Office 365 and Cloud Identity – What Does It Mean For Me?


Published on

Office 365 brings a host of productivity options, but one of the most overlooked components is how we'll authenticate to The Cloud™. With Azure Active Directory (AAD) driving access and authentication to our Office 365 tenants, it is important to understand how we can interact with it. Join us as we explore Cloud Identity, identity federation, directory synchronisation, and most importantly Azure and its impacts on user experience and access Office 365. Throughout this session, we'll answer the questions that impact you and how your decisions around identity shape your Office 365 experience.

Published in: Technology
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Office 365 and Cloud Identity – What Does It Mean For Me?

  1. 1. S H A R E P O I N T CONFERENCES 2 0 1 4 Scott Hoag STP1413
  2. 2. #auspc #nzspc #spt1413
  3. 3. #auspc #nzspc #spt1413 Identity Management in Office 365 Identity Scenarios Synchronisation Demo Add-ons and More to Think About 1 2 3 4
  4. 4. #auspc #nzspc #spt1413
  5. 5. #auspc #nzspc #spt1413 What is Identity Management? “Identity management (IdM) describes the management of individual principals, their authentication, authorisation, and privileges within or across system and enterprise boundaries with the goal of increasing security and productivity while decreasing cost, downtime and repetitive tasks.”
  6. 6. #auspc #nzspc #spt1413 Authentication and Authorization Verifying that a user, device, or service such as an application provided on a network server is the entity that it claims to be. Determining which actions an authenticated entity is authorized to perform on the network Authentication Authorization
  7. 7. #auspc #nzspc #spt1413  Single Sign On (SSO) is the ability for two disjoint Identity Providers (IDP) to trust each other such that a user logged in to one does not need to log in again for the second  Relying Party (RP) is the system that relies on the IDP to authenticate a user Security Assertion Markup Language (SAML) SAML is a public standard managed by OASIS. SAML is the identity token and also the protocol. WSFED is used for web browser-based authentication with an IDP. WS-Trust is used by Office client apps to authenticate.* WS-Federation (WSFED) / WS-Trust
  8. 8. #auspc #nzspc #spt1413 WS-Federation WS-Trust SAML 2.0 Metadata Shibboleth Graph API
  9. 9. #auspc #nzspc #spt1413User Microsoft Account Ex: User Organizational Account Ex: Microsoft Account Azure Active Directory
  10. 10. #auspc #nzspc #spt1413 What is AAD? “Azure Active Directory is a comprehensive identity and access management cloud solution that provides a robust set of capabilities to manage users and groups and help secure access to applications including Microsoft online services like Office 365 and a world of non-Microsoft SaaS applications.”
  11. 11. #auspc #nzspc #spt1413
  12. 12. #auspc #nzspc #spt1413
  13. 13. #auspc #nzspc #spt1413 Cloud Identity Zero on-premises servers On-premises directory restructuring Pilots and Proof of Concept
  14. 14. #auspc #nzspc #spt1413 Synchronized Identity Federation is not required Simple Sign On is acceptable
  15. 15. #auspc #nzspc #spt1413 Federated Identity  Already have ADFS or a 3rd party IDP  Require immediate disable or Sign-in Audit  SSO is required  Multiple Forests  CAC or on-premises MFA  Business requires it
  16. 16. #auspc #nzspc #spt1413 On your terms
  17. 17. #auspc #nzspc #spt1413
  18. 18. #auspc #nzspc #spt1413 What are we going to do? Office 365 E3 Tenant Configure DirSync  Users in targeted OU  One way password sync  Alternate Login ID
  19. 19. #auspc #nzspc #spt1413  Logon to the Portal  Select Users and groups and then activate DirSync  Select Users and Groups and click Set up Active Directory synchronization  Activate Directory Synchronization  Wait for DirSync to enable  Review all documentation, follow the implementation steps, and download DirSync Form DirSync server Download DirSync
  20. 20. #auspc #nzspc #spt1413  Logon to DirSync server and run setup  Follow setup wizard  When finished, option to start the configuration wizard
  21. 21. #auspc #nzspc #spt1413 Run configuration wizard Provide O365admin creds Provide AD admin creds If Exchange hybrid, configure “write-back” Password sync option Create configuration When finished, option to run synchronization
  22. 22. #auspc #nzspc #spt1413
  23. 23. #auspc #nzspc #spt1413  When your on-premises UPN is non-routable on the public internet and you can’t easily update UPN suffixes  Requires Windows Server 2012 R2 for AD FS*  Requires comfort with FIM and editing Management Agents
  24. 24. #auspc #nzspc #spt1413  DirSync for LDAPv3  Supports multiple forests  Doesn’t include password hash sync  Includes write back capability with Azure AD Premium subscription  Availability  Preview now available at:  Release later in 2014  Target Identity Providers  Same as FIM 2010 R2 connector  FIM connector details at
  25. 25. #auspc #nzspc #spt1413  SSO with passive authentication  Works with WSFED and SAML 2.0  Planned for later in 2014  Will require Office Client updates  Move to Active Directory Authentication Library (ADAL)  OAUTH for passive authentication  Support for MFA with AAD  CAC/PIV support SAML 2.0
  26. 26. #auspc #nzspc #spt1413  What is it?  Qualification of third party identity providers for federation with Office 365. Microsoft supports Office 365 only when qualified third party identity providers are used.  Program Requirements  Published Qualification Requirements  Published Technical Integration Docs  Automated Testing Tool  Self Testing work by Partner  Predictable and Shorter Qualification  *For representative purposes only. WS-Trust & WS- Federation SAML (passive auth) Active Directory with ADFS • Flexibility to reuse existing identity provider investments • Confidence that the solution is qualified by Microsoft • Coordinated support between the partner and Microsoft Customer Benefits
  27. 27. #auspc #nzspc #spt1413 Suitable for medium, large enterprises including educational organizations Suitable for medium, large enterprises including educational organizations Suitable for educational organizations For organizations that need to use SAML 2.0
  28. 28. #auspc #nzspc #spt1413
  29. 29. #auspc #nzspc #spt1413 WS-Federation WS-Trust
  30. 30. #auspc #nzspc #spt1413 Identity Management in Office 365 Identity Scenarios Synchronisation Demo Add-ons and More to Think About    
  31. 31. #auspc #nzspc #spt1413
  32. 32. #auspc #nzspc #spt1413  Use third-party identity providers to implement single sign-on  Deployment scenarios for Office 365 with single sign- on and Azure  Choosing a sign-in model for Office 365  Password hash sync simplifies user management for Office 365  Using Alternate Login IDs with Azure Active Directory  Office 365 SAML 2.0 Federation Implementer’s Guide  Simplified login to Yammer from Office 365  Multi-Factor Authentication for Office 365  Office 365 User Account Management
  33. 33. #auspc #nzspc #spt1413 Thank you to our sponsors