Eric Raff. Usergroup up

Slides:



Advertisements
Similar presentations
Office 365 Identity June 2013 Microsoft Office365 4/2/2017
Advertisements

Agenda AD to Windows Azure AD Sync Options Federation Architecture
Core identity scenarios Federation and synchronization 2 3 Identity management overview 1 Additional features 4.
Authentication solutions for Outlook and Office 365 Multi-factor authentication for Office 365 Outlook client futures.
Dispatcher Conditional Expression Static Request Filter Attribute Filter Portal , DNS Hello User Sample (Gateway)
Implementing and Administering AD FS
Microsoft Ignite /16/2017 3:28 PM
Federated sign-in WS-Federation WS-Trust SAML 2.0 Metadata Shibboleth Graph API Synchronize accounts Authentication.
Microsoft Ignite /16/2017 4:55 PM
Sessions about to start – Get your rig on!. Notes from the field – Implement Hybrid Search and OneDrive for Business Chris Zhong - Microsoft Aaron Dinnage.
JourneyTEAM - – Tales From The Field: 2010 to 2013 Upgrade Horror Stories and How to Avoid Creating a Horror of Your Own.
IT can provide users with a common identity across on-premises or cloud- based services, leveraging Windows Server Active Directory and Azure Active.
4/17/2017 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks.
Esri UC2013. Technical Workshop. Technical Workshop 2013 Esri International User Conference July 8–12, 2013 | San Diego, California Building Secure Applications.
Cloud app Cloud app Cloud app Separate username/password sign-in Manual or semi-automated provisioning Active Directory App Separate username/password.
SIM205. (On-Premises) Storage Servers Networking O/S Middleware Virtualization Data Applications Runtime You manage Infrastructure (as a Service)
User Microsoft Account Ex: User Organizational Account Ex: Microsoft Account Windows Azure Active Directory.
Scenario covered in this presentation Separate credential from on- premises credential Authentication occurs via cloud directory service Does not.
OUC204. Recently Announced… Identity Integration Options 2 3 Identity Management Overview 1.
Single Sign-On with Microsoft Azure
ADFS in the U.T. System U.S. Federations Call - May 18, 2011 Paul Caskey System-wide Information Services.
IT Unity Webinar Series September 2015 Using Azure Active Directory to Secure Your Apps.
ArcGIS Server and Portal for ArcGIS An Introduction to Security
Module 5 Configuring Authentication. Module Overview Lesson 1: Understanding Classic SharePoint Authentication Providers Lesson 2: Understanding Federated.
SharePoint Security Fundamentals Introduction to Claims-based Security Configuring Claims-based Security Development Opportunities.
Empowering people-centric IT Unified device management Access and information protection Desktop Virtualization Hybrid Identity.
Paul Andrew. Recently Announced… Identity Integration Options 2 3 Identity Management Overview 1.
Module 11: Securing a Microsoft ASP.NET Web Application.
All Rights Reserved 2014 © CMG Consulting LLC Federated Identity Management and Access Andres Carvallo Dwight Moore CMG Consulting, LLC October
Access and Information Protection Product Overview Andrew McMurray Technical Evangelist – Windows
Get identities to the cloud Mix on-premises and cloud identity for improved PC, mobile, and web productivity Cloud identities help you run your business.
With ADFS and Azure Active Directory
DNS DNS changes required to validate domains in Office 365 UPN – User Principal Name Every user must have a UPN UPN suffixes must match a validated.
Linus Joyeux Valerie Alonso Managing consultantLead consultant blue-infinity (Switzerland) Active Directory Federation Services v2.
#SPSMX Hybrid Environments SharePoint On-premises & SharePoint Online Luis Du Solier SharePoint Premier Field Engineer Microsoft.
Identities and Azure AD Premium
Slavko Kukrika MVP Connect Windows 10 to the Cloud – Cloud Join.
Agenda  Microsoft Directory Synchronization Tool  Active Directory Federation Server  ADFS Proxy  Hybrid Features – LAB.
F5 APM & Security Assertion Markup Language ‘sam-el’
Business Objects XIr2 Windows NT Authentication Single Sign-on 18 August 2006.
AZURE AD Haishi DX, Agenda Basic concepts Exercise 1: Creating a new Azure AD tenant and a new user Exercise 2: Enable web app Azure AD authentication.
Networks ∙ Services ∙ People Jean Marie THIA GN4-1 Symposium, Vienna A case study GÉANT AuthN / AuthZ 9 march 2016 Solutions Architect -
Short Customer Presentation September The Company  Storgrid delivers a secure software platform for creating secure file sync and sharing solutions.
General Overview of Various SSO Systems: Active Directory, Google & Facebook Antti Pyykkö Mikko Malinen Oskari Miettinen.
ADFS - Does it Still have a Place? Fitting into the EMS puzzle Frank C. Drewes III 2016 Redmond Summit | Identity.
Private KEEP OFF! Private KEEP OFF! Open! What is a cloud? Cloud computing is a model for enabling convenient, on-demand network access to a shared.
Azure Active Directory Uday Hegde 2016 Redmond Summit | Identity Without Boundaries May 26, 2016 Group Program Manager, Azure AD
Microsoft Ignite /20/2017 9:04 PM
Protect your data Enable your users Desktop Virtualization Information protection Mobile device & application management Identity and Access Management.
Recording Brief EMS Partner Bootcamp Variables Values Module Title
Web SSO with Cloud Resources using AD Federation Services
SharePoint Authentication and Authorization
Access Policy - Federation March 23, 2016
Using Your Own Authentication System with ArcGIS Online
Stop Those Prying Eyes Getting to Your Data
Microsoft Ignite /27/2018 9:00 AM THR2016
Analyn Policarpio Andrew Jazon Gupaal
SaaS Application Deep Dive
IDaaS SHOWDOWN: Microsoft EM+S vs Okta
Wait, Microsoft is in the Security Game?
9/13/2018 4:54 PM BRK How to get Office 365 to the next level with Azure Active Directory Premium Brjann Brekkan Program Manager Lead – Customer.
Cloud Connect Seamlessly
Azure AD Application Proxy
05 | AD to Windows Azure AD IT Professionals
Access and Information Protection Product Overview October 2013
Microsoft Ignite NZ October 2016 SKYCITY, Auckland.
SharePoint Security for the Site Owner
Office 365 Identity Management
Matthew Levy Azure AD B2B vs B2C Matthew Levy
SharePoint Online Authentication Patterns
Presentation transcript:

Eric Raff

Usergroup up

Who am I  Roles: IAM Architect SharePoint Architect, Engineer Exchange Server Engineer OCS/Lync Engineer GroupWise was my middle name Author Teacher

Say What?  SSO  IWA  Classic Authentication  Claims Authentication  AuthN  AuthZ  IdP  RP / SP  ADFS  HRD  SAML  WS-Fed  SaaS  IDaaS

Answers:  SSO = Single Sign On (SSO)  IWA = Integrated Windows Authentication  SharePoint Classic Authentication  SharePoint Claims Authentication  AuthN = Authentication  AuthZ = Authorization  IdP = Identity Provider (Trusted IdP)  RP = Relying Party / SP = Service Provider  ADFS = Active Directory Federation Services  HRD = Home Realm Discovery  SAML = Security Assertion Markup Language  WS-Fed = WS-Federation  SaaS = Software as a Service  IDaaS = Identity as a Service

SSO Defined  End user logs in once and seamlessly can access many different web applications without needing to re- authenticate to each web application.  “Logs in once” could mean a workstation login, or a browser login.  It is NOT what I call “SAME Sign On” – using the same username each time to log into many different web applications.

The 3 SharePoint Doors  Authentication Options 1. Windows Authentication ○ Classic (domain\UserID) OR Claims (i:0#.w|domain\UserID) 2. Forms Authentication (i:0#.f|provider|UserID) ○.net membership provider (LDAP, SQL, Custom) 3. Trusted Identity Provider (c:0#.t|provider|IdentifyerClaim) ○ WS-Federation / SAML  If >1 door enabled, users see “picker page”.

Users SharePoint Identity  Each AuthN option is associated 1:1 with a users identity.  The Same user could be represented as 3 different identities to SharePoint depending on HOW the user authenticated to SharePoint. 1. (domain\eraff) OR (i:0#.w|domain\eraff) 2. (i:0#.f|provider|eraff) 3. Having 3 options enabled at the same time is not common, but having 2 is.

Windows Authentication  Been around for years  401 challenge response – NTLM, Negotiate (Kerb)  Both Classic and Claims  Microsoft “bubble”  Every host name requires AuthN  NOT an internet friendly solution Browser/Computer must be able to access AD Domain Controller directly.

IWA Browser Matrix Browser Prompt HELL!

Forms Authentication .net membership provider LDAP identity store SQL identity store Custom  SharePoint collects user credentials and verifies them against identity store.  Must update 3 web.config files – tedious

Trusted Identity Provider  The Future of SSO – Web friendly using Federated authentication approaches  SharePoint NOT involved in AuthN  SharePoint IS still doing AuthZ  SharePoint is a Relying Party to an external “Trusted Identity Provider” (IdP) Anything that supports WS- Federation/SAML ○ ADFS, Windows Azure Access Control, Okta, PingIdentity, OneLogin etc.

Trusted IdP – the ugly  No name resolution OOTB – will affect how you authorize users in SharePoint.  MUST still enable Windows AuthN (claims) for core SP services (search)  Picker page – may need custom login page.  Possible Home Realm Discovery (HRD) issues if IdP have multiple AuthN sources.

SSO Ecosystem? On-Prem ADDS Domain Joined Workstation WebApps – SP, OWA, IIS, etc. SaaS

SSO Ecosystem…YEA On-Prem ADDS Domain Joined Workstation WebApps – SP, OWA, IIS, etc. O365 SaaS IdP DirSync

And Your IdP Is….  The heart of any SSO Architecture.  Picking an IdP should be carefully considered.  Lots of options with rapidly changing and evolving landscape.  Depends on company needs, culture, applications that need to participate, legacy apps etc.

IDaaS  Can significantly simplify an SSO deployment and implementation.  Will likely have a role in your future to some degree.  Bringing greater security offerings to table such as Multi-Factor Authentication (MFA), real time risk analysis, Mobile integration etc.

The Microsoft Cloud Ecosystem: Azure / Azure AD / O365 Microsoft Azure - PaaS Azure AD | AAD Premium - IDaaS SharePointExchangeLyncInTuneRMS Microsoft Datacenters in the Cloud Office SaaS OnPrem IdP

Bringing it Together  Is there any current SSO technology involved?  What web applications do you want to participate in SSO? SharePoint Office 365 SaaS providers Desktop Authentication (IWA)  Do you want Web SSO or Desktop + Web SSO?  What Authentication method should you use for SharePoint?

SSO Discovery Doc  Explains concepts and has 17 questions to help identify scope and impact for a SSO implementation.

THANK YOU!

Please join us for SharePint! SharePint will be held at Red Rock Brewing, 254 South 200 West Salt Lake City, following the prize raffle

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.