Key Point: Federation relationships are based on trust.

Slides:



Advertisements
Similar presentations
Active Directory Federation Services How does it really work?
Advertisements

Office 365 Identity June 2013 Microsoft Office365 4/2/2017
Office 365 Identity Federation Technology Deep-Dive
Bert Jan van der Steeg SharePoint Consultant
Agenda AD to Windows Azure AD Sync Options Federation Architecture
 Jan Alexander Program Manager Microsoft Corporation BB43.
 Rich Randall Development Lead Microsoft Corporation BB44.
Core identity scenarios Federation and synchronization 2 3 Identity management overview 1 Additional features 4.
| Copyright© 2010 Microsoft Corporation Quick Start into Activating and Selling Office 365.
Ing. Ondřej Ševeček | GOPAS a.s. | MCM: Directory Services | MVP: Enterprise Security | CEH | | |
SIM403. Claims Provider Trust Relying Party x Relying Party Trust Claims Provider Trust Your ADFS STS Partner ADFS STS & IP Relying Party Trust Partner.
Implementing and Administering AD FS
SAML 2.0 og ”Geneva” OIOSAML Workshop 31. marts 2009 Århus René Løhde, Microsoft
Adoption Time Single paradigm, mature tools, stable design patterns and frameworks Software developer’s comfort zone Competing paradigms, no tools,
Jax ArcSig 3/22/2011 Keith Tingle. About Me Keith Tingle Lender Processing Services
Problem Statement AD DB App1 DB App2 AD App4 App6 AD App5 Intranet Extranet Cloud AD App3 DB SSO Separate Sign-in Separate Sign-in Separate Sign-in.
 Kim Cameron Distinguished Engineer Microsoft Corporation BB11.
Sessions about to start – Get your rig on!. Notes from the field – Implement Hybrid Search and OneDrive for Business Chris Zhong - Microsoft Aaron Dinnage.
Every effort has been made to make this seminar as complete and as accurate as possible but no warranty or fitness is implied. The presenter, authors,
Identity Management: The Legacy and Real Solutions Project Overview.
Active Directory Integration with Microsoft Office 365
Active Directory Integration with Microsoft Office 365 Ross Adams & Jono Luk Program Managers Microsoft Corporation OSP321.
SIM205. (On-Premises) Storage Servers Networking O/S Middleware Virtualization Data Applications Runtime You manage Infrastructure (as a Service)
Troubleshooting Federation, AD FS 2.0, and More…
| Copyright© 2010 Microsoft Corporation What’s New in Office New user interface Role based access Identity federation (eliminate sign-in client)
Fraser Technical Solutions, LLC
Ing. Ondřej Ševeček | GOPAS a.s. | MCM: Directory Services | MVP: Enterprise Security | | |
SIM402. Kerberos, NTLM, Basic, Digest, Forms?
Every effort has been made to make this seminar as complete and as accurate as possible but no warranty or fitness is implied. The presenter, authors,
SPC204 Security Problems in SharePoint 2010 Authentication and Authorization.
Scenario covered in this presentation Separate credential from on- premises credential Authentication occurs via cloud directory service Does not.
Module 10: Designing an AD RMS Infrastructure in Windows Server 2008.
ARC312. Security Policy Governance Audit Reporting Analysis Data Quality Directory Logon Mobility Provisioning Development Access Control Authentication.
Timothy Heeney| Microsoft Corporation. Discuss the purpose of Identity Federation Explain how to implement Identity Federation Explain how Identity Federation.
FEB 2014 SHAREPOINT PUG USER COMMUNITY ACTIVE SINCE 2006 Hosting Sites In SharePoint.
Solution SusQtech (Winchester, VA) SharePoint MVP since 2007 Working with SharePoint since 2001 Work on all types of deployments Dream about.
Christopher Chapman | MCT Content PM, Microsoft Learning, PDG Planning, Microsoft.
Troubleshooting Federation, AD FS 2.0, and More…
Configuring and Troubleshooting Identity and Access Solutions with Windows Server® 2008 Active Directory®
Single Sign-On with Microsoft Azure
Configuring Active Directory Objects and Trusts
Project Server 2003: DC340: Security (Part 1 of 2): How to securely deploy Project Server in an enterprise environment Pradeep GanapathyRaj (PM), Karthik.
Module 5 Configuring Authentication. Module Overview Lesson 1: Understanding Classic SharePoint Authentication Providers Lesson 2: Understanding Federated.
SharePoint Security Fundamentals Introduction to Claims-based Security Configuring Claims-based Security Development Opportunities.
Empowering people-centric IT Unified device management Access and information protection Desktop Virtualization Hybrid Identity.
Designing Secure SharePoint External Access Ondrej Sevecek | MCM: Directory | MVP: Security |
Security Design with Claims- Based Authentication Israel Vega, Nathan Miller OSP431.
 Stuart Kwan Group Program Manager Microsoft Corporation  Caleb Baker Senior SDET Microsoft Corporation BB42.
Office 365: Identity and Access Solutions Suresh Menon Technology Specialist – Office 365 Microsoft Corporation India.
Bronze Sky customer premises AD MS Online Directory Sync Provisioning platform Provisioning platform Lync Online Lync Online SharePoint Online SharePoint.
Brian Puhl Principal Technology Architect MSIT Identity & Access Management Microsoft Corporation SESSION CODE: SIA302.
Adxstudio Portals Training
Module 11: Designing an Active Directory Federation Services Implementation in Windows Server 2008.
Introduction to Active Directory
DNS DNS changes required to validate domains in Office 365 UPN – User Principal Name Every user must have a UPN UPN suffixes must match a validated.
Linus Joyeux Valerie Alonso Managing consultantLead consultant blue-infinity (Switzerland) Active Directory Federation Services v2.
steve plank “planky” microsoft connecting your private and public clouds with adfs
Alex Thissen | Achmea Designing and implementing a claims-based architecture Alex Thissen | Achmea Claim typeValue
Agenda  Microsoft Directory Synchronization Tool  Active Directory Federation Server  ADFS Proxy  Hybrid Features – LAB.
Azure AD B2B SHAREPOINT ONLINE COLLABORATION WITH EXTERNAL PARTNERS MADE SIMPLE Jose L Arbelaez – Enterprise Architect.
Private KEEP OFF! Private KEEP OFF! Open! What is a cloud? Cloud computing is a model for enabling convenient, on-demand network access to a shared.
PremierPoint Solutions Announces Significant New Features in Extranet Collaboration Manager for SharePoint 2013 R2 1888PressRelease - PremierPoint Solutions.
Stop Those Prying Eyes Getting to Your Data
Azure Active Directory - Business 2 Consumer
6/17/2018 5:54 AM OSP322 Getting the best of both worlds, making the most of SharePoint hybrid search solutions Shyam Narayan Microsoft © 2013 Microsoft.
SPC2012 – IT-Pro 7/1/2018 © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks.
9/13/2018 4:54 PM BRK How to get Office 365 to the next level with Azure Active Directory Premium Brjann Brekkan Program Manager Lead – Customer.
Integrating Microsoft SharePoint 2010 with Windows Azure
Cross-Org Collaboration using SharePoint 2010 & AD FS 2.0
Presentation transcript:

Key Point: Federation relationships are based on trust

SharePoint Federation Gateway

Multiple, Unique, Dynamic Temporal Single, Instance specific, Dynamic Single, Unique, Static, Stable ss ss /authenticationinstant /authenticationmethod /authenticationinstant /authenticationmethod

Identify Authentication and provisioning AD ADFS Public (other) Perform Claims Rationalization (Families) ID’s Roles Groups Define SharePoint Container Security Web App Policies Site Security

URL’s and Federation Realms Explicit Allow or Deny Web Application Policy on zone Explicit Allow SP Groups Direct Permission

Internal authentication AD for corporate users (AD) Extranet with external authentication Collaboration by Role Incoming Groups Mapped to Roles Separating by Roles (Sales, Legal and Portal Users) Audience: Private Federation for Partners (ADFS) Read Only + Audience: Consumer ID for customers (Live, G.., FB)

Private Federation with ADFS

SharePoint Federation Gateway

i:0#.w|domain\sAMAccountName 1: “I” for identity claim (user unique identifier) 3: Reserved as 0 (to enable more claim types in the future) Claim value6: Issuer W=Windows 4: Claim Type encoded value (#=User Logon Name) ClaimType : Value: Value Type: OriginalIssuer : domain\saMAccountName Windows

1: “I” for identity claim (user unique identifier) 3: Reserved as 0 (to enable more claim types in the future) Claim value6: Issuer Type T=Trusted 4: Claim Type encoded value (e=UPN) Original Issuer name: Name of membership role provider, name of trusted STS ClaimType : Value: Value Type: OriginalIssuer : TrustedProvider:fedpartner

1: C for Claim 3: Reserved as 0 (to enable more claim types in the future) Claim value 6: Issuer S=SharePoint STS 4: Claim Type encoded value (‘(‘ = IsAuthenticated) ClaimType : Value: Value Type: OriginalIssuer : true SecurityTokenService

C for Claim3: Reserved as 0 (to enable more claim types in the future) Claim value6: Issuer Type T=Trusted 4: Claim Type encoded value (“Next” ASCII Char) Original Issuer name: Name of membership role provider, name of trusted STS TrustedPartner TrustedProvider:fedpartner ClaimType : Value: Value Type: OriginalIssuer :

Internal authentication AD for corporate users (AD) Extranet with external authentication Collaboration by Role Incoming Groups Mapped to Roles Separating by Roles (Sales, Legal and Portal Users) Audience: Private Federation for Partners (ADFS) Read Only + Audience: Consumer ID for customers (Live, G.., FB)

Public Federation with Azure

Internal authentication AD for corporate users (AD) Extranet with external authentication Collaboration by Role Incoming Groups Mapped to Roles Separating by Roles (Sales, Legal and Portal Users) Audience: Private Federation for Partners (ADFS) Read Only + Audience: Consumer ID for customers (Live, G.., FB)

Custom Claims Provider

Internal authentication AD for corporate users (AD) Extranet with external authentication Collaboration by Role Incoming Groups Mapped to Roles Separating by Roles (Sales, Legal and Portal Users) Audience: Private Federation for Partners (ADFS) Read Only + Audience: Consumer ID for customers (Live, G.., FB) BONUS – FB Group Claim Provider

SharePoint Federation Gateway

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.