Presentation is loading. Please wait.

Presentation is loading. Please wait.

Scenario covered in this presentation Separate credential from on- premises credential Authentication occurs via cloud directory service Does not.

Published byValentine Bryan Modified over 8 years ago

Similar presentations

Presentation on theme: "Scenario covered in this presentation Separate credential from on- premises credential Authentication occurs via cloud directory service Does not."— Presentation transcript:

1

2 Scenario covered in this presentation

3

4

5 Separate credential from on- premises credential Authentication occurs via cloud directory service Does not require on-premises server deployment Same credential as on-premises credential Authentication occurs via on- premises directory service Requires on-premises DirSync server Requires on-premises AD FS server(s)

6 Cloud IdentityCloud Identity + DirSyncFederated Identity Scenario  Smaller organizations with or without on-premises Active Directory  Medium to Large organizations with Active Directory on-premises  Large enterprise organizations with Active Directory on-premises Benefits  Does not require on-premises server deployment  “Source of Authority” is on-premises  Enables coexistence  Single Sign-On experience  “Source of Authority” is on-premises  2 Factor Authentication options Limitations  No Single Sign-On  No 2 Factor Authentication options (*)  Two sets of credentials to manage  Different password policies  No Single Sign-On  No 2 Factor Authentication options  Requires on-premises DirSync server deployment (**)  Requires on-premises AD FS server deployment in high availability scenario  Requires on-premises DirSync server deployment

7 Cloud Identity Federated Identity (domain joined computer) Federated Identity (non-domain joined computer) Outlook (PC and Mac)Sign in each sessionNo PromptSign in each session Exchange ActiveSyncSign in each session POP, IMAPSign in each session Web Experiences: Office 365 Portal / Outlook Web App / SharePoint Online / Office Web Apps Sign in each browser sessionNo PromptSign in each browser session Office using SharePoint OnlineSign in each SharePoint Online sessionSign in each SharePoint Online Session Lync ClientSign in each sessionNo promptSign in each session

8

9  Office 365 Admin Center  Active Directory tools  Exchange management tools  Identity management solutions  Windows Azure AD PowerShell  Remote PowerShell

10

11

12

13

14

15

16

17

18

19

20

21 Run from the Admin Center Important if running previous versions of Office, but tool also does OS updates for successful SSO

22

23

24

25

26

27

28 On-Premises Identity Services Provisioning Service Active Directory Federation Server 2.0/2.1 Trust Directory Store Admin Portal/ PowerShell Authentication platform MSOL PowerShell Module Office 365 Add Domain Required TXT/MX Record Add Trust -Claim Rules -User Source ID = AD ObjectGUID Verify-Domain -Active/Mex/Passive -Token certs Current/Next -Brand URI etc Update

29

30

31

32

33 On-Premises Office 365 Logon (SAML 1.1) Token UPN:user@contoso.com Source User ID: ABC123 Auth Token UPN:user@contoso.com Unique ID: 254729

34 On-Premises Office 365 Logon (SAML 1.1) Token UPN:user@contoso.com Source User ID: ABC123 Auth Token UPN:user@contoso.com Unique ID: 254729 Basic Auth Credentilas Username/Password

35 On-Premises Office 365 Logon (SAML 1.1) Token UPN:user@contoso.com Source User ID: ABC123 Auth Token UPN:user@contoso.com Unique ID: 254729

36

37

38

39

40

41

42

43 Perimeter Network AD FS Proxy ActiveDirectory Proxy Load balancer Internal Network Basic Authentication (Active Profile) Passive Federation (Passive Profile)

44 Number of usersMinimum number of servers Fewer than 1,000 users Implement fault-tolerance but no need for dedicated federation servers 1,000 to 15,000 users 2 dedicated federation servers 2 dedicated federation server proxies 15,000 to 60,000 users Between 3 and 5 dedicated federation servers At least 2 dedicated federation server proxies

45

46

47

Download ppt "Scenario covered in this presentation Separate credential from on- premises credential Authentication occurs via cloud directory service Does not."

Similar presentations

Office 365 Identity June 2013 Microsoft Office365 4/2/2017

Office 365 Identity June 2013 Microsoft Office365 4/2/2017
Office 365 Identity Federation Technology Deep-Dive

Office 365 Identity Federation Technology Deep-Dive
Agenda AD to Windows Azure AD Sync Options Federation Architecture

Agenda AD to Windows Azure AD Sync Options Federation Architecture
Core identity scenarios Federation and synchronization 2 3 Identity management overview 1 Additional features 4.

Core identity scenarios Federation and synchronization 2 3 Identity management overview 1 Additional features 4.
Office 365 Identity aka Azure Active Directory

Office 365 Identity aka Azure Active Directory
Implementing and Administering AD FS

Implementing and Administering AD FS
Federated sign-in WS-Federation WS-Trust SAML 2.0 Metadata Shibboleth Graph API Synchronize accounts Authentication.

Federated sign-in WS-Federation WS-Trust SAML 2.0 Metadata Shibboleth Graph API Synchronize accounts Authentication.
Problem Statement AD DB App1 DB App2 AD App4 App6 AD App5 Intranet Extranet Cloud AD App3 DB SSO Separate Sign-in Separate Sign-in Separate Sign-in.

Problem Statement AD DB App1 DB App2 AD App4 App6 AD App5 Intranet Extranet Cloud AD App3 DB SSO Separate Sign-in Separate Sign-in Separate Sign-in.
Sessions about to start – Get your rig on!. Notes from the field – Implement Hybrid Search and OneDrive for Business Chris Zhong - Microsoft Aaron Dinnage.

Sessions about to start – Get your rig on!. Notes from the field – Implement Hybrid Search and OneDrive for Business Chris Zhong - Microsoft Aaron Dinnage.
Today’s challenges Deliver applications to mobile platforms (BYOD) Respond to dynamic business requirements for IT: Seasonal/temporary workers Vendors.

Today’s challenges Deliver applications to mobile platforms (BYOD) Respond to dynamic business requirements for IT: Seasonal/temporary workers Vendors.
Active Directory Integration with Microsoft Office 365

Active Directory Integration with Microsoft Office 365
Cloud app Cloud app Cloud app Separate username/password sign-in Manual or semi-automated provisioning Active Directory App Separate username/password.

Cloud app Cloud app Cloud app Separate username/password sign-in Manual or semi-automated provisioning Active Directory App Separate username/password.
Active Directory Integration with Microsoft Office 365 Ross Adams & Jono Luk Program Managers Microsoft Corporation OSP321.

Active Directory Integration with Microsoft Office 365 Ross Adams & Jono Luk Program Managers Microsoft Corporation OSP321.
SIM205. (On-Premises) Storage Servers Networking O/S Middleware Virtualization Data Applications Runtime You manage Infrastructure (as a Service)

SIM205. (On-Premises) Storage Servers Networking O/S Middleware Virtualization Data Applications Runtime You manage Infrastructure (as a Service)
User Microsoft Account Ex: User Organizational Account Ex: Microsoft Account Windows Azure Active Directory.

User Microsoft Account Ex: User Organizational Account Ex: Microsoft Account Windows Azure Active Directory.
Demi Albuz SENIOR PRODUCT MARKETING MANAGER Samim Erdogan PRINCIPAL ENGINEERING MANAGER Thomas Willingham TECHNICAL PRODUCT MANAGER.

Demi Albuz SENIOR PRODUCT MARKETING MANAGER Samim Erdogan PRINCIPAL ENGINEERING MANAGER Thomas Willingham TECHNICAL PRODUCT MANAGER.
Matt Steele Senior Program Manager Microsoft Corporation SESSION CODE: SIA326.

Matt Steele Senior Program Manager Microsoft Corporation SESSION CODE: SIA326.
SIM 320. Contoso customer premises AD MS Online Directory Sync Identity Services Provisioning platform Provisioning platform Lync Online Lync Online.

SIM 320. Contoso customer premises AD MS Online Directory Sync Identity Services Provisioning platform Provisioning platform Lync Online Lync Online.
Introduction Please answer the survey questions posted at the end of this meeting. Let us know what sessions you want! Josh Topal at

Introduction Please answer the survey questions posted at the end of this meeting. Let us know what sessions you want! Josh Topal at
OUC204. Recently Announced… Identity Integration Options 2 3 Identity Management Overview 1.

OUC204. Recently Announced… Identity Integration Options 2 3 Identity Management Overview 1.

Similar presentations

Ads by Google