Download presentation
Presentation is loading. Please wait.
Published byValentine Bryan Modified over 9 years ago
2
Scenario covered in this presentation
5
Separate credential from on- premises credential Authentication occurs via cloud directory service Does not require on-premises server deployment Same credential as on-premises credential Authentication occurs via on- premises directory service Requires on-premises DirSync server Requires on-premises AD FS server(s)
6
Cloud IdentityCloud Identity + DirSyncFederated Identity Scenario Smaller organizations with or without on-premises Active Directory Medium to Large organizations with Active Directory on-premises Large enterprise organizations with Active Directory on-premises Benefits Does not require on-premises server deployment “Source of Authority” is on-premises Enables coexistence Single Sign-On experience “Source of Authority” is on-premises 2 Factor Authentication options Limitations No Single Sign-On No 2 Factor Authentication options (*) Two sets of credentials to manage Different password policies No Single Sign-On No 2 Factor Authentication options Requires on-premises DirSync server deployment (**) Requires on-premises AD FS server deployment in high availability scenario Requires on-premises DirSync server deployment
7
Cloud Identity Federated Identity (domain joined computer) Federated Identity (non-domain joined computer) Outlook (PC and Mac)Sign in each sessionNo PromptSign in each session Exchange ActiveSyncSign in each session POP, IMAPSign in each session Web Experiences: Office 365 Portal / Outlook Web App / SharePoint Online / Office Web Apps Sign in each browser sessionNo PromptSign in each browser session Office using SharePoint OnlineSign in each SharePoint Online sessionSign in each SharePoint Online Session Lync ClientSign in each sessionNo promptSign in each session
9
Office 365 Admin Center Active Directory tools Exchange management tools Identity management solutions Windows Azure AD PowerShell Remote PowerShell
21
Run from the Admin Center Important if running previous versions of Office, but tool also does OS updates for successful SSO
28
On-Premises Identity Services Provisioning Service Active Directory Federation Server 2.0/2.1 Trust Directory Store Admin Portal/ PowerShell Authentication platform MSOL PowerShell Module Office 365 Add Domain Required TXT/MX Record Add Trust -Claim Rules -User Source ID = AD ObjectGUID Verify-Domain -Active/Mex/Passive -Token certs Current/Next -Brand URI etc Update
33
On-Premises Office 365 Logon (SAML 1.1) Token UPN:user@contoso.com Source User ID: ABC123 Auth Token UPN:user@contoso.com Unique ID: 254729
34
On-Premises Office 365 Logon (SAML 1.1) Token UPN:user@contoso.com Source User ID: ABC123 Auth Token UPN:user@contoso.com Unique ID: 254729 Basic Auth Credentilas Username/Password
35
On-Premises Office 365 Logon (SAML 1.1) Token UPN:user@contoso.com Source User ID: ABC123 Auth Token UPN:user@contoso.com Unique ID: 254729
43
Perimeter Network AD FS Proxy ActiveDirectory Proxy Load balancer Internal Network Basic Authentication (Active Profile) Passive Federation (Passive Profile)
44
Number of usersMinimum number of servers Fewer than 1,000 users Implement fault-tolerance but no need for dedicated federation servers 1,000 to 15,000 users 2 dedicated federation servers 2 dedicated federation server proxies 15,000 to 60,000 users Between 3 and 5 dedicated federation servers At least 2 dedicated federation server proxies
Similar presentations
© 2024 SlidePlayer.com Inc.
All rights reserved.