharePoint Server Exchange Server CORPORATE NETWORK Mobile devices PCs Browsers INTERNET DMZ Active Directory Policies Filter EAS Filter web access.
Identity management integration options for Office 365

Identity management integration options for Office 365
Federated sign-in WS-Federation WS-Trust SAML 2.0 Metadata Shibboleth Graph API Synchronize accounts Authentication.

Federated sign-in WS-Federation WS-Trust SAML 2.0 Metadata Shibboleth Graph API Synchronize accounts Authentication.
Microsoft Ignite /16/2017 4:55 PM

Microsoft Ignite /16/2017 4:55 PM
4/17/2017 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks.

4/17/2017 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks.
IT can provide users with a common identity across on-premises or cloud- based services, leveraging Windows Server Active Directory and Azure Active.

IT can provide users with a common identity across on-premises or cloud- based services, leveraging Windows Server Active Directory and Azure Active.
4/17/2017 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks.

4/17/2017 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks.
Windows Server 2012 R2 Capabilities for BYOD Scenario Yuri Diogenes Senior Knowledge Engineer Data Center, Devices & Enterprise Client – CSI Team’s Page:

Windows Server 2012 R2 Capabilities for BYOD Scenario Yuri Diogenes Senior Knowledge Engineer Data Center, Devices & Enterprise Client – CSI Team’s Page:
Scenario covered in this presentation Separate credential from on- premises credential Authentication occurs via cloud directory service Does not.

Scenario covered in this presentation Separate credential from on- premises credential Authentication occurs via cloud directory service Does not.
Cross Platform Mobile Backend with Mobile Services James

Cross Platform Mobile Backend with Mobile Services James
ARC312. Security Policy Governance Audit Reporting Analysis Data Quality Directory Logon Mobility Provisioning Development Access Control Authentication.

ARC312. Security Policy Governance Audit Reporting Analysis Data Quality Directory Logon Mobility Provisioning Development Access Control Authentication.
Timothy Heeney| Microsoft Corporation. Discuss the purpose of Identity Federation Explain how to implement Identity Federation Explain how Identity Federation.

Timothy Heeney| Microsoft Corporation. Discuss the purpose of Identity Federation Explain how to implement Identity Federation Explain how Identity Federation.
Section 1: Introducing Group Policy What Is Group Policy? Group Policy Scenarios New Group Policy Features Introduced with Windows Server 2008 and Windows.

Section 1: Introducing Group Policy What Is Group Policy? Group Policy Scenarios New Group Policy Features Introduced with Windows Server 2008 and Windows.
Extending Forefront beyond the limit TMG UAG ISA IAG Security Suite www.SecureMobileEmail.com www.AGATSolutions.com.

Extending Forefront beyond the limit TMG UAG ISA IAG Security Suite
123456789101112…. PrePlanPrepareMigratePost Pre- Deployment PlanPrepareMigrate Post- Deployment First Mailbox.

…. PrePlanPrepareMigratePost Pre- Deployment PlanPrepareMigrate Post- Deployment First Mailbox.

Similar presentations

Ads by Google