Presentation is loading. Please wait.

Presentation is loading. Please wait.

Office 365 Identity Management

Published byErnest Anderson Modified over 6 years ago

Similar presentations

Presentation on theme: "Office 365 Identity Management"— Presentation transcript:

1 Office 365 Identity Management

2 Meet Paul Andrew | @pndrw
Office 365 Technical Product Manager Office 365 datacenter, networking, identity management Passion for informing and inspiring IT Professionals to create simpler solutions to complex problems Meet Dave Pae Office 365 API developer ecosystem advocate

3 M4: Third party identity providers with Office 365

4 Identity synchronization and federation
Passive Auth Azure Active Directory WS-Fed WS-Trust SAML 2.0 Metadata Shibboleth Graph API Microsoft Authentication SharePoint Online Exchange Web Access Authorization Active Auth Exchange Mailbox Access Outlook, Lync, Word, etc Directory Synchronize accounts Identity Provider Federated sign-in On-Premises

5 Sync options for a SAML Identity Provider
If using AD then Azure AD Sync may work for you Can’t sync (non AD) Script user creation via PowerShell for Azure AD Forefront Identity Manager 2010 R2 via supported connectors FIM Connector for Windows Azure Active Directory FIM Connector for Generic LDAP Future support from AAD Sync Services for non AD sources

6 Azure AD Sync Services and LDAP v3
12/9/2018 Azure AD Sync Services and LDAP v3 Azure AD Sync and LDAP v3 Similar to existing FIM R2 connector Availability Coming soon Target Identity Providers Same as FIM 2010 R2 connector FIM connector details at Windows Azure Active Directory AAD Sync LDAP v3 On-Premises LDAP v3 Directory © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

7 SAML-P 2.0 federation Sign-in federation SAML-P 2.0 passive auth
Equivalent to WS-Federation and used for web based applications No equivalent for WS-Trust so Office clients applications cannot be used SAML-P federation guidance Use of AD FS to interface to SAML provider Wont enable Office client active authentication due to double hop Office client support passive auth end of 2014

8 Office desktop passive auth
12/9/2018 Office desktop passive auth Office desktop client sign-in with passive auth Previously the Office Sign-In Assistant required WS-Trust Passive authentication works with WS- Federation and SAML 2.0 Availability Announced on February 10, 2014 Details at Planned for later in 2014 What is it? Office desktop clients move to using ADAL Active Directory Authentication Library Uses OAUTH for passive authentication Exchange Mailbox Access Outlook, Lync, Word, etc Windows Azure Active Directory SAML 2.0 AAD Sync LDAP v3 SAML 2.0 On-Premises LDAP v3 Directory © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

9 video Outlook connecting using Multi-factor authentication to Exchange Online

10

11 Office 365 federation options
12/9/2018 Office 365 federation options AD FS Third party WS-* Shibboleth (SAML 1.1) SAML 2.0 Suitable for medium, large enterprises including educational organizations Recommended option for Active Directory (AD) based customers Single sign-on Support for web and rich clients Microsoft supported Works for Office Hybrid Scenarios Requires on-premises servers, licenses & support Recommended where customers may use existing non-ADFS Identity systems with AD or Non-AD Third-party supported Verified through ‘works with Office 365’ program Suitable for educational organizations Recommended where customers may use existing non-ADFS Identity systems Support for web clients and outlook (ECP) only Microsoft supported for integration only, no shibboleth deployment support Requires on-premises servers & support Works with AD and other directories on-premises For organizations that need to use SAML 2.0 Microsoft supported for integration only, no identity provider deployment support © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

12 Works with Office 365 – Identity program
Microsoft Lync 12/9/2018 Works with Office 365 – Identity program WS-Trust & WS-Federation What is it? Qualification of third party identity providers for federation with Office 365. Microsoft supports Office 365 only when qualified third party identity providers are used. Program Requirements Published Qualification Requirements Published Technical Integration Docs Automated Testing Tool Self Testing work by Partner Predictable and Shorter Qualification Active Directory with ADFS Customer Benefits Flexibility to reuse existing identity provider investments Confidence that the solution is qualified by Microsoft Coordinated support between the partner and Microsoft RadiantOne SAML (passive auth) Shibboleth © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

13 Getting qualified in the Works with Office 365 – Identity Program
For Identity Providers only Read the blog post on the program, the blog title is: The Works with Office 365 – Identity program now streamlined Get familiar with resources available Complete all 10 steps in section 2 of the program guide Do all of the testing Get your submission package together with all 10 steps Submit the package to Microsoft for qualification review Note that Microsoft does not support the partner identity provider product; the partner supports their own product.

14 Works with Office 365 – Identity test tools
demo Works with Office 365 – Identity test tools

15 M4 Summary: Third party identity providers with Office 365
LDAP directory synchronization Third party identity provider federation Office 2013 client updates Works with Office 365 – Identity program

16

Download ppt "Office 365 Identity Management"

Similar presentations

Office 365 Identity June 2013 Microsoft Office365 4/2/2017

Office 365 Identity June 2013 Microsoft Office365 4/2/2017
Agenda AD to Windows Azure AD Sync Options Federation Architecture

Agenda AD to Windows Azure AD Sync Options Federation Architecture
Core identity scenarios Federation and synchronization 2 3 Identity management overview 1 Additional features 4.

Core identity scenarios Federation and synchronization 2 3 Identity management overview 1 Additional features 4.
© 2010 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered.

© 2010 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered.
MIX 09 4/15/2017 11:14 PM © 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered.

MIX 09 4/15/ :14 PM © 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered.
Feature: Web Client Keyboard Shortcuts © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are.

Feature: Web Client Keyboard Shortcuts © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are.
Session 1.

Session 1.
Built by Developers for Developers…. © 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names.

Built by Developers for Developers…. © 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names.
OUC204. Recently Announced… Identity Integration Options 2 3 Identity Management Overview 1.

OUC204. Recently Announced… Identity Integration Options 2 3 Identity Management Overview 1.
Windows Azure Connect Name Title Microsoft Corporation.

Windows Azure Connect Name Title Microsoft Corporation.
© 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or.

© 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or.
Paul Andrew. Recently Announced… Identity Integration Options 2 3 Identity Management Overview 1.

Paul Andrew. Recently Announced… Identity Integration Options 2 3 Identity Management Overview 1.
© 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or.

© 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or.

customer.

customer.
demo © 2008 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names.

demo © 2008 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names.
demo Demo.

demo Demo.
Advanced SQL Azure Database Name Title Microsoft Corporation.

Advanced SQL Azure Database Name Title Microsoft Corporation.
demo QueryForeign KeyInstance /sm:body()/x:Order/x:Delivery/y:TrackingId1Z01234567893.

demo QueryForeign KeyInstance /sm:body()/x:Order/x:Delivery/y:TrackingId1Z
Windows Azure SQL Data Sync Name Title Microsoft Corporation.

Windows Azure SQL Data Sync Name Title Microsoft Corporation.

Similar presentations

Ads by Google