Presentation is loading. Please wait.

Presentation is loading. Please wait.

Scenario covered in this presentation Separate credential from on- premises credential Authentication occurs via cloud directory service Does not.

Similar presentations


Presentation on theme: "Scenario covered in this presentation Separate credential from on- premises credential Authentication occurs via cloud directory service Does not."— Presentation transcript:

1

2 Scenario covered in this presentation

3

4

5 Separate credential from on- premises credential Authentication occurs via cloud directory service Does not require on-premises server deployment Same credential as on-premises credential Authentication occurs via on- premises directory service Requires on-premises DirSync server Requires on-premises AD FS server(s)

6 Cloud IdentityCloud Identity + DirSyncFederated Identity Scenario  Smaller organizations with or without on-premises Active Directory  Medium to Large organizations with Active Directory on-premises  Large enterprise organizations with Active Directory on-premises Benefits  Does not require on-premises server deployment  “Source of Authority” is on-premises  Enables coexistence  Single Sign-On experience  “Source of Authority” is on-premises  2 Factor Authentication options Limitations  No Single Sign-On  No 2 Factor Authentication options (*)  Two sets of credentials to manage  Different password policies  No Single Sign-On  No 2 Factor Authentication options  Requires on-premises DirSync server deployment (**)  Requires on-premises AD FS server deployment in high availability scenario  Requires on-premises DirSync server deployment

7 Cloud Identity Federated Identity (domain joined computer) Federated Identity (non-domain joined computer) Outlook (PC and Mac)Sign in each sessionNo PromptSign in each session Exchange ActiveSyncSign in each session POP, IMAPSign in each session Web Experiences: Office 365 Portal / Outlook Web App / SharePoint Online / Office Web Apps Sign in each browser sessionNo PromptSign in each browser session Office using SharePoint OnlineSign in each SharePoint Online sessionSign in each SharePoint Online Session Lync ClientSign in each sessionNo promptSign in each session

8

9  Office 365 Admin Center  Active Directory tools  Exchange management tools  Identity management solutions  Windows Azure AD PowerShell  Remote PowerShell

10

11

12

13

14

15

16

17

18

19

20

21 Run from the Admin Center Important if running previous versions of Office, but tool also does OS updates for successful SSO

22

23

24

25

26

27

28 On-Premises Identity Services Provisioning Service Active Directory Federation Server 2.0/2.1 Trust Directory Store Admin Portal/ PowerShell Authentication platform MSOL PowerShell Module Office 365 Add Domain Required TXT/MX Record Add Trust -Claim Rules -User Source ID = AD ObjectGUID Verify-Domain -Active/Mex/Passive -Token certs Current/Next -Brand URI etc Update

29

30

31

32

33 On-Premises Office 365 Logon (SAML 1.1) Token UPN:user@contoso.com Source User ID: ABC123 Auth Token UPN:user@contoso.com Unique ID: 254729

34 On-Premises Office 365 Logon (SAML 1.1) Token UPN:user@contoso.com Source User ID: ABC123 Auth Token UPN:user@contoso.com Unique ID: 254729 Basic Auth Credentilas Username/Password

35 On-Premises Office 365 Logon (SAML 1.1) Token UPN:user@contoso.com Source User ID: ABC123 Auth Token UPN:user@contoso.com Unique ID: 254729

36

37

38

39

40

41

42

43 Perimeter Network AD FS Proxy ActiveDirectory Proxy Load balancer Internal Network Basic Authentication (Active Profile) Passive Federation (Passive Profile)

44 Number of usersMinimum number of servers Fewer than 1,000 users Implement fault-tolerance but no need for dedicated federation servers 1,000 to 15,000 users 2 dedicated federation servers 2 dedicated federation server proxies 15,000 to 60,000 users Between 3 and 5 dedicated federation servers At least 2 dedicated federation server proxies

45

46

47


Download ppt "Scenario covered in this presentation Separate credential from on- premises credential Authentication occurs via cloud directory service Does not."

Similar presentations


Ads by Google