With ADFS and Azure Active Directory Single Sign-on With ADFS and Azure Active Directory
And how can it benefit organizations? What is Single Sign-on And how can it benefit organizations?
What is SSO? Centralized Identity Management One Source of truth (Active Directory) ADFS Security rules One account for each user Heavy Integration Federate from on-premises ADFS or Azure Active Directory Works with many cloud and on-premises applications Use identity with any application that accepts SAML Integrates deeply with SharePoint On-premises
Implementing SSO All the pieces matter
Components Active Directory Active Directory Federated Services Azure Active Directory Connect Azure Active Directory Office 365 Any other optional cloud or on-premises applications
System Architecture Overview
Active Directory Requirements It exists You can manage it The other servers can access it
Azure Active Directory/Office 365 Requirements An Office 365 Tenant A Global Admin Account A Verified Domain
ADFS Requirements A Service account SSL Certificate from trusted CA On-premises Server 2012 machine(s) ADFS Proxy Server 2012 machine(s), in the DMZ Load balancers for HA (optional) SQL Server (optional) A Relying Party Trust (more on that later) Installation Use AAD Connect OR… Install manually
Azure Active Directory Connect Requirements A server in your AD Domain Create a service account A global admin in AAD An SSL certificate from a CA (If installing ADFS) SQL Server (optional)
AAD Connect
Other Applications Azure Active Directory Application Gallery On-premises SharePoint (a whole other presentation) Salesforce Tableau Cornerstone Kronos Chrome River Any application that accepts SAML or WS-Federation
Why did it fail that time?! Pitfalls Why did it fail that time?!
Pitfalls Lack of Available Information Authentication requirements on individual applications AAD Connect Failures ADFS Issues!!! Troubleshooting
Questions?