SlideShare a Scribd company logo

Multi-Factor Authentication for your clouds

Download as PPTX, PDF
Alexandre Verkinderen
Alexandre Verkinderen

Managing user credentials and application access is becoming more-and-more difficult in today's "cloud era". Windows Azure Pack just installed, how to let your tenants authenticate ? With their own ADFS ? With Windows Azure Active Directory ? And why not their Google account ? This session will cover all the different ways that are available today to let your user authenticate with Windows Azure Pack.

Technology
1 of 38
Windows Azure Pack - Authentication for your Clouds Alexandre Verkinderen Inovativ BE SCCDM MVP @AlexVerkinderen Christopher Keyaert Inovativ BE SCCDM MVP @KeyaertC
What is this all about?  Introduction  Out of the box Authentication process  Microsoft Azure Active Directory  Introduction to MAAD  Azure Active Directory Synchronization Services  Multi-factor authentication  Active Directory Federation Service  ADFS with external identity providers  Conclusion
Introduction
Windows Azure Pack – CloudOS vision
Windows Azure Pack - Authentication  WAP => .Net Repository  WAP => Microsoft Azure Active Directory  WAP => MAAD with Multi-Factor Authentication  WAP => ADFS -> On premise Active Directory  WAP => ADFS -> Azure ACS -> Facebook, Twitter, …
Out of the box Authentication Process
Windows Azure Pack - Authentication  WAP => .Net Repository  WAP => Microsoft Azure Active Directory  WAP => MAAD with Multi-Factor Authentication  WAP => ADFS -> On premise Active Directory  WAP => ADFS -> Azure ACS -> Facebook, Twitter, …
Default Authentication Process  Users have to be provisioned manually  Users are not synced from another repository  WAP is using a .Net Repository -> Stored in the SQL => Your tenants/users have to use and maintain an extra set of credentials
Out of the box Authentication Process Demo
Microsoft Azure Active Diretory Introduction to MAAD
Windows Azure Pack - Authentication  WAP => .Net Repository  WAP => Microsoft Azure Active Directory  WAP => MAAD with Multi-Factor Authentication  WAP => ADFS -> On premise Active Directory  WAP => ADFS -> Azure ACS -> Facebook, Twitter, …
Microsoft Azure Active Directory  Identity and access management in the cloud  Your organization’s cloud directory  Used by o Windows Azure o Office 365 o Windows Intune  Can be integrated with on-premises AD  Integration with cloud applications o Single sign-on experience  App hosted in cloud  Users authenticate with corporate credentials
Authentication Process 1 - User connects to a SaaS Application 2 - User authenticates to Azure AD 3 - Azure AD returns a token 4 - Token is sent to the SaaS application 5 - Application validates token
Microsoft Azure Active Diretory Synchronization
Synchronization  Synchronize users from On-Premise to Online  User Management is done on-prem  Password Synchronization o A digest of the Windows Active Directory password hash is used for the transmission between the on-premises AD and Azure Active Directory. o The digest of the password hash cannot be used to access resources in the customer's on- premises environment.  Users have 1 set of credentials across on-prem and online o But 2 accounts
AAD Sync Services tool reached RTM  ADD Sync Services is now RTM o Self Service Password Reset write back to Windows AD o Multi-forest identity synchronization o Download: http://www.microsoft.com/en- us/download/details.aspx?id=44225 o Documentation: http://msdn.microsoft.com/en- us/library/azure/dn790204.aspx  DirSync / AAD Sync / FIM Tools Feature Comparison : http://msdn.microsoft.com/en-us/library/azure/dn798669.aspx
Azure Active Directory and WAP User connects to a SaaS Application User authenticates to Azure Azure AD returns a token Token is sent to the SaaS application Application validates token User connects to to Windows Azure Pack Portal User is redirected to Azure AD Authentication Portal User authenticates with Username and Password Azure Authentication redirects to Windows Azure Pack Portal User is authenticated in Windows Azure Pack Portal
Azure Active Directory and WAP Demo
Microsoft Azure Active Diretory Multi-Factor Authentication
Windows Azure Pack - Authentication  WAP => .Net Repository  WAP => Microsoft Azure Active Directory  WAP => MAAD with Multi-Factor Authentication  WAP => ADFS -> On premise Active Directory  WAP => ADFS -> Azure ACS -> Facebook, Twitter, …
Multi-Factor Authentication
Multi-Factor Authentication  Could be enable in Azure Active Directory  Authentication Process o Text Message (SMS) o Automated Phone Call o Multi-Factor Authentication Apps (IOS, Android and WP)  Two billing options o Per User o Per Authentication
Multi-Factor Authentication Demo
Active Directory Federation Service
Windows Azure Pack - Authentication  WAP => .Net Repository  WAP => Microsoft Azure Active Directory  WAP => MAAD with Multi-Factor Authentication  WAP => ADFS -> On premise Active Directory  WAP => ADFS -> Azure ACS -> Facebook, Twitter, …
Active Directory Federation Service  Authenticate users on third party systems o Another Company’s extranet o Service hosted by a cloud provider  Federate identity management between partner organizations  Claims based authorization  User Authentication o Form-base authentication o Windows Integrated Authentication
ADFS, on premise AD and WAP User connects to a SaaS Application User authenticates to ADFS - AD ADFS returns a token Token is sent to the SaaS application Application validates token User connects to to Windows Azure Pack Portal User is redirected to ADFS Authentication Portal User authenticates with on premise Username and Password ADFS Authentication Portal redirects to WAP Portal User is authenticated in Windows Azure Pack Portal
Active Directory Federation Service Demo
ADFS Authentication with external Identity Providers
Windows Azure Pack - Authentication  WAP => .Net Repository  WAP => Microsoft Azure Active Directory  WAP => MAAD with Multi-Factor Authentication  WAP => ADFS -> On premise Active Directory  WAP => ADFS -> Azure ACS -> Facebook, Google, Twitter, …
ADFS Authentication with external Identity Providers  New Claims Providers -Trust o On-prem ADFS trusts External ADFS o On-prem ADFS trusts Azure Access Control Service  Azure Active Directory  Google / MS Live / Facebook / …. Accounts ₋ “Design Interface” customization http://technet.microsoft.com/en-us/library/dn280950.aspx
ADFS Authentication with external Identity Providers - Demo
Conclusion
Windows Azure Pack - Authentication  WAP gives you a lot of flexibilities  Don’t keep the OOB Authentication process, go for o Microsoft Azure Active Directory o Active Directory Federation Service o Multi-Factor Authentication ‒ Try Microsoft Azure – 90 days free trial with 150€/month http://azure.microsoft.com/en-us/pricing/free-trial/  WAP is available at no additional cost http://www.microsoft.com/en-us/server-cloud/products/windows-azure-pack/
Feedback  Session feedback  SCU session planner  http://planning.systemcenteruniverse.ch  SCU WP app  Overall Conference feedback  Link sent by email after the conference  Remember: we will donate for every feedback we receive!
Our Other Sessions  PowerBI for System Center ( Kurt Van Hoecke & Alexandre Verkinderen)  18/09 09h15, Room: Sidney  Speedlab: Deploy a System Center 2012 Environment (Alexandre Verkinderen & Christopher Keyaert)  19/09 09h15, Room: Singapore  Savision BSM in the private Cloud (Alexandre Verkinderen)  19/09 12h00, Room: Miami
Windows Azure Pack - Authentication for your Clouds Christopher Keyaert Inovativ BE http://www.vnext.be @KeyaertC Alexandre Verkinderen Inovativ BE http://scug.be/scom @AlexVerkinderen

Recommended

ADFS + IAM
ADFS + IAMADFS + IAM
ADFS + IAM
Richard Harvey
 
Microsoft Azure Identity and O365
Microsoft Azure Identity and O365Microsoft Azure Identity and O365
Microsoft Azure Identity and O365
Kris Wagner
 
EWUG - Azure AD Pass-through Authentication and Seamless Single Sign-On
EWUG - Azure AD Pass-through Authentication and Seamless Single Sign-OnEWUG - Azure AD Pass-through Authentication and Seamless Single Sign-On
EWUG - Azure AD Pass-through Authentication and Seamless Single Sign-On
Peter Selch Dahl
 
Azure Global Bootcamp 2017 Azure AD Deployment
Azure Global Bootcamp 2017 Azure AD DeploymentAzure Global Bootcamp 2017 Azure AD Deployment
Azure Global Bootcamp 2017 Azure AD Deployment
Anthony Clendenen
 
Understanding Azure AD
Understanding Azure ADUnderstanding Azure AD
Understanding Azure AD
New Horizons Ireland
 
Using Windows Azure for Solving Identity Management Challenges (Visual Studio...
Using Windows Azure for Solving Identity Management Challenges (Visual Studio...Using Windows Azure for Solving Identity Management Challenges (Visual Studio...
Using Windows Azure for Solving Identity Management Challenges (Visual Studio...
Michael Collier
 
Windows Azure Active Directory
Windows Azure Active DirectoryWindows Azure Active Directory
Windows Azure Active Directory
Krunal Trivedi
 
Azure AD Presentation - @ BITPro - Ajay
Azure AD Presentation - @ BITPro - AjayAzure AD Presentation - @ BITPro - Ajay
Azure AD Presentation - @ BITPro - Ajay
Anoop Nair
 

Recommended

ADFS + IAM
ADFS + IAMADFS + IAM
ADFS + IAM
Richard Harvey
 
Microsoft Azure Identity and O365
Microsoft Azure Identity and O365Microsoft Azure Identity and O365
Microsoft Azure Identity and O365
Kris Wagner
 
EWUG - Azure AD Pass-through Authentication and Seamless Single Sign-On
EWUG - Azure AD Pass-through Authentication and Seamless Single Sign-OnEWUG - Azure AD Pass-through Authentication and Seamless Single Sign-On
EWUG - Azure AD Pass-through Authentication and Seamless Single Sign-On
Peter Selch Dahl
 
Azure Global Bootcamp 2017 Azure AD Deployment
Azure Global Bootcamp 2017 Azure AD DeploymentAzure Global Bootcamp 2017 Azure AD Deployment
Azure Global Bootcamp 2017 Azure AD Deployment
Anthony Clendenen
 
Understanding Azure AD
Understanding Azure ADUnderstanding Azure AD
Understanding Azure AD
New Horizons Ireland
 
Using Windows Azure for Solving Identity Management Challenges (Visual Studio...
Using Windows Azure for Solving Identity Management Challenges (Visual Studio...Using Windows Azure for Solving Identity Management Challenges (Visual Studio...
Using Windows Azure for Solving Identity Management Challenges (Visual Studio...
Michael Collier
 
Windows Azure Active Directory
Windows Azure Active DirectoryWindows Azure Active Directory
Windows Azure Active Directory
Krunal Trivedi
 
Azure AD Presentation - @ BITPro - Ajay
Azure AD Presentation - @ BITPro - AjayAzure AD Presentation - @ BITPro - Ajay
Azure AD Presentation - @ BITPro - Ajay
Anoop Nair
 
Identity in the cloud using Microsoft
Identity in the cloud using MicrosoftIdentity in the cloud using Microsoft
Identity in the cloud using Microsoft
Orbit One - We create coherence
 
Azure - Identity as a service
Azure - Identity as a serviceAzure - Identity as a service
Azure - Identity as a service
BizTalk360
 
Infra Project report2
Infra Project report2Infra Project report2
Infra Project report2
jitendra sharma
 
Azure active directory
Azure active directoryAzure active directory
Azure active directory
Raju Kumar
 
Azure Active Directory - An Introduction for Developers
Azure Active Directory - An Introduction for DevelopersAzure Active Directory - An Introduction for Developers
Azure Active Directory - An Introduction for Developers
John Garland
 
Azure hands on lab
Azure hands on labAzure hands on lab
Azure hands on lab
Atanas Gergiminov
 
Azure AD App Proxy Login Scenarios with an On Premises Applications - TSPUG
Azure AD App Proxy Login Scenarios with an On Premises Applications - TSPUGAzure AD App Proxy Login Scenarios with an On Premises Applications - TSPUG
Azure AD App Proxy Login Scenarios with an On Premises Applications - TSPUG
Roy Kim
 
Hitchhiker's Guide to Azure AD - SPS St Louis 2018
Hitchhiker's Guide to Azure AD - SPS St Louis 2018Hitchhiker's Guide to Azure AD - SPS St Louis 2018
Hitchhiker's Guide to Azure AD - SPS St Louis 2018
Max Fritz
 
Identity and o365 on Azure
Identity and o365 on AzureIdentity and o365 on Azure
Identity and o365 on Azure
Mostafa
 
Windows Azure Platform
Windows Azure PlatformWindows Azure Platform
Windows Azure Platform
David Chou
 
Colabora.dk - Azure PTA vs ADFS vs Desktop SSO
Colabora.dk - Azure PTA vs ADFS vs Desktop SSOColabora.dk - Azure PTA vs ADFS vs Desktop SSO
Colabora.dk - Azure PTA vs ADFS vs Desktop SSO
Peter Selch Dahl
 
Five Things You Didn't Know About Firebase Auth
Five Things You Didn't Know About Firebase AuthFive Things You Didn't Know About Firebase Auth
Five Things You Didn't Know About Firebase Auth
Peter Friese
 
Microsoft Azure ad in 10 slides
Microsoft Azure ad in 10 slidesMicrosoft Azure ad in 10 slides
Microsoft Azure ad in 10 slides
Andre Debilloez
 
Hitchhiker's Guide to Azure AD - SPSKC
Hitchhiker's Guide to Azure AD - SPSKCHitchhiker's Guide to Azure AD - SPSKC
Hitchhiker's Guide to Azure AD - SPSKC
Max Fritz
 
Azure Active Directory
Azure Active DirectoryAzure Active Directory
Azure Active Directory
Thurupathan Vijayakumar
 
AWS IAM and security
AWS IAM and securityAWS IAM and security
AWS IAM and security
Erik Paulsson
 
In Depth: AWS IAM and VPC
In Depth: AWS IAM and VPCIn Depth: AWS IAM and VPC
In Depth: AWS IAM and VPC
Amazon Web Services
 
AWS Partner Webcast - Get Closer to the Cloud with Federated Single Sign-On
AWS Partner Webcast - Get Closer to the Cloud with Federated Single Sign-OnAWS Partner Webcast - Get Closer to the Cloud with Federated Single Sign-On
AWS Partner Webcast - Get Closer to the Cloud with Federated Single Sign-On
Amazon Web Services
 
Developing Apps with Azure AD
Developing Apps with Azure ADDeveloping Apps with Azure AD
Developing Apps with Azure AD
SharePointRadi
 
Office 365-single-sign-on-with-adfs
Office 365-single-sign-on-with-adfsOffice 365-single-sign-on-with-adfs
Office 365-single-sign-on-with-adfs
amitchachra
 
Azure from scratch part 2 By Girish Kalamati
Azure from scratch part 2 By Girish KalamatiAzure from scratch part 2 By Girish Kalamati
Azure from scratch part 2 By Girish Kalamati
Girish Kalamati
 
Análisis de riesgos en Azure y protección de la información
Análisis de riesgos en Azure y protección de la informaciónAnálisis de riesgos en Azure y protección de la información
Análisis de riesgos en Azure y protección de la información
Plain Concepts
 

More Related Content

What's hot

Azure AD App Proxy Login Scenarios with an On Premises Applications - TSPUG
Azure AD App Proxy Login Scenarios with an On Premises Applications - TSPUGAzure AD App Proxy Login Scenarios with an On Premises Applications - TSPUG
Azure AD App Proxy Login Scenarios with an On Premises Applications - TSPUG
Roy Kim
 
AWS Partner Webcast - Get Closer to the Cloud with Federated Single Sign-On
AWS Partner Webcast - Get Closer to the Cloud with Federated Single Sign-OnAWS Partner Webcast - Get Closer to the Cloud with Federated Single Sign-On
AWS Partner Webcast - Get Closer to the Cloud with Federated Single Sign-On
Amazon Web Services
 

What's hot (20)

Identity in the cloud using Microsoft
Identity in the cloud using MicrosoftIdentity in the cloud using Microsoft
Identity in the cloud using Microsoft
 
Azure - Identity as a service
Azure - Identity as a serviceAzure - Identity as a service
Azure - Identity as a service
 
Infra Project report2
Infra Project report2Infra Project report2
Infra Project report2
 
Azure active directory
Azure active directoryAzure active directory
Azure active directory
 
Azure Active Directory - An Introduction for Developers
Azure Active Directory - An Introduction for DevelopersAzure Active Directory - An Introduction for Developers
Azure Active Directory - An Introduction for Developers
 
Azure hands on lab
Azure hands on labAzure hands on lab
Azure hands on lab
 
Azure AD App Proxy Login Scenarios with an On Premises Applications - TSPUG
Azure AD App Proxy Login Scenarios with an On Premises Applications - TSPUGAzure AD App Proxy Login Scenarios with an On Premises Applications - TSPUG
Azure AD App Proxy Login Scenarios with an On Premises Applications - TSPUG
 
Hitchhiker's Guide to Azure AD - SPS St Louis 2018
Hitchhiker's Guide to Azure AD - SPS St Louis 2018Hitchhiker's Guide to Azure AD - SPS St Louis 2018
Hitchhiker's Guide to Azure AD - SPS St Louis 2018
 
Identity and o365 on Azure
Identity and o365 on AzureIdentity and o365 on Azure
Identity and o365 on Azure
 
Windows Azure Platform
Windows Azure PlatformWindows Azure Platform
Windows Azure Platform
 
Colabora.dk - Azure PTA vs ADFS vs Desktop SSO
Colabora.dk - Azure PTA vs ADFS vs Desktop SSOColabora.dk - Azure PTA vs ADFS vs Desktop SSO
Colabora.dk - Azure PTA vs ADFS vs Desktop SSO
 
Five Things You Didn't Know About Firebase Auth
Five Things You Didn't Know About Firebase AuthFive Things You Didn't Know About Firebase Auth
Five Things You Didn't Know About Firebase Auth
 
Microsoft Azure ad in 10 slides
Microsoft Azure ad in 10 slidesMicrosoft Azure ad in 10 slides
Microsoft Azure ad in 10 slides
 
Hitchhiker's Guide to Azure AD - SPSKC
Hitchhiker's Guide to Azure AD - SPSKCHitchhiker's Guide to Azure AD - SPSKC
Hitchhiker's Guide to Azure AD - SPSKC
 
Azure Active Directory
Azure Active DirectoryAzure Active Directory
Azure Active Directory
 
AWS IAM and security
AWS IAM and securityAWS IAM and security
AWS IAM and security
 
In Depth: AWS IAM and VPC
In Depth: AWS IAM and VPCIn Depth: AWS IAM and VPC
In Depth: AWS IAM and VPC
 
AWS Partner Webcast - Get Closer to the Cloud with Federated Single Sign-On
AWS Partner Webcast - Get Closer to the Cloud with Federated Single Sign-OnAWS Partner Webcast - Get Closer to the Cloud with Federated Single Sign-On
AWS Partner Webcast - Get Closer to the Cloud with Federated Single Sign-On
 
Developing Apps with Azure AD
Developing Apps with Azure ADDeveloping Apps with Azure AD
Developing Apps with Azure AD
 
Office 365-single-sign-on-with-adfs
Office 365-single-sign-on-with-adfsOffice 365-single-sign-on-with-adfs
Office 365-single-sign-on-with-adfs
 

Similar to Multi-Factor Authentication for your clouds

Azure from scratch part 2 By Girish Kalamati
Azure from scratch part 2 By Girish KalamatiAzure from scratch part 2 By Girish Kalamati
Azure from scratch part 2 By Girish Kalamati
Girish Kalamati
 
CTU June 2011 - Windows Azure App Fabric
CTU June 2011 - Windows Azure App FabricCTU June 2011 - Windows Azure App Fabric
CTU June 2011 - Windows Azure App Fabric
Spiffy
 
O365-AzureAD Identity management
O365-AzureAD Identity managementO365-AzureAD Identity management
O365-AzureAD Identity management
David Pechon
 
AWS Innovate: Best of Both Worlds: Leveraging Hybrid IT with AWS- Dhruv Singhal
AWS Innovate: Best of Both Worlds: Leveraging Hybrid IT with AWS- Dhruv SinghalAWS Innovate: Best of Both Worlds: Leveraging Hybrid IT with AWS- Dhruv Singhal
AWS Innovate: Best of Both Worlds: Leveraging Hybrid IT with AWS- Dhruv Singhal
Amazon Web Services Korea
 
Premier Webcast - Identity Management with Windows Azure AD
Premier Webcast - Identity Management with Windows Azure ADPremier Webcast - Identity Management with Windows Azure AD
Premier Webcast - Identity Management with Windows Azure AD
uberbaum
 
Best Practices for Active Directory with AWS Workloads
Best Practices for Active Directory with AWS WorkloadsBest Practices for Active Directory with AWS Workloads
Best Practices for Active Directory with AWS Workloads
Amazon Web Services
 
AWS re:Invent 2016: Managing and Supporting the Windows Platform on AWS (GPSS...
AWS re:Invent 2016: Managing and Supporting the Windows Platform on AWS (GPSS...AWS re:Invent 2016: Managing and Supporting the Windows Platform on AWS (GPSS...
AWS re:Invent 2016: Managing and Supporting the Windows Platform on AWS (GPSS...
Amazon Web Services
 

Similar to Multi-Factor Authentication for your clouds (20)

Azure from scratch part 2 By Girish Kalamati
Azure from scratch part 2 By Girish KalamatiAzure from scratch part 2 By Girish Kalamati
Azure from scratch part 2 By Girish Kalamati
 
Análisis de riesgos en Azure y protección de la información
Análisis de riesgos en Azure y protección de la informaciónAnálisis de riesgos en Azure y protección de la información
Análisis de riesgos en Azure y protección de la información
 
Azure Community Tour 2019 - AZUGDK
Azure Community Tour 2019 - AZUGDKAzure Community Tour 2019 - AZUGDK
Azure Community Tour 2019 - AZUGDK
 
Azure-AD.pptx
Azure-AD.pptxAzure-AD.pptx
Azure-AD.pptx
 
(ENT401) Hybrid Infrastructure Integration | AWS re:Invent 2014
(ENT401) Hybrid Infrastructure Integration | AWS re:Invent 2014(ENT401) Hybrid Infrastructure Integration | AWS re:Invent 2014
(ENT401) Hybrid Infrastructure Integration | AWS re:Invent 2014
 
What's new in Azure Active Directory and what's coming new ?
What's new in Azure Active Directory and what's coming new ?What's new in Azure Active Directory and what's coming new ?
What's new in Azure Active Directory and what's coming new ?
 
CTU June 2011 - Windows Azure App Fabric
CTU June 2011 - Windows Azure App FabricCTU June 2011 - Windows Azure App Fabric
CTU June 2011 - Windows Azure App Fabric
 
O365-AzureAD Identity management
O365-AzureAD Identity managementO365-AzureAD Identity management
O365-AzureAD Identity management
 
Building a chat app with windows azure mobile services
Building a chat app with windows azure mobile servicesBuilding a chat app with windows azure mobile services
Building a chat app with windows azure mobile services
 
Azure PTA vs ADFS vs Desktop SSO
Azure PTA vs ADFS vs Desktop SSOAzure PTA vs ADFS vs Desktop SSO
Azure PTA vs ADFS vs Desktop SSO
 
Put Your Existing Application On Windows Azure
Put Your Existing Application On Windows AzurePut Your Existing Application On Windows Azure
Put Your Existing Application On Windows Azure
 
Identity Management for Office 365 and Microsoft Azure
Identity Management for Office 365 and Microsoft AzureIdentity Management for Office 365 and Microsoft Azure
Identity Management for Office 365 and Microsoft Azure
 
AWS Innovate: Best of Both Worlds: Leveraging Hybrid IT with AWS- Dhruv Singhal
AWS Innovate: Best of Both Worlds: Leveraging Hybrid IT with AWS- Dhruv SinghalAWS Innovate: Best of Both Worlds: Leveraging Hybrid IT with AWS- Dhruv Singhal
AWS Innovate: Best of Both Worlds: Leveraging Hybrid IT with AWS- Dhruv Singhal
 
Premier Webcast - Identity Management with Windows Azure AD
Premier Webcast - Identity Management with Windows Azure ADPremier Webcast - Identity Management with Windows Azure AD
Premier Webcast - Identity Management with Windows Azure AD
 
Best Practices for Active Directory with AWS Workloads
Best Practices for Active Directory with AWS WorkloadsBest Practices for Active Directory with AWS Workloads
Best Practices for Active Directory with AWS Workloads
 
Microsoft Azure Kimlik Yönetimi
Microsoft Azure Kimlik YönetimiMicrosoft Azure Kimlik Yönetimi
Microsoft Azure Kimlik Yönetimi
 
AWS re:Invent 2016: Managing and Supporting the Windows Platform on AWS (GPSS...
AWS re:Invent 2016: Managing and Supporting the Windows Platform on AWS (GPSS...AWS re:Invent 2016: Managing and Supporting the Windows Platform on AWS (GPSS...
AWS re:Invent 2016: Managing and Supporting the Windows Platform on AWS (GPSS...
 
Azure Mobile Services Workshop
Azure Mobile Services WorkshopAzure Mobile Services Workshop
Azure Mobile Services Workshop
 
Securing your Azure Identity Infrastructure
Securing your Azure Identity InfrastructureSecuring your Azure Identity Infrastructure
Securing your Azure Identity Infrastructure
 
Integrating your on-premises Active Directory with Azure and Office 365
Integrating your on-premises Active Directory with Azure and Office 365Integrating your on-premises Active Directory with Azure and Office 365
Integrating your on-premises Active Directory with Azure and Office 365
 

More from Alexandre Verkinderen

More from Alexandre Verkinderen (10)

Scu2016 Azure Best practices
Scu2016 Azure Best practicesScu2016 Azure Best practices
Scu2016 Azure Best practices
 
Scu2016 OMS and PowerBI
Scu2016 OMS and PowerBIScu2016 OMS and PowerBI
Scu2016 OMS and PowerBI
 
Build cloud os in one day belgium
Build cloud os in one day belgiumBuild cloud os in one day belgium
Build cloud os in one day belgium
 
Microsoft azure pack overview
Microsoft azure pack overviewMicrosoft azure pack overview
Microsoft azure pack overview
 
Getting Started with Orchestrator and Service Manager
Getting Started with Orchestrator and Service ManagerGetting Started with Orchestrator and Service Manager
Getting Started with Orchestrator and Service Manager
 
Building Disaster Recovery as a Service:
Building Disaster Recovery as a Service:Building Disaster Recovery as a Service:
Building Disaster Recovery as a Service:
 
PowerShell Deployment Toolkit
PowerShell Deployment ToolkitPowerShell Deployment Toolkit
PowerShell Deployment Toolkit
 
Scu 2014 pdt final
Scu 2014 pdt finalScu 2014 pdt final
Scu 2014 pdt final
 
Expertslive azure site recovery
Expertslive azure site recovery Expertslive azure site recovery
Expertslive azure site recovery
 
SCU Asia System Center: Beyond orchestrator
SCU Asia System Center: Beyond orchestratorSCU Asia System Center: Beyond orchestrator
SCU Asia System Center: Beyond orchestrator
 

Recently uploaded

Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
UK Journal
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
vu2urc
 

Recently uploaded (20)

What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdf
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 

Multi-Factor Authentication for your clouds

  • 1. Windows Azure Pack - Authentication for your Clouds Alexandre Verkinderen Inovativ BE SCCDM MVP @AlexVerkinderen Christopher Keyaert Inovativ BE SCCDM MVP @KeyaertC
  • 2. What is this all about?  Introduction  Out of the box Authentication process  Microsoft Azure Active Directory  Introduction to MAAD  Azure Active Directory Synchronization Services  Multi-factor authentication  Active Directory Federation Service  ADFS with external identity providers  Conclusion
  • 4. Windows Azure Pack – CloudOS vision
  • 5.
  • 6. Windows Azure Pack - Authentication  WAP => .Net Repository  WAP => Microsoft Azure Active Directory  WAP => MAAD with Multi-Factor Authentication  WAP => ADFS -> On premise Active Directory  WAP => ADFS -> Azure ACS -> Facebook, Twitter, …
  • 7. Out of the box Authentication Process
  • 8. Windows Azure Pack - Authentication  WAP => .Net Repository  WAP => Microsoft Azure Active Directory  WAP => MAAD with Multi-Factor Authentication  WAP => ADFS -> On premise Active Directory  WAP => ADFS -> Azure ACS -> Facebook, Twitter, …
  • 9. Default Authentication Process  Users have to be provisioned manually  Users are not synced from another repository  WAP is using a .Net Repository -> Stored in the SQL => Your tenants/users have to use and maintain an extra set of credentials
  • 10. Out of the box Authentication Process Demo
  • 11. Microsoft Azure Active Diretory Introduction to MAAD
  • 12. Windows Azure Pack - Authentication  WAP => .Net Repository  WAP => Microsoft Azure Active Directory  WAP => MAAD with Multi-Factor Authentication  WAP => ADFS -> On premise Active Directory  WAP => ADFS -> Azure ACS -> Facebook, Twitter, …
  • 13. Microsoft Azure Active Directory  Identity and access management in the cloud  Your organization’s cloud directory  Used by o Windows Azure o Office 365 o Windows Intune  Can be integrated with on-premises AD  Integration with cloud applications o Single sign-on experience  App hosted in cloud  Users authenticate with corporate credentials
  • 14. Authentication Process 1 - User connects to a SaaS Application 2 - User authenticates to Azure AD 3 - Azure AD returns a token 4 - Token is sent to the SaaS application 5 - Application validates token
  • 15. Microsoft Azure Active Diretory Synchronization
  • 16. Synchronization  Synchronize users from On-Premise to Online  User Management is done on-prem  Password Synchronization o A digest of the Windows Active Directory password hash is used for the transmission between the on-premises AD and Azure Active Directory. o The digest of the password hash cannot be used to access resources in the customer's on- premises environment.  Users have 1 set of credentials across on-prem and online o But 2 accounts
  • 17. AAD Sync Services tool reached RTM  ADD Sync Services is now RTM o Self Service Password Reset write back to Windows AD o Multi-forest identity synchronization o Download: http://www.microsoft.com/en- us/download/details.aspx?id=44225 o Documentation: http://msdn.microsoft.com/en- us/library/azure/dn790204.aspx  DirSync / AAD Sync / FIM Tools Feature Comparison : http://msdn.microsoft.com/en-us/library/azure/dn798669.aspx
  • 18. Azure Active Directory and WAP User connects to a SaaS Application User authenticates to Azure Azure AD returns a token Token is sent to the SaaS application Application validates token User connects to to Windows Azure Pack Portal User is redirected to Azure AD Authentication Portal User authenticates with Username and Password Azure Authentication redirects to Windows Azure Pack Portal User is authenticated in Windows Azure Pack Portal
  • 19. Azure Active Directory and WAP Demo
  • 20. Microsoft Azure Active Diretory Multi-Factor Authentication
  • 21. Windows Azure Pack - Authentication  WAP => .Net Repository  WAP => Microsoft Azure Active Directory  WAP => MAAD with Multi-Factor Authentication  WAP => ADFS -> On premise Active Directory  WAP => ADFS -> Azure ACS -> Facebook, Twitter, …
  • 23. Multi-Factor Authentication  Could be enable in Azure Active Directory  Authentication Process o Text Message (SMS) o Automated Phone Call o Multi-Factor Authentication Apps (IOS, Android and WP)  Two billing options o Per User o Per Authentication
  • 26. Windows Azure Pack - Authentication  WAP => .Net Repository  WAP => Microsoft Azure Active Directory  WAP => MAAD with Multi-Factor Authentication  WAP => ADFS -> On premise Active Directory  WAP => ADFS -> Azure ACS -> Facebook, Twitter, …
  • 27. Active Directory Federation Service  Authenticate users on third party systems o Another Company’s extranet o Service hosted by a cloud provider  Federate identity management between partner organizations  Claims based authorization  User Authentication o Form-base authentication o Windows Integrated Authentication
  • 28. ADFS, on premise AD and WAP User connects to a SaaS Application User authenticates to ADFS - AD ADFS returns a token Token is sent to the SaaS application Application validates token User connects to to Windows Azure Pack Portal User is redirected to ADFS Authentication Portal User authenticates with on premise Username and Password ADFS Authentication Portal redirects to WAP Portal User is authenticated in Windows Azure Pack Portal
  • 30. ADFS Authentication with external Identity Providers
  • 31. Windows Azure Pack - Authentication  WAP => .Net Repository  WAP => Microsoft Azure Active Directory  WAP => MAAD with Multi-Factor Authentication  WAP => ADFS -> On premise Active Directory  WAP => ADFS -> Azure ACS -> Facebook, Google, Twitter, …
  • 32. ADFS Authentication with external Identity Providers  New Claims Providers -Trust o On-prem ADFS trusts External ADFS o On-prem ADFS trusts Azure Access Control Service  Azure Active Directory  Google / MS Live / Facebook / …. Accounts ₋ “Design Interface” customization http://technet.microsoft.com/en-us/library/dn280950.aspx
  • 33. ADFS Authentication with external Identity Providers - Demo
  • 35. Windows Azure Pack - Authentication  WAP gives you a lot of flexibilities  Don’t keep the OOB Authentication process, go for o Microsoft Azure Active Directory o Active Directory Federation Service o Multi-Factor Authentication ‒ Try Microsoft Azure – 90 days free trial with 150€/month http://azure.microsoft.com/en-us/pricing/free-trial/  WAP is available at no additional cost http://www.microsoft.com/en-us/server-cloud/products/windows-azure-pack/
  • 36. Feedback  Session feedback  SCU session planner  http://planning.systemcenteruniverse.ch  SCU WP app  Overall Conference feedback  Link sent by email after the conference  Remember: we will donate for every feedback we receive!
  • 37. Our Other Sessions  PowerBI for System Center ( Kurt Van Hoecke & Alexandre Verkinderen)  18/09 09h15, Room: Sidney  Speedlab: Deploy a System Center 2012 Environment (Alexandre Verkinderen & Christopher Keyaert)  19/09 09h15, Room: Singapore  Savision BSM in the private Cloud (Alexandre Verkinderen)  19/09 12h00, Room: Miami
  • 38. Windows Azure Pack - Authentication for your Clouds Christopher Keyaert Inovativ BE http://www.vnext.be @KeyaertC Alexandre Verkinderen Inovativ BE http://scug.be/scom @AlexVerkinderen

Editor's Notes

  1. CKE
  2. CKE
  3. Alex
  4. Alex
  5. Alex
  6. Alex
  7. Alex
  8. Alex
  9. Alex
  10. Alex
  11. CKE
  12. CKE
  13. CKE
  14. CKE
  15. CKE
  16. CKE
  17. CKE
  18. CKE
  19. CKE
  20. Alex
  21. Alex
  22. Alex
  23. Alex Generally for enterprises that want to enable multi-factor authentication for a fixed number of employees who regularly need authentication. Generally for enterprises that want to enable multi-factor authentication for a large group of external users who infrequently need authentication
  24. Alex
  25. CKE
  26. CKE
  27. CKE Compare ADFS and Azure Active Directory
  28. CKE
  29. CKE
  30. Alex
  31. Alex
  32. Alex
  33. Alex + (CKE)
  34. CKE
  35. CKE
  36. CKE
  37. Alex
  38. CKE