Download presentation
Presentation is loading. Please wait.
1
Office 365 Identity Management
2
Meet Paul Andrew | @pndrw
Office 365 Technical Product Manager Office 365 datacenter, networking, identity management Passion for informing and inspiring IT Professionals to create simpler solutions to complex problems Meet Dave Pae Office 365 API developer ecosystem advocate
3
M4: Third party identity providers with Office 365
4
Identity synchronization and federation
Passive Auth Azure Active Directory WS-Fed WS-Trust SAML 2.0 Metadata Shibboleth Graph API Microsoft Authentication SharePoint Online Exchange Web Access Authorization Active Auth Exchange Mailbox Access Outlook, Lync, Word, etc Directory Synchronize accounts Identity Provider Federated sign-in On-Premises
5
Sync options for a SAML Identity Provider
If using AD then Azure AD Sync may work for you Can’t sync (non AD) Script user creation via PowerShell for Azure AD Forefront Identity Manager 2010 R2 via supported connectors FIM Connector for Windows Azure Active Directory FIM Connector for Generic LDAP Future support from AAD Sync Services for non AD sources
6
Azure AD Sync Services and LDAP v3
12/9/2018 Azure AD Sync Services and LDAP v3 Azure AD Sync and LDAP v3 Similar to existing FIM R2 connector Availability Coming soon Target Identity Providers Same as FIM 2010 R2 connector FIM connector details at Windows Azure Active Directory AAD Sync LDAP v3 On-Premises LDAP v3 Directory © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
7
SAML-P 2.0 federation Sign-in federation SAML-P 2.0 passive auth
Equivalent to WS-Federation and used for web based applications No equivalent for WS-Trust so Office clients applications cannot be used SAML-P federation guidance Use of AD FS to interface to SAML provider Wont enable Office client active authentication due to double hop Office client support passive auth end of 2014
8
Office desktop passive auth
12/9/2018 Office desktop passive auth Office desktop client sign-in with passive auth Previously the Office Sign-In Assistant required WS-Trust Passive authentication works with WS- Federation and SAML 2.0 Availability Announced on February 10, 2014 Details at Planned for later in 2014 What is it? Office desktop clients move to using ADAL Active Directory Authentication Library Uses OAUTH for passive authentication Exchange Mailbox Access Outlook, Lync, Word, etc Windows Azure Active Directory SAML 2.0 AAD Sync LDAP v3 SAML 2.0 On-Premises LDAP v3 Directory © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
9
video Outlook connecting using Multi-factor authentication to Exchange Online
11
Office 365 federation options
12/9/2018 Office 365 federation options AD FS Third party WS-* Shibboleth (SAML 1.1) SAML 2.0 Suitable for medium, large enterprises including educational organizations Recommended option for Active Directory (AD) based customers Single sign-on Support for web and rich clients Microsoft supported Works for Office Hybrid Scenarios Requires on-premises servers, licenses & support Recommended where customers may use existing non-ADFS Identity systems with AD or Non-AD Third-party supported Verified through ‘works with Office 365’ program Suitable for educational organizations Recommended where customers may use existing non-ADFS Identity systems Support for web clients and outlook (ECP) only Microsoft supported for integration only, no shibboleth deployment support Requires on-premises servers & support Works with AD and other directories on-premises For organizations that need to use SAML 2.0 Microsoft supported for integration only, no identity provider deployment support © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
12
Works with Office 365 – Identity program
Microsoft Lync 12/9/2018 Works with Office 365 – Identity program WS-Trust & WS-Federation What is it? Qualification of third party identity providers for federation with Office 365. Microsoft supports Office 365 only when qualified third party identity providers are used. Program Requirements Published Qualification Requirements Published Technical Integration Docs Automated Testing Tool Self Testing work by Partner Predictable and Shorter Qualification Active Directory with ADFS Customer Benefits Flexibility to reuse existing identity provider investments Confidence that the solution is qualified by Microsoft Coordinated support between the partner and Microsoft RadiantOne SAML (passive auth) Shibboleth © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
13
Getting qualified in the Works with Office 365 – Identity Program
For Identity Providers only Read the blog post on the program, the blog title is: The Works with Office 365 – Identity program now streamlined Get familiar with resources available Complete all 10 steps in section 2 of the program guide Do all of the testing Get your submission package together with all 10 steps Submit the package to Microsoft for qualification review Note that Microsoft does not support the partner identity provider product; the partner supports their own product.
14
Works with Office 365 – Identity test tools
demo Works with Office 365 – Identity test tools
15
M4 Summary: Third party identity providers with Office 365
LDAP directory synchronization Third party identity provider federation Office 2013 client updates Works with Office 365 – Identity program
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.