Presentation is loading. Please wait.

Presentation is loading. Please wait.

Cloud app Cloud app Cloud app Separate username/password sign-in Manual or semi-automated provisioning Active Directory App Separate username/password.

Published byBelinda Thomas Modified over 9 years ago

Similar presentations

Presentation on theme: "Cloud app Cloud app Cloud app Separate username/password sign-in Manual or semi-automated provisioning Active Directory App Separate username/password."— Presentation transcript:

1

2 Cloud app Cloud app Cloud app Separate username/password sign-in Manual or semi-automated provisioning Active Directory App Separate username/password sign-in Manual or semi-automated provisioning No direct connection to directory

3 Exchange Online SharePoint Online Lync Online ???

4 Exchange Online SharePoint Online Lync Online Active Directory Azure Active Directory

5

6 ISV App Other MSFT Apps Your Custom IT App Office 365 ISV App Azure Active Directory

7 Cloud Application Contoso.com Directory ? ? ?

8 Browser Mobile app Server app Web Service API Web Application Web application Web service API Account and profile store Clients using wide variety of devices/languages/platforms Server applications using wide variety of platforms/languages

9

10

11

12

13 ProtocolPurposeDetails REST/HTTP directory access Create, Read, Update, Delete directory objects and relationships Compatible with OData V3 Authenticate with OAuth 2.0 OAuth 2.0Service to service authentication Delegated access JWT token format SAML 2.0Web application authenticationSAML 2.0 token format Used with Office 365 Services WS-Federation 1.3Web application authenticationSAML 1.1 token format Used with Office 365 Services

14

15 Cloud Application Profile Store Contoso.com Directory Service Principal Role (Read) Authorized user creates principal in directory for app, authorizes it to use directory by associating with role Authorized User End User

16 Cloud Application Profile Store Contoso.com Directory User AuthN End User Service Principal Role (Read) End user authenticates to directory to get token to call cloud app t1

17 Cloud Application Profile Store Contoso.com Directory Delegated AuthN Directory Graph End User Service Principal Role (Read) Cloud app gets token Accesses Directory Graph using token Uses user unique ID to find profile in local profile store t2

18 Active Directory Azure Active Directory Sync and Federation

19 ISV App Other MSFT Apps Your Custom IT App Office 365 ISV App Azure Active Directory Your On-prem App Your On-prem App Sync & Federation

20

21

22

23

24 Architecture ISV/CSV Apps Windows Azure Active Directory Microsoft Apps Custom LOB Apps Active Authentication 1 2

25 AD Workplace Join Users join their device to their workplace, making the device known to the company’s Active Directory Single Sign On (SSO) Users sign-in once to their company from any application and are not prompted for credentials by every company application when using workplace joined devices. Work From Anywhere Businesses enable users to work from anywhere while adhering to their IT governance policies around risk management Multi-factor Authentication Businesses require additional factors of authentication when business critical resources are accessed or when there is perceived risk Multi-factor Access Control Businesses set conditional access control to resources based on four core pivots: the user, the device used, the user’s network location and use of additional auth factors AD Authentication Library ISVs build enterprise apps that delivery SSO and allow enterprises to set the access control policies based on user, device and network location, and MFA

26 ISV App Other MSFT Apps Your Custom IT App Office 365 ISV App Azure Active Directory

27

28

29

Download ppt "Cloud app Cloud app Cloud app Separate username/password sign-in Manual or semi-automated provisioning Active Directory App Separate username/password."

Similar presentations

Office 365 Identity June 2013 Microsoft Office365 4/2/2017

Office 365 Identity June 2013 Microsoft Office365 4/2/2017
Agenda AD to Windows Azure AD Sync Options Federation Architecture

Agenda AD to Windows Azure AD Sync Options Federation Architecture
Azure AD & Office 365 1. Logon with Username / Password 2. MFA challenge 3. Reply to MFA challenge -1-way or 2-way SMS -Phone call -Mobile Application.

Azure AD & Office Logon with Username / Password 2. MFA challenge 3. Reply to MFA challenge -1-way or 2-way SMS -Phone call -Mobile Application.
Office 365 Identity aka Azure Active Directory

Office 365 Identity aka Azure Active Directory
Implementing and Administering AD FS

Implementing and Administering AD FS
Eric Raff. Usergroup up

Eric Raff. Usergroup up
Introducing Windows Server 2012 R2 Work Folders:

Introducing Windows Server 2012 R2 Work Folders:
Federated sign-in WS-Federation WS-Trust SAML 2.0 Metadata Shibboleth Graph API Synchronize accounts Authentication.

Federated sign-in WS-Federation WS-Trust SAML 2.0 Metadata Shibboleth Graph API Synchronize accounts Authentication.
1 Trillion Azure AD authentications since the release of the service 50 M Office 365 users active every month >1 Billion authentications every.

1 Trillion Azure AD authentications since the release of the service 50 M Office 365 users active every month >1 Billion authentications every.
Active Directory federation user provisioning.

Active Directory federation user provisioning.
Microsoft Ignite /16/2017 4:55 PM

Microsoft Ignite /16/2017 4:55 PM
1 Trillion Azure AD authentications since the release of the service 50 M Office 365 users active every month >1 Billion authentications every.

1 Trillion Azure AD authentications since the release of the service 50 M Office 365 users active every month >1 Billion authentications every.
Problem Statement AD DB App1 DB App2 AD App4 App6 AD App5 Intranet Extranet Cloud AD App3 DB SSO Separate Sign-in Separate Sign-in Separate Sign-in.

Problem Statement AD DB App1 DB App2 AD App4 App6 AD App5 Intranet Extranet Cloud AD App3 DB SSO Separate Sign-in Separate Sign-in Separate Sign-in.
Sessions about to start – Get your rig on!. Notes from the field – Implement Hybrid Search and OneDrive for Business Chris Zhong - Microsoft Aaron Dinnage.

Sessions about to start – Get your rig on!. Notes from the field – Implement Hybrid Search and OneDrive for Business Chris Zhong - Microsoft Aaron Dinnage.
GRDevDay March 21, 2015 Cloud-based Identity for Applications.

GRDevDay March 21, 2015 Cloud-based Identity for Applications.
IT can provide users with a common identity across on-premises or cloud- based services, leveraging Windows Server Active Directory and Azure Active.

IT can provide users with a common identity across on-premises or cloud- based services, leveraging Windows Server Active Directory and Azure Active.
Active Directory federation user provisioning.

Active Directory federation user provisioning.
Vienna/Austria Authenticate as entitled user or app for the individual service Authenticate as entitled user for our web portal Decide what.

Vienna/Austria Authenticate as entitled user or app for the individual service Authenticate as entitled user for our web portal Decide what.
Active Directory Integration with Microsoft Office 365

Active Directory Integration with Microsoft Office 365
Conditional access DirectAccess & automatic VPN Desktop Virtualization.

Conditional access DirectAccess & automatic VPN Desktop Virtualization.

Similar presentations

Ads by Google