Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Agenda
Federation and Synchronization
Federation using ADFS and Extensibility options
2 3Office 365 Identity overview
1What’s New in Azure AD?Cloud Business App - Overview
4
Identity and access management system key components are:
Verifying that a user, device, or service such as an application is the “entity” that it “claims” to be.
Determining which actions an authenticated entity is authorized to perform
Authentication
Identity Management is about identifying individuals for a system and controlling access to resources in that system.
Office 365 identity deployment options
Office 365
Microsoft Azure AD
Single Identity, all user information, including passwords are stored in MAAD
Cloud
Office 365
Microsoft Azure AD
Single Identity. Users are synchronized from on-premises
Directory & Password Sync
Cloud + On-Premises
On-Premises Identity
Office 365
Microsoft Azure AD
Single federated Identity. Users are synchronized from on-premises
Federated
Federation
On-Premises Identity
DirSync
Microsoft Azure Active Directory identity common deployment options:
• Identities are managed entirely in cloud.
• Identities and passwords are synchronized from on-premises user store.
• Identities synchronized from on-premises user store but the user identities are federated.
Pros• Simple to deploy and manage.• High availability and reliability as identities are
managed in cloud.• Lower cost as there is no server deployment
necessary.
Office 365
Microsoft Azure AD
Cloud
User
Cloud IdentityEx: [email protected]
• Separate identity for O365 if on-premises credential exists.
• Separate passwords and policy management.• No single sign on between on-premises
application and O365.
Pros
• User accounts are synchronized between on-premises and online.
• Identities are created in a single place (on-premises).
• Directory and password sync tool for AD.
Cons
• Additional server for directory and password synchronization.
• Although single identity, single sign on. between on-premises application and O365 is not possible.
Office 365
Microsoft Azure AD
Cloud + On-Premises
Cloud IdentityEx: [email protected]
On-Premise (Non-AD & AD)
Lighthousecs\senthil
User
• Non AD account synchronization through custom PowerShell, Graph API.
Pros
• Single identity and sign on for on-premises and O365 services.
• Directory and password sync tool for AD.
Cons• Additional servers for directory and password synchronization, Federation
server(s) and Proxies
• Non AD account synchronization through custom PowerShell, Graph API.
Office 365
Windows Azure AD
Single federated Identity. Users are synchronized from on-premises
Federated
Federation
On-Premises Identity
DirSync• Forefront Identity Manager (FIM) Synchronization for Non-AD and Multi-forest scenarios.
• Secure Token based authentication
• 2 Factor Authentication
• Client access control based on IP address with ADFS
Federation and Synchronization
Federation using ADFS and Extensibility options
2 3Office 365 Identity overview
1What’s New in Azure AD?Cloud Business App - Overview
4
Shibboleth (SAML-P)Works with AD & Non-AD
Works with AD
Works with AD & Non-AD
FIM – Forefront Identity ManagerWorks with AD & Non-AD
Works ONLY with AD
Works with AD & Non-AD
Microsoft Azure AD stores a partial view of the user information during synchronization for it to protect resources.
• Immutable ID – By default this is the object ID if you are synchronizing from AD. Think of this as the internal id of the user object in Azure AD.
• UPN – User Principal Name is used for the SSO redirection to direct the browser to the Security Token Services. Default is the domain name.
• If you have a non-routable UPN, you can add it in AD Domains and Trust MMC. Right click on the top node and enter a routable UPN and run a full synchronization.
• Display Name
• Account Status
The key fields that you need to be aware of during the planning process:
Federation and Synchronization
Federation using ADFS and Extensibility options
2 3Office 365 Identity overview
1What’s New in Azure AD?Cloud Business App - Overview
4
Limit access to O365 services based on Location of the client
http://technet.microsoft.com/en-us/library/hh526961%28v=ws.10%29.aspx#cptrust2
Federation and Synchronization
Federation using ADFS and Extensibility options
2 3Office 365 Identity overview
1What’s New in Azure AD?Cloud Business App - Overview
4
From here to….
Related Documents
