Office 365 and Cloud Identity – What Does It Mean For Me?

  • 240 views
Uploaded on

Office 365 brings a host of productivity options, but one of the most overlooked components is how we'll authenticate to The Cloud™. With Azure Active Directory (AAD) driving access and authentication …

Office 365 brings a host of productivity options, but one of the most overlooked components is how we'll authenticate to The Cloud™. With Azure Active Directory (AAD) driving access and authentication to our Office 365 tenants, it is important to understand how we can interact with it. Join us as we explore Cloud Identity, identity federation, directory synchronisation, and most importantly Azure and its impacts on user experience and access Office 365. Throughout this session, we'll answer the questions that impact you and how your decisions around identity shape your Office 365 experience.

More in: Technology
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
No Downloads

Views

Total Views
240
On Slideshare
0
From Embeds
0
Number of Embeds
4

Actions

Shares
Downloads
0
Comments
0
Likes
1

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. S H A R E P O I N T CONFERENCES 2 0 1 4 Scott Hoag bit.ly/ STP1413
  • 2. #auspc #nzspc #spt1413
  • 3. #auspc #nzspc #spt1413 Identity Management in Office 365 Identity Scenarios Synchronisation Demo Add-ons and More to Think About 1 2 3 4
  • 4. #auspc #nzspc #spt1413
  • 5. #auspc #nzspc #spt1413 What is Identity Management? “Identity management (IdM) describes the management of individual principals, their authentication, authorisation, and privileges within or across system and enterprise boundaries with the goal of increasing security and productivity while decreasing cost, downtime and repetitive tasks.” https://en.wikipedia.org/wiki/Identity_management
  • 6. #auspc #nzspc #spt1413 Authentication and Authorization Verifying that a user, device, or service such as an application provided on a network server is the entity that it claims to be. Determining which actions an authenticated entity is authorized to perform on the network Authentication Authorization
  • 7. #auspc #nzspc #spt1413  Single Sign On (SSO) is the ability for two disjoint Identity Providers (IDP) to trust each other such that a user logged in to one does not need to log in again for the second  Relying Party (RP) is the system that relies on the IDP to authenticate a user Security Assertion Markup Language (SAML) SAML is a public standard managed by OASIS. SAML is the identity token and also the protocol. WSFED is used for web browser-based authentication with an IDP. WS-Trust is used by Office client apps to authenticate.* WS-Federation (WSFED) / WS-Trust
  • 8. #auspc #nzspc #spt1413 WS-Federation WS-Trust SAML 2.0 Metadata Shibboleth Graph API
  • 9. #auspc #nzspc #spt1413User Microsoft Account Ex: alice@outlook.com User Organizational Account Ex: alice@contoso.com Microsoft Account Azure Active Directory
  • 10. #auspc #nzspc #spt1413 What is AAD? “Azure Active Directory is a comprehensive identity and access management cloud solution that provides a robust set of capabilities to manage users and groups and help secure access to applications including Microsoft online services like Office 365 and a world of non-Microsoft SaaS applications.”
  • 11. #auspc #nzspc #spt1413
  • 12. #auspc #nzspc #spt1413
  • 13. #auspc #nzspc #spt1413 Cloud Identity Zero on-premises servers On-premises directory restructuring Pilots and Proof of Concept
  • 14. #auspc #nzspc #spt1413 Synchronized Identity Federation is not required Simple Sign On is acceptable
  • 15. #auspc #nzspc #spt1413 Federated Identity  Already have ADFS or a 3rd party IDP  Require immediate disable or Sign-in Audit  SSO is required  Multiple Forests  CAC or on-premises MFA  Business requires it
  • 16. #auspc #nzspc #spt1413 On your terms
  • 17. #auspc #nzspc #spt1413
  • 18. #auspc #nzspc #spt1413 What are we going to do? Office 365 E3 Tenant Configure DirSync  Users in targeted OU  One way password sync  Alternate Login ID
  • 19. #auspc #nzspc #spt1413  Logon to the Portal  Select Users and groups and then activate DirSync  Select Users and Groups and click Set up Active Directory synchronization  Activate Directory Synchronization  Wait for DirSync to enable  Review all documentation, follow the implementation steps, and download DirSync Form DirSync server Download DirSync
  • 20. #auspc #nzspc #spt1413  Logon to DirSync server and run setup  Follow setup wizard  When finished, option to start the configuration wizard
  • 21. #auspc #nzspc #spt1413 Run configuration wizard Provide O365admin creds Provide AD admin creds If Exchange hybrid, configure “write-back” Password sync option Create configuration When finished, option to run synchronization
  • 22. #auspc #nzspc #spt1413
  • 23. #auspc #nzspc #spt1413  When your on-premises UPN is non-routable on the public internet and you can’t easily update UPN suffixes  Requires Windows Server 2012 R2 for AD FS*  Requires comfort with FIM and editing Management Agents
  • 24. #auspc #nzspc #spt1413  DirSync for LDAPv3  Supports multiple forests  Doesn’t include password hash sync  Includes write back capability with Azure AD Premium subscription  Availability  Preview now available at: http://go.microsoft.com/?linkid=9845645  Release later in 2014  Target Identity Providers  Same as FIM 2010 R2 connector  FIM connector details at http://go.microsoft.com/fwlink/?LinkID=270179
  • 25. #auspc #nzspc #spt1413  SSO with passive authentication  Works with WSFED and SAML 2.0  Planned for later in 2014  Will require Office Client updates  Move to Active Directory Authentication Library (ADAL)  OAUTH for passive authentication  Support for MFA with AAD  CAC/PIV support SAML 2.0
  • 26. #auspc #nzspc #spt1413  What is it?  Qualification of third party identity providers for federation with Office 365. Microsoft supports Office 365 only when qualified third party identity providers are used.  Program Requirements  Published Qualification Requirements  Published Technical Integration Docs  Automated Testing Tool  Self Testing work by Partner  Predictable and Shorter Qualification  http://aka.ms/ssoproviders *For representative purposes only. WS-Trust & WS- Federation SAML (passive auth) Active Directory with ADFS • Flexibility to reuse existing identity provider investments • Confidence that the solution is qualified by Microsoft • Coordinated support between the partner and Microsoft Customer Benefits
  • 27. #auspc #nzspc #spt1413 Suitable for medium, large enterprises including educational organizations Suitable for medium, large enterprises including educational organizations Suitable for educational organizations For organizations that need to use SAML 2.0
  • 28. #auspc #nzspc #spt1413
  • 29. #auspc #nzspc #spt1413 WS-Federation WS-Trust
  • 30. #auspc #nzspc #spt1413 Identity Management in Office 365 Identity Scenarios Synchronisation Demo Add-ons and More to Think About    
  • 31. #auspc #nzspc #spt1413
  • 32. #auspc #nzspc #spt1413  Use third-party identity providers to implement single sign-on  Deployment scenarios for Office 365 with single sign- on and Azure  Choosing a sign-in model for Office 365  Password hash sync simplifies user management for Office 365  Using Alternate Login IDs with Azure Active Directory  Office 365 SAML 2.0 Federation Implementer’s Guide  Simplified login to Yammer from Office 365  Multi-Factor Authentication for Office 365  Office 365 User Account Management
  • 33. #auspc #nzspc #spt1413 Thank you to our sponsors