Presentation is loading. Please wait.

Presentation is loading. Please wait.

Matt Steele Senior Program Manager Microsoft Corporation SESSION CODE: SIA326.

Published byAron Griffith Modified over 9 years ago

Similar presentations

Presentation on theme: "Matt Steele Senior Program Manager Microsoft Corporation SESSION CODE: SIA326."— Presentation transcript:

1 Matt Steele Senior Program Manager Microsoft Corporation SESSION CODE: SIA326

2

3 Across on-premises & cloud Integrate and extend security across the enterprise Block from: Enable CostValue SiloedSeamless to: Simplify the security experience, manage compliance Protect everywhere, access anywhere Highly Secure & Interoperable Platform

4 Enable more secure, identity-based access to applications on-premises and in the cloud from virtually any location or device Provide more secure, always-on access Provide more secure, always-on access Enable access from virtually any device Enable access from virtually any device Extend powerful self- service capabilities to users Extend powerful self- service capabilities to users Automate and simplify management tasks Automate and simplify management tasks PROTECT everywhere ACCESS anywhere INTEGRATE and EXTEND security SIMPLIFY security, MANAGE compliance Control access across organizations Control access across organizations Provide standards-based interoperability Provide standards-based interoperability

5 Identity and Access Management Secure Messaging Secure Endpoint Secure Collaboration Information Protection

6

7 Challenges with Identity in the Cloud

8

9 AD FS 2.0 Smart Client or Browser trust 3. Send claims /Get claims ApplicationApplication 4. Send claims WCFWCFASP.NetASP.Net WIFWIF 1. Authenticate 2. Get Claims

10

11 AD FS 2.0 Token Issuance Management APIs and UX Metadata AD FS 2.0 Proxy Token Issuance Proxy Metadata Proxy Internet Client Configuration Database Intranet Client Attribute Stores AD FS 2.0 Components

12 Configuration Database Attribute Stores Internet Client Intranet Client AD FS 2.0 Management APIs and UX AD FS 2.0 Proxy Token Issuance Proxy Metadata Proxy AD FS 2.0 Clients: Web Browsers WS-* Aware Clients (WCF, CardSpace 2.0 RC, etc.) Token IssuanceMetadata

13 Attribute Stores Configuration Database Internet Client Intranet Client AD FS 2.0 Management APIs and UX AD FS 2.0 Proxy Token Issuance Proxy Metadata Proxy AD FS 2.0 Attribute Stores: Active Directory (AD DS) Active Directory Lightweight Directory Services (AD LDS) SQL Database Token IssuanceMetadata

14 Internet Client Intranet Client AD FS 2.0 Management APIs and UX AD FS 2.0 Proxy Token Issuance Proxy Metadata Proxy Client AD FS 2.0 Configuration Database: Windows Internal Database, or SQL Server Configuration Database Attribute Stores Token IssuanceMetadata

15 Internet Client Intranet Client AD FS 2.0 Management APIs and UX AD FS 2.0 Proxy Token Issuance Proxy Metadata Proxy AD FS 2.0: Security Token Service for SOAP & Browser Clients Policy and Service Management Configuration Database Attribute Stores Token IssuanceMetadata

16 Internet Client Intranet Client AD FS 2.0 Management APIs and UX AD FS 2.0 Proxy Token Issuance Proxy Metadata Proxy Configuration Database Attribute Stores AD FS 2.0 Proxy: Perimeter Network Client Proxy for Token Requests Supports Transport Layer Mutual Auth SSL Exposes Separate WSDL Token IssuanceMetadata

17

18 SSO to outsourced services or the cloud Providing outsourced services SSO for internal use Provide External Users in Another Organization Access to Your Claims-Aware Applications and Services Provide Your Active Directory Users Access to Your Claims- Aware Applications and Services Provide Your Active Directory Users Access to the Applications and Services of Other Organizations

19

20

21

22 Active Directory Configuration SQL Cluster Load Balancer Intranet AD FS 2.0 Farm Perimeter Network Proxy Farm All Intranet Servers Domain Joined Load Balancer

23 Active Directory Configuration SQL Cluster Load Balancer Intranet AD FS 2.0 Farm All Intranet Servers Domain Joined Woodgrove User Data

24 Active Directory Configuration SQL Cluster Load Balancer Intranet AD FS 2.0 Farm Perimeter Network Proxy Farm Load Balancer Active Directory Configuration SQL Cluster Load Balancer AD FS 2.0 Farm App 1 App 2 Trust Intranet Client Woodgrove User Data

25 Active Directory Configuration SQL Cluster Load Balancer Intranet AD FS 2.0 Farm Perimeter Network Proxy Farm Load Balancer Active Directory Configuration SQL Cluster Load Balancer AD FS 2.0 Farm App 1 App 2 Trust Internet Client Woodgrove User Data

26

27

28

29

30

31

32

33

34

35 AD FS 2.0 Smart Client or Browser trust 3. Send Artifact ApplicationApplication 4. Send claims WCFWCFASP.NetASP.Net WIFWIF 1. Authenticate 2. Get Claims 5. Get claims 4. Send Artifact /Get claims

36

37

38

39

40

41 Input claims Acceptance Rules Issuance Rules Output Claims Authz

42 Input Claim Set Rules Output Claim Set

43

44 Pass through any claim with a given claim type: c:[Type == "http://foo/windowsaccountname"] => issue(claim = c); Pass through any claim with a given claim type and claim value: c:[Type == "http://foo/windowsaccountname", Value == “Redmond\MattStee”] => issue(claim = c); Given one claim type/value, issue another: c:[Type == "http://foo/windowsaccountname", Value == “Redmond\MattStee”] => issue(Type = “http://foo/Role”, Value = “Admin”);

45

46

47

48

49 COS206 | Microsoft Online Services: Identity and access solutions SIA321 |Business Ready Security: Exploring the Identity and Access Management Solution SIA201 |Understanding Claims-Based Applications: An Overview of Active Directory Federation Services (AD FS) 2.0 and Windows Identity Foundation SIA302 | Identity and Access Management: Centralizing Application Authorization Using Active Directory Federation Services 2.0 SIA303|Identity and Access Management: Windows Identity Foundation and Windows Azure SIA304 | Identity and Access Management: Windows Identity Foundation Overview SIA305 | Top 5 Security and Privacy Challenges in Identity Infrastructures and How to Overcome Them with U-Prove SIA306 | Night of the Living Directory: Understanding the Windows Server 2008 R2 Active Directory Recycle Bin SIA307 | Identity and Access Management: Deploying Microsoft Forefront Identity Manager 2010 Certificate Management for Microsoft IT SIA318 | Microsoft Forefront Identity Manager 2010: Deploying FIM SIA319 | Microsoft Forefront Identity Manager 2010: In Production SIA326 | Identity and Access Management: Single Sign-on Across Organizations and the Cloud - Active Directory Federation Services 2.0 Architecture Drilldown SIA327 | Identity and Access Management: Managing Active Directory Using Microsoft Forefront Identity Manager SIA01-INT | Identity and Access Management: Best Practices for Deploying and Managing Active Directory Federation Services (AD-FS) 2.0 SIA03-INT | Identity and Access Management: Best Practices for Deploying and Managing Microsoft Forefront Identity Manager SIA06-INT | Identity and Access Management Solution Demos SIA02-HOL | Microsoft Forefront Identity Manager 2010 Overview SIA06-HOL | Identity and Access Management Solution: Business Ready Security with Microsoft Forefront and Active Directory Red SIA-5 & SIA-6 | Microsoft Forefront Identity and Access Management Solution

50 www.microsoft.com/teched www.microsoft.com/learning http://microsoft.com/technet http://microsoft.com/msdn

51

52 Learn more about our solutions: http://www.microsoft.com/forefront Try our products: http://www.microsoft.com/forefront/trial

53 Sign up for Tech·Ed 2011 and save $500 starting June 8 – June 31 st http://northamerica.msteched.com/registration You can also register at the North America 2011 kiosk located at registration Join us in Atlanta next year

54

55

Download ppt "Matt Steele Senior Program Manager Microsoft Corporation SESSION CODE: SIA326."

Similar presentations

Active Directory Federation Services How does it really work?

Active Directory Federation Services How does it really work?
Tech Ed North America 2010 3/31/2017 9:47 PM Required Slide

Tech Ed North America /31/2017 9:47 PM Required Slide
Brjann Brekkan Sr. Technical Product Manager Microsoft Corporation SESSION CODE: SIA321.

Brjann Brekkan Sr. Technical Product Manager Microsoft Corporation SESSION CODE: SIA321.
Office 365 Identity June 2013 Microsoft Office365 4/2/2017

Office 365 Identity June 2013 Microsoft Office365 4/2/2017
Agenda AD to Windows Azure AD Sync Options Federation Architecture

Agenda AD to Windows Azure AD Sync Options Federation Architecture
Identity & Security. Today's IT Security challenges Rising Internal Attacks 75% of companies report insiders responsible for breaches Growing headcount.

Identity & Security. Today's IT Security challenges Rising Internal Attacks 75% of companies report insiders responsible for breaches Growing headcount.
Adwait JoshiJim Harrison Sr. Product ManagerProgram Manager Microsoft Corporation SESSION CODE: SIA308.

Adwait JoshiJim Harrison Sr. Product ManagerProgram Manager Microsoft Corporation SESSION CODE: SIA308.
SIM403. Claims Provider Trust Relying Party x Relying Party Trust Claims Provider Trust Your ADFS STS Partner ADFS STS & IP Relying Party Trust Partner.

SIM403. Claims Provider Trust Relying Party x Relying Party Trust Claims Provider Trust Your ADFS STS Partner ADFS STS & IP Relying Party Trust Partner.
Implementing and Administering AD FS

Implementing and Administering AD FS
Problem Statement AD DB App1 DB App2 AD App4 App6 AD App5 Intranet Extranet Cloud AD App3 DB SSO Separate Sign-in Separate Sign-in Separate Sign-in.

Problem Statement AD DB App1 DB App2 AD App4 App6 AD App5 Intranet Extranet Cloud AD App3 DB SSO Separate Sign-in Separate Sign-in Separate Sign-in.
IT can provide users with a common identity across on-premises or cloud- based services, leveraging Windows Server Active Directory and Azure Active.

IT can provide users with a common identity across on-premises or cloud- based services, leveraging Windows Server Active Directory and Azure Active.
A claims-based Identity Metasystem

A claims-based Identity Metasystem
Brjann Brekkan Technical Product Manager Microsoft Corp. Session Code: SIA307.

Brjann Brekkan Technical Product Manager Microsoft Corp. Session Code: SIA307.
Windows Server 2012 R2 Capabilities for BYOD Scenario Yuri Diogenes Senior Knowledge Engineer Data Center, Devices & Enterprise Client – CSI Team’s Page:

Windows Server 2012 R2 Capabilities for BYOD Scenario Yuri Diogenes Senior Knowledge Engineer Data Center, Devices & Enterprise Client – CSI Team’s Page:
SIM205. (On-Premises) Storage Servers Networking O/S Middleware Virtualization Data Applications Runtime You manage Infrastructure (as a Service)

SIM205. (On-Premises) Storage Servers Networking O/S Middleware Virtualization Data Applications Runtime You manage Infrastructure (as a Service)
Christian Paquin Senior Program Manager Microsoft Corporation SESSION CODE: SIA305.

Christian Paquin Senior Program Manager Microsoft Corporation SESSION CODE: SIA305.
Virtual techdays INDIA │ 18-20 august 2010 Secure Collaboration: All You Need to Know about Extending Active Directory Rights Management Services (AD RMS)

Virtual techdays INDIA │ august 2010 Secure Collaboration: All You Need to Know about Extending Active Directory Rights Management Services (AD RMS)
Business Productivity Suite Business Collaboration Platform Information Platform Reporting Services ReportsCentral Admin.

Business Productivity Suite Business Collaboration Platform Information Platform Reporting Services ReportsCentral Admin.
Clinton Ho Program Manager Microsoft Corporation SESSION CODE: SIA311.

Clinton Ho Program Manager Microsoft Corporation SESSION CODE: SIA311.
Scenario covered in this presentation Separate credential from on- premises credential Authentication occurs via cloud directory service Does not.

Scenario covered in this presentation Separate credential from on- premises credential Authentication occurs via cloud directory service Does not.

Similar presentations

Ads by Google