SlideShare a Scribd company logo

AD FS Workshop | Part 1 | Quick Overview

Download as PPTX, PDF
Granikos GmbH & Co. KG
Granikos GmbH & Co. KG

Active Directory Federation Services (AD FS) enables single sign-on access to resources across organizational networks. It provides authentication using methods like forms, certificates, and Windows authentication. AD FS versions have been released with different Windows Server operating systems. Planning considerations for AD FS include network topology, high availability, certificates, and capacity. AD FS relies on security token services, and works with Azure Active Directory and password synchronization to provide federated access to cloud applications and resources.

Technology
1 of 20
Active Directory Federation Services Thomas Stensitzki
AD FS | Quick Overview Page  2
What is AD FS  AD FS  Active Directory Federation Services  AD FS provides the infrastructure that enables a user to authenticate in one network and use a secure service or application in another network  Authentication Methods - Resources accessed from outside the corporate network - Forms authentication - Certificate authentication | Smart Card, Soft Certificate - Resources accessed from inside the corporate network - Windows Authentication  Device authentication can provide a secondary authentication method when multi-factor authentication (MFA) is required Page  3
AD FS Versions  AD FS 1.0 was originally released as a Windows component with Windows Server 2003 R2.  AD FS 1.1 was released with Windows Server 2008 and Windows Server 2008 R2, as an installable server role.  AD FS 2.0 was released as an installable download for Windows Server 2008 SP2 or above.  AD FS 2.1 was released with Windows Server 2012 as an installable server role.  AD FS 3.0 is an installable server role on Windows Server 2012 R2. AD FS 3.0 does not require a separate IIS install and it includes a new AD FS proxy role called the Web Application Proxy.  AD FS 4.0 released with Windows Server 2016 Page  4
How AD FS works  Security token service (STS) infrastructure - Active Directory Federation Services - Shibboleth Identity Provider - Third-Party Identity Providers  AD FS and AAD Connect - Account synchronization for federated domain users  AAD Connect, Password Sync and AD FS - AAD Connect w/o Password Sync does not store password hashes in Azure AD  No failback, if AD FS is not available - AAD Connect w/ Password Sync synchronizes password hash to Azure AD  Convert federated domain to standard, if AD FS is not available Page  5
Azure AD Federation Compatibility - Optimal IDM Virtual Identity Server Federation Services - PingFederate 6.11, 7.2, 8.x - Centrify - IBM Tivoli Federated Identity Manager 6.2.2 - SecureAuth IdP 7.2.0 - CA SiteMinder 12.52 - RadiantOne CFS 3.0 - Okta - OneLogin - NetIQ Access Manager 4.0.1 - BIG-IP with Access Policy Manager BIG-IP ver. 11.3x – 11.6x - VMware Workspace Portal version 2.1 - Sign&go 5.3 - IceWall Federation Version 3.0 - CA Secure Cloud - Dell One Identity Cloud Access Manager v7.1 - AuthAnvil Single Sign On 4.5 - Sailpoint IdentityNow Active Directory Federation Services Page  6
AD FS Planning Considerations (1)  Preparation for end devices and browsers  Placement of AD FS servers and proxies  Appropriate internal network topologies for farms/proxies  Check AD for non-supported characters, and invalid data  Preparation of DNS host names records  Purchase or issuing of certificates Page  7
AD FS Planning Considerations (2)  Configuration of firewalls for AD FS-related ports - TCP 443  Selection of appropriate AD FS database technology - Windows Internal Database or SQL Server  Capacity planning to determine required servers, and server specifications - Number users to authenticate, number of relying party trusts  Planning for AD FS High Availability  Preparation for multifactor authentication  Planning for access filtering using claims rules Page  8
AD FS Clients  Microsoft Online Services Sign-In Assistant - Office 365 Desktop setup - System Center Configuration Manager - Manual install  Modern Browsers with JScript - Internet Explorer - Mozilla Firefox - Safari Page  9
ADAL  ADAL  Active Directory Authentication Library  ADAL works with OAuth 2.0 to enable more authentication and authorization scenarios  Utilizes AD FS Infrastructure  Office 2016 clients support modern authentication by default Link: How modern authentication works for Office 2013 and Office 2016 client apps Page  10
AD FS Topologies (1)  Stand-alone server versus server farm - Always create a server farm, even with one server  Windows Internal Database (WID) versus SQL Server  Number of Servers Page  11 1 - 100 Relying Party (RP) Trusts More than 100 RP Trusts 1 - 30 AD FS Nodes WID Supported WID not supported - SQL Required More than 30 AD FS Nodes WID not supported - SQL Required WID not supported - SQL Required Number of users Minimum number of servers (Source: Microsoft) < 1.000 0 dedicated federation server, can co-locate on DC 0 dedicated federation server proxy, can co-locate on web server 1.000 – 15.000 2 dedicated federation servers 2 dedicated federation server proxies 15.000 – 60.000 3 – 5 dedicated federation servers Min 2 dedicated federation server proxies
AD FS Topologies (2)  AD FS Proxies - Not mandatory but recommended for extranet/internet users  Server Placement - AD FS servers are domain joined are located in the internal network - AD FS proxy servers should not be domain joined and are located in the perimeter network fs.contoso.com 172.16.1.3 wap1.contoso.com 192.0.2.1 wap2.contoso.com 192.0.2.2 AD FS Proxies Perimeter Network fs.contoso.com 192.0.2.3 fs2.lan.contoso.com 172.16.1.2 Federation Server Farm Internal Network fs1.lan.contoso.com 172.16.1.1 fs.contoso.com PUBLIC IP Internal Users ExternalUsers
AD FS Requirements (1)  Active Directory - Domain controllers running Windows Server 2008 or later - Windows Server 2016 domain controller for Microsoft Passport - Account domain and AD FS server domain must be operating at DFL Windows Server 2003 - User account client certificate authentication requires DFL Windows Server 2008 - Check on-premises Active Directory for UPN domain - Remediate UPN for invalid characters  DNS and namespaces - Namespace planning, e.g. sts, fs or adfs - All clients must be able to resolve either internal or external AD FS service name - Windows Integrated authentication requires a DNS A record, not a CNAME record Page  13
AD FS Requirements (2)  Certificates - Same SSL certificate for AD FS and Web Application proxies - Common name of the certificate should match the service name - User certificate authentication requires certauth.[federation service name] as SAN - Device registration or modern authentication for pre-Windows 10 clients requires enterpriseregistration.[UPN suffix] as SAN]  Network - Firewall policy to allow HTTPS on TCP 443 - Client user certificate authentication requires TCP 49443 to Web Application proxy, if certauth on 443 is not enabled  Database - Windows Internal Database - SQL Server 2008 or higher Page  14
AD FS Capacity Planning  AD FS Capacity Planning Sizing Spreadsheet: - Number of users requiring SSO access - Number of users sending authentication requests (peak) - Duration of peak usage period - Geo redundancy information - AD FS Proxy information Link: AD FS 2016 Capacity Planning Spreadsheet Page  15
High Availability for AD FS  Why HA is essential - Federated sources are not accessible when AD FS fails or is not reachable  Load Balancing - Use a simple Load Balancing solution  Protecting SQL Server - SQL Cluster - SQL failover partner  Office 365 Adapter for Windows Azure Virtual Machines - White paper: Office 365 Adapter - Deploying Office 365 single sign-on using Azure Virtual Machines https://technet.microsoft.com/en-us/library/dn509539.aspx - Deployment scenarios for Office 365 with single sign-on and Azure https://technet.microsoft.com/en-us/library/dn509537.aspx Page  16
High Availability for AD FS – Azure for Disaster Recovery Page  17 VPNTunnel AD DS 1x AAD Connect 1x AD FS 1x AD FS Proxy 2x AD DS AD FS AAD Connect AD FS AD FS Proxy AD FS Proxy
High Availability for AD FS – Azure Only Page  18 VPNTunnel AD DS 1x AAD Connect 1x AD FS 1x AD FS Proxy 2x AD DS
Best Practices for AD FS  Plan for AD FS proxy servers  Avoid having federation servers directly accessible on the Internet  Prepare DNS - Split DNS requires proper DNS zone maintenance  Networking, firewall, and security design  Ensure certificates export includes private key Page  19
Page  20 Questions Thomas Stensitzki Expert Granikos GmbH & Co. KG MCSM Messaging, MCM: Exchange 2010 MCT, MCSE, MCITP, MCTS, MCSA, MCSA:M E-Mail: thomas.stensitzki@granikos.eu Web: http://www.Granikos.eu Blog: http://blog.Granikos.eu Blog: http://JustCantGetEnough.Granikos.eu

Recommended

Adfs azure
Adfs azureAdfs azure
Adfs azureJethro Seghers
 
Office 365-single-sign-on-with-adfs
Office 365-single-sign-on-with-adfsOffice 365-single-sign-on-with-adfs
Office 365-single-sign-on-with-adfsamitchachra
 
Directory Synchronization Single Sign-On in Office 365
Directory Synchronization Single Sign-On in Office 365Directory Synchronization Single Sign-On in Office 365
Directory Synchronization Single Sign-On in Office 365InnoTech
 
Adfs Shib Interop Um Oxford
Adfs Shib Interop Um OxfordAdfs Shib Interop Um Oxford
Adfs Shib Interop Um Oxfordguestd9aa5
 
Web Center Services and Framework
Web Center Services and FrameworkWeb Center Services and Framework
Web Center Services and FrameworkJaime Cid
 
O365-AzureAD Identity management
O365-AzureAD Identity managementO365-AzureAD Identity management
O365-AzureAD Identity managementDavid Pechon
 
Supporting architecture for office 365 spo
Supporting architecture for office 365 spoSupporting architecture for office 365 spo
Supporting architecture for office 365 spoJethro Seghers
 
Ad ds rodc
Ad ds rodcAd ds rodc
Ad ds rodcKartik. Solanki
 

Recommended

Adfs azure
Adfs azureAdfs azure
Adfs azureJethro Seghers
 
Office 365-single-sign-on-with-adfs
Office 365-single-sign-on-with-adfsOffice 365-single-sign-on-with-adfs
Office 365-single-sign-on-with-adfsamitchachra
 
Directory Synchronization Single Sign-On in Office 365
Directory Synchronization Single Sign-On in Office 365Directory Synchronization Single Sign-On in Office 365
Directory Synchronization Single Sign-On in Office 365InnoTech
 
Adfs Shib Interop Um Oxford
Adfs Shib Interop Um OxfordAdfs Shib Interop Um Oxford
Adfs Shib Interop Um Oxfordguestd9aa5
 
Web Center Services and Framework
Web Center Services and FrameworkWeb Center Services and Framework
Web Center Services and FrameworkJaime Cid
 
O365-AzureAD Identity management
O365-AzureAD Identity managementO365-AzureAD Identity management
O365-AzureAD Identity managementDavid Pechon
 
Supporting architecture for office 365 spo
Supporting architecture for office 365 spoSupporting architecture for office 365 spo
Supporting architecture for office 365 spoJethro Seghers
 
Ad ds rodc
Ad ds rodcAd ds rodc
Ad ds rodcKartik. Solanki
 
OFM AIA FP Implementation View and Case Study
OFM AIA FP Implementation View and Case StudyOFM AIA FP Implementation View and Case Study
OFM AIA FP Implementation View and Case StudySreenivasa Setty
 
Troubleshooting Federation, ADFS, and More
Troubleshooting Federation, ADFS, and More Troubleshooting Federation, ADFS, and More
Troubleshooting Federation, ADFS, and More Microsoft TechNet - Belgium and Luxembourg
 
How to provide AD, ADFS, DirSync in Windows Azure and hook it up with Office 365
How to provide AD, ADFS, DirSync in Windows Azure and hook it up with Office 365How to provide AD, ADFS, DirSync in Windows Azure and hook it up with Office 365
How to provide AD, ADFS, DirSync in Windows Azure and hook it up with Office 365Microsoft TechNet - Belgium and Luxembourg
 
Colabora.dk - Azure PTA vs ADFS vs Desktop SSO
Colabora.dk - Azure PTA vs ADFS vs Desktop SSOColabora.dk - Azure PTA vs ADFS vs Desktop SSO
Colabora.dk - Azure PTA vs ADFS vs Desktop SSOPeter Selch Dahl
 
How to deploy SharePoint 2010 to external users?
How to deploy SharePoint 2010 to external users?How to deploy SharePoint 2010 to external users?
How to deploy SharePoint 2010 to external users?rlsoft
 
SOA - From Webservices to APIs
SOA - From Webservices to APIsSOA - From Webservices to APIs
SOA - From Webservices to APIsHolger Reinhardt
 
ibm websphere admin training | websphere admin course | ibm websphere adminis...
ibm websphere admin training | websphere admin course | ibm websphere adminis...ibm websphere admin training | websphere admin course | ibm websphere adminis...
ibm websphere admin training | websphere admin course | ibm websphere adminis...Nancy Thomas
 
DataPower Restful API Security
DataPower Restful API SecurityDataPower Restful API Security
DataPower Restful API SecurityJagadish Vemugunta
 
IdP, SAML, OAuth
IdP, SAML, OAuthIdP, SAML, OAuth
IdP, SAML, OAuthDan Brinkmann
 
SharePoint 2010 Extranets and Authentication: How will SharePoint 2010 connec...
SharePoint 2010 Extranets and Authentication: How will SharePoint 2010 connec...SharePoint 2010 Extranets and Authentication: How will SharePoint 2010 connec...
SharePoint 2010 Extranets and Authentication: How will SharePoint 2010 connec...Brian Culver
 
24 Hours Of Exchange Server 2007 ( Part 16 Of 24)
24 Hours Of Exchange Server 2007 ( Part 16 Of 24)24 Hours Of Exchange Server 2007 ( Part 16 Of 24)
24 Hours Of Exchange Server 2007 ( Part 16 Of 24)Harold Wong
 
SharePoint Intersections - SP09 - Introduction to SharePoint 2013 for IT Pros
SharePoint Intersections - SP09 - Introduction to SharePoint 2013 for IT ProsSharePoint Intersections - SP09 - Introduction to SharePoint 2013 for IT Pros
SharePoint Intersections - SP09 - Introduction to SharePoint 2013 for IT ProsDan Usher
 
InfoTRAMS - Czy platforma Microsoft Azure jest biznoseow bezpieczna?
InfoTRAMS - Czy platforma Microsoft Azure jest biznoseow bezpieczna?InfoTRAMS - Czy platforma Microsoft Azure jest biznoseow bezpieczna?
InfoTRAMS - Czy platforma Microsoft Azure jest biznoseow bezpieczna?Tobias Koprowski
 
Download It
Download ItDownload It
Download Itwebhostingguy
 
EWUG - Azure AD Pass-through Authentication and Seamless Single Sign-On
EWUG - Azure AD Pass-through Authentication and Seamless Single Sign-OnEWUG - Azure AD Pass-through Authentication and Seamless Single Sign-On
EWUG - Azure AD Pass-through Authentication and Seamless Single Sign-OnPeter Selch Dahl
 
Syn framework 4.0 and sql server
Syn framework 4.0 and sql serverSyn framework 4.0 and sql server
Syn framework 4.0 and sql serverEduardo Castro
 
Windows Server 2008 for Developers - Part 1
Windows Server 2008 for Developers - Part 1Windows Server 2008 for Developers - Part 1
Windows Server 2008 for Developers - Part 1ukdpe
 
Microservices and Self-contained System to Scale Agile
Microservices and Self-contained System to Scale AgileMicroservices and Self-contained System to Scale Agile
Microservices and Self-contained System to Scale AgileEberhard Wolff
 
Intorduction to Datapower
Intorduction to DatapowerIntorduction to Datapower
Intorduction to DatapowerShilpin Pvt. Ltd.
 
Enter The Matrix Securing Azure’s Assets
Enter The Matrix Securing Azure’s AssetsEnter The Matrix Securing Azure’s Assets
Enter The Matrix Securing Azure’s AssetsBizTalk360
 
12 Tips & Tricks from Social Marketing Experts
12 Tips & Tricks from Social Marketing Experts12 Tips & Tricks from Social Marketing Experts
12 Tips & Tricks from Social Marketing ExpertsOfferpop
 
Ad fs
Ad fsAd fs
Ad fsIván Sanchez Vera
 

More Related Content

What's hot

OFM AIA FP Implementation View and Case Study
OFM AIA FP Implementation View and Case StudyOFM AIA FP Implementation View and Case Study
OFM AIA FP Implementation View and Case StudySreenivasa Setty
 
How to provide AD, ADFS, DirSync in Windows Azure and hook it up with Office 365
How to provide AD, ADFS, DirSync in Windows Azure and hook it up with Office 365How to provide AD, ADFS, DirSync in Windows Azure and hook it up with Office 365
How to provide AD, ADFS, DirSync in Windows Azure and hook it up with Office 365Microsoft TechNet - Belgium and Luxembourg
 
Colabora.dk - Azure PTA vs ADFS vs Desktop SSO
Colabora.dk - Azure PTA vs ADFS vs Desktop SSOColabora.dk - Azure PTA vs ADFS vs Desktop SSO
Colabora.dk - Azure PTA vs ADFS vs Desktop SSOPeter Selch Dahl
 
How to deploy SharePoint 2010 to external users?
How to deploy SharePoint 2010 to external users?How to deploy SharePoint 2010 to external users?
How to deploy SharePoint 2010 to external users?rlsoft
 
SOA - From Webservices to APIs
SOA - From Webservices to APIsSOA - From Webservices to APIs
SOA - From Webservices to APIsHolger Reinhardt
 
ibm websphere admin training | websphere admin course | ibm websphere adminis...
ibm websphere admin training | websphere admin course | ibm websphere adminis...ibm websphere admin training | websphere admin course | ibm websphere adminis...
ibm websphere admin training | websphere admin course | ibm websphere adminis...Nancy Thomas
 
DataPower Restful API Security
DataPower Restful API SecurityDataPower Restful API Security
DataPower Restful API SecurityJagadish Vemugunta
 
SharePoint 2010 Extranets and Authentication: How will SharePoint 2010 connec...
SharePoint 2010 Extranets and Authentication: How will SharePoint 2010 connec...SharePoint 2010 Extranets and Authentication: How will SharePoint 2010 connec...
SharePoint 2010 Extranets and Authentication: How will SharePoint 2010 connec...Brian Culver
 
24 Hours Of Exchange Server 2007 ( Part 16 Of 24)
24 Hours Of Exchange Server 2007 ( Part 16 Of 24)24 Hours Of Exchange Server 2007 ( Part 16 Of 24)
24 Hours Of Exchange Server 2007 ( Part 16 Of 24)Harold Wong
 
SharePoint Intersections - SP09 - Introduction to SharePoint 2013 for IT Pros
SharePoint Intersections - SP09 - Introduction to SharePoint 2013 for IT ProsSharePoint Intersections - SP09 - Introduction to SharePoint 2013 for IT Pros
SharePoint Intersections - SP09 - Introduction to SharePoint 2013 for IT ProsDan Usher
 
InfoTRAMS - Czy platforma Microsoft Azure jest biznoseow bezpieczna?
InfoTRAMS - Czy platforma Microsoft Azure jest biznoseow bezpieczna?InfoTRAMS - Czy platforma Microsoft Azure jest biznoseow bezpieczna?
InfoTRAMS - Czy platforma Microsoft Azure jest biznoseow bezpieczna?Tobias Koprowski
 
EWUG - Azure AD Pass-through Authentication and Seamless Single Sign-On
EWUG - Azure AD Pass-through Authentication and Seamless Single Sign-OnEWUG - Azure AD Pass-through Authentication and Seamless Single Sign-On
EWUG - Azure AD Pass-through Authentication and Seamless Single Sign-OnPeter Selch Dahl
 
Syn framework 4.0 and sql server
Syn framework 4.0 and sql serverSyn framework 4.0 and sql server
Syn framework 4.0 and sql serverEduardo Castro
 
Windows Server 2008 for Developers - Part 1
Windows Server 2008 for Developers - Part 1Windows Server 2008 for Developers - Part 1
Windows Server 2008 for Developers - Part 1ukdpe
 
Microservices and Self-contained System to Scale Agile
Microservices and Self-contained System to Scale AgileMicroservices and Self-contained System to Scale Agile
Microservices and Self-contained System to Scale AgileEberhard Wolff
 
Enter The Matrix Securing Azure’s Assets
Enter The Matrix Securing Azure’s AssetsEnter The Matrix Securing Azure’s Assets
Enter The Matrix Securing Azure’s AssetsBizTalk360
 

What's hot (20)

OFM AIA FP Implementation View and Case Study
OFM AIA FP Implementation View and Case StudyOFM AIA FP Implementation View and Case Study
OFM AIA FP Implementation View and Case Study
 
Troubleshooting Federation, ADFS, and More
Troubleshooting Federation, ADFS, and More Troubleshooting Federation, ADFS, and More
Troubleshooting Federation, ADFS, and More
 
How to provide AD, ADFS, DirSync in Windows Azure and hook it up with Office 365
How to provide AD, ADFS, DirSync in Windows Azure and hook it up with Office 365How to provide AD, ADFS, DirSync in Windows Azure and hook it up with Office 365
How to provide AD, ADFS, DirSync in Windows Azure and hook it up with Office 365
 
Colabora.dk - Azure PTA vs ADFS vs Desktop SSO
Colabora.dk - Azure PTA vs ADFS vs Desktop SSOColabora.dk - Azure PTA vs ADFS vs Desktop SSO
Colabora.dk - Azure PTA vs ADFS vs Desktop SSO
 
How to deploy SharePoint 2010 to external users?
How to deploy SharePoint 2010 to external users?How to deploy SharePoint 2010 to external users?
How to deploy SharePoint 2010 to external users?
 
SOA - From Webservices to APIs
SOA - From Webservices to APIsSOA - From Webservices to APIs
SOA - From Webservices to APIs
 
ibm websphere admin training | websphere admin course | ibm websphere adminis...
ibm websphere admin training | websphere admin course | ibm websphere adminis...ibm websphere admin training | websphere admin course | ibm websphere adminis...
ibm websphere admin training | websphere admin course | ibm websphere adminis...
 
DataPower Restful API Security
DataPower Restful API SecurityDataPower Restful API Security
DataPower Restful API Security
 
IdP, SAML, OAuth
IdP, SAML, OAuthIdP, SAML, OAuth
IdP, SAML, OAuth
 
SharePoint 2010 Extranets and Authentication: How will SharePoint 2010 connec...
SharePoint 2010 Extranets and Authentication: How will SharePoint 2010 connec...SharePoint 2010 Extranets and Authentication: How will SharePoint 2010 connec...
SharePoint 2010 Extranets and Authentication: How will SharePoint 2010 connec...
 
24 Hours Of Exchange Server 2007 ( Part 16 Of 24)
24 Hours Of Exchange Server 2007 ( Part 16 Of 24)24 Hours Of Exchange Server 2007 ( Part 16 Of 24)
24 Hours Of Exchange Server 2007 ( Part 16 Of 24)
 
SharePoint Intersections - SP09 - Introduction to SharePoint 2013 for IT Pros
SharePoint Intersections - SP09 - Introduction to SharePoint 2013 for IT ProsSharePoint Intersections - SP09 - Introduction to SharePoint 2013 for IT Pros
SharePoint Intersections - SP09 - Introduction to SharePoint 2013 for IT Pros
 
InfoTRAMS - Czy platforma Microsoft Azure jest biznoseow bezpieczna?
InfoTRAMS - Czy platforma Microsoft Azure jest biznoseow bezpieczna?InfoTRAMS - Czy platforma Microsoft Azure jest biznoseow bezpieczna?
InfoTRAMS - Czy platforma Microsoft Azure jest biznoseow bezpieczna?
 
Download It
Download ItDownload It
Download It
 
EWUG - Azure AD Pass-through Authentication and Seamless Single Sign-On
EWUG - Azure AD Pass-through Authentication and Seamless Single Sign-OnEWUG - Azure AD Pass-through Authentication and Seamless Single Sign-On
EWUG - Azure AD Pass-through Authentication and Seamless Single Sign-On
 
Syn framework 4.0 and sql server
Syn framework 4.0 and sql serverSyn framework 4.0 and sql server
Syn framework 4.0 and sql server
 
Windows Server 2008 for Developers - Part 1
Windows Server 2008 for Developers - Part 1Windows Server 2008 for Developers - Part 1
Windows Server 2008 for Developers - Part 1
 
Microservices and Self-contained System to Scale Agile
Microservices and Self-contained System to Scale AgileMicroservices and Self-contained System to Scale Agile
Microservices and Self-contained System to Scale Agile
 
Intorduction to Datapower
Intorduction to DatapowerIntorduction to Datapower
Intorduction to Datapower
 
Enter The Matrix Securing Azure’s Assets
Enter The Matrix Securing Azure’s AssetsEnter The Matrix Securing Azure’s Assets
Enter The Matrix Securing Azure’s Assets
 

Viewers also liked

12 Tips & Tricks from Social Marketing Experts
12 Tips & Tricks from Social Marketing Experts12 Tips & Tricks from Social Marketing Experts
12 Tips & Tricks from Social Marketing ExpertsOfferpop
 
Office 365 Migrationsstrategien
Office 365 MigrationsstrategienOffice 365 Migrationsstrategien
Office 365 MigrationsstrategienThomas Stensitzki
 
Windows Azure Active Directory
Windows Azure Active DirectoryWindows Azure Active Directory
Windows Azure Active DirectoryPavel Revenkov
 
Stanford CS193P - Designing for iPad
Stanford CS193P - Designing for iPadStanford CS193P - Designing for iPad
Stanford CS193P - Designing for iPadEvan Doll
 
UADIGITALS 2017 Lead9 always on!
UADIGITALS 2017 Lead9 always on!UADIGITALS 2017 Lead9 always on!
UADIGITALS 2017 Lead9 always on!Elena Peday
 
Finnish technology industry, March 2017
Finnish technology industry, March 2017Finnish technology industry, March 2017
Finnish technology industry, March 2017TechFinland
 
Acc 304 week 9 quiz – strayer new
Acc 304 week 9 quiz – strayer newAcc 304 week 9 quiz – strayer new
Acc 304 week 9 quiz – strayer newninfaames
 
1 s2.0-s0016003213003104-main
1 s2.0-s0016003213003104-main1 s2.0-s0016003213003104-main
1 s2.0-s0016003213003104-mainRamalakshmi Vijay
 
The Who, What, Why and How of Active Directory Federation Services (AD FS)
The Who, What, Why and How of Active Directory Federation Services (AD FS)The Who, What, Why and How of Active Directory Federation Services (AD FS)
The Who, What, Why and How of Active Directory Federation Services (AD FS)Jay Simcox
 
Mitos sociedad información
Mitos sociedad informaciónMitos sociedad información
Mitos sociedad informaciónRoooma182212
 
157 Mobile App Stats You Should Know About
157 Mobile App Stats You Should Know About157 Mobile App Stats You Should Know About
157 Mobile App Stats You Should Know AboutStuart Dredge
 
Teatros accesibles. subtitulado y audiodescripción.
Teatros accesibles. subtitulado y audiodescripción.Teatros accesibles. subtitulado y audiodescripción.
Teatros accesibles. subtitulado y audiodescripción.José María
 
Everything old is new again
Everything old is new againEverything old is new again
Everything old is new againyiibu
 
Design for Many Devices
Design for Many DevicesDesign for Many Devices
Design for Many Devicesjahoni
 

Viewers also liked (19)

12 Tips & Tricks from Social Marketing Experts
12 Tips & Tricks from Social Marketing Experts12 Tips & Tricks from Social Marketing Experts
12 Tips & Tricks from Social Marketing Experts
 
Ad fs
Ad fsAd fs
Ad fs
 
Office 365 Migrationsstrategien
Office 365 MigrationsstrategienOffice 365 Migrationsstrategien
Office 365 Migrationsstrategien
 
Windows Azure Active Directory
Windows Azure Active DirectoryWindows Azure Active Directory
Windows Azure Active Directory
 
Lean Usability Testing
Lean Usability TestingLean Usability Testing
Lean Usability Testing
 
Mobilis in mobile
Mobilis in mobileMobilis in mobile
Mobilis in mobile
 
Stanford CS193P - Designing for iPad
Stanford CS193P - Designing for iPadStanford CS193P - Designing for iPad
Stanford CS193P - Designing for iPad
 
UADIGITALS 2017 Lead9 always on!
UADIGITALS 2017 Lead9 always on!UADIGITALS 2017 Lead9 always on!
UADIGITALS 2017 Lead9 always on!
 
Finnish technology industry, March 2017
Finnish technology industry, March 2017Finnish technology industry, March 2017
Finnish technology industry, March 2017
 
Acc 304 week 9 quiz – strayer new
Acc 304 week 9 quiz – strayer newAcc 304 week 9 quiz – strayer new
Acc 304 week 9 quiz – strayer new
 
Características TIC
Características TICCaracterísticas TIC
Características TIC
 
1 s2.0-s0016003213003104-main
1 s2.0-s0016003213003104-main1 s2.0-s0016003213003104-main
1 s2.0-s0016003213003104-main
 
The Who, What, Why and How of Active Directory Federation Services (AD FS)
The Who, What, Why and How of Active Directory Federation Services (AD FS)The Who, What, Why and How of Active Directory Federation Services (AD FS)
The Who, What, Why and How of Active Directory Federation Services (AD FS)
 
Mitos sociedad información
Mitos sociedad informaciónMitos sociedad información
Mitos sociedad información
 
Phases of clinical trials
Phases of clinical trialsPhases of clinical trials
Phases of clinical trials
 
157 Mobile App Stats You Should Know About
157 Mobile App Stats You Should Know About157 Mobile App Stats You Should Know About
157 Mobile App Stats You Should Know About
 
Teatros accesibles. subtitulado y audiodescripción.
Teatros accesibles. subtitulado y audiodescripción.Teatros accesibles. subtitulado y audiodescripción.
Teatros accesibles. subtitulado y audiodescripción.
 
Everything old is new again
Everything old is new againEverything old is new again
Everything old is new again
 
Design for Many Devices
Design for Many DevicesDesign for Many Devices
Design for Many Devices
 

Similar to AD FS Workshop | Part 1 | Quick Overview

Single Sign On using ADFS.pptx
Single Sign On using ADFS.pptxSingle Sign On using ADFS.pptx
Single Sign On using ADFS.pptxAlireza Vafi
 
SharePoint 2013 Platform Options - office 365, Azure, On premise
SharePoint 2013 Platform Options - office 365, Azure, On premiseSharePoint 2013 Platform Options - office 365, Azure, On premise
SharePoint 2013 Platform Options - office 365, Azure, On premiseDavid J Rosenthal
 
Análisis de riesgos en Azure y protección de la información
Análisis de riesgos en Azure y protección de la informaciónAnálisis de riesgos en Azure y protección de la información
Análisis de riesgos en Azure y protección de la informaciónPlain Concepts
 
Azure Virtual Desktop Overview.pptx
Azure Virtual Desktop Overview.pptxAzure Virtual Desktop Overview.pptx
Azure Virtual Desktop Overview.pptxceyhan1
 
SharePoint in the Extranet Joel Oleson
SharePoint in the Extranet Joel OlesonSharePoint in the Extranet Joel Oleson
SharePoint in the Extranet Joel Olesonwebhostingguy
 
Best Practices for Active Directory with AWS Workloads
Best Practices for Active Directory with AWS WorkloadsBest Practices for Active Directory with AWS Workloads
Best Practices for Active Directory with AWS WorkloadsAmazon Web Services
 
O365con14 - moving from on-premises to online, the road to follow
O365con14 - moving from on-premises to online, the road to followO365con14 - moving from on-premises to online, the road to follow
O365con14 - moving from on-premises to online, the road to followNCCOMMS
 
Azure PTA vs ADFS vs Desktop SSO
Azure PTA vs ADFS vs Desktop SSOAzure PTA vs ADFS vs Desktop SSO
Azure PTA vs ADFS vs Desktop SSOCoLaboraDK
 
Windows server 2003_r2
Windows server 2003_r2Windows server 2003_r2
Windows server 2003_r2tameemyousaf
 
One-2019-WVD-Citrix-Tech-Track-11-19-19.pdf
One-2019-WVD-Citrix-Tech-Track-11-19-19.pdfOne-2019-WVD-Citrix-Tech-Track-11-19-19.pdf
One-2019-WVD-Citrix-Tech-Track-11-19-19.pdfMOHSENFARAHANI12
 
Developing and deploying Identity-enabled applications for the cloud
Developing and deploying Identity-enabled applications for the cloudDeveloping and deploying Identity-enabled applications for the cloud
Developing and deploying Identity-enabled applications for the cloudMaarten Balliauw
 
Windows Server 2008 R2 Overview
Windows Server 2008 R2 OverviewWindows Server 2008 R2 Overview
Windows Server 2008 R2 OverviewJaguaraci Silva
 
Windows Server 2008 - Active Directory Components
Windows Server 2008 - Active Directory ComponentsWindows Server 2008 - Active Directory Components
Windows Server 2008 - Active Directory ComponentsAndré Braga
 
Best Practices for Integrating Active Directory with AWS Workloads
Best Practices for Integrating Active Directory with AWS WorkloadsBest Practices for Integrating Active Directory with AWS Workloads
Best Practices for Integrating Active Directory with AWS WorkloadsAmazon Web Services
 
Connect your datacenter to Microsoft Azure
Connect your datacenter to Microsoft AzureConnect your datacenter to Microsoft Azure
Connect your datacenter to Microsoft AzureK.Mohamed Faizal
 
Identity Management for Office 365 and Microsoft Azure
Identity Management for Office 365 and Microsoft AzureIdentity Management for Office 365 and Microsoft Azure
Identity Management for Office 365 and Microsoft AzureSparkhound Inc.
 
New capabilities for modern data integration in the cloud
New capabilities for modern data integration in the cloudNew capabilities for modern data integration in the cloud
New capabilities for modern data integration in the cloudGaurav Malhotra
 
Azure Community Tour 2019 - AZUGDK
Azure Community Tour 2019 - AZUGDKAzure Community Tour 2019 - AZUGDK
Azure Community Tour 2019 - AZUGDKPeter Selch Dahl
 
ITPROCEED_TransformTheDatacenter_ten most common mistakes when deploying adfs...
ITPROCEED_TransformTheDatacenter_ten most common mistakes when deploying adfs...ITPROCEED_TransformTheDatacenter_ten most common mistakes when deploying adfs...
ITPROCEED_TransformTheDatacenter_ten most common mistakes when deploying adfs...ITProceed
 

Similar to AD FS Workshop | Part 1 | Quick Overview (20)

Single Sign On using ADFS.pptx
Single Sign On using ADFS.pptxSingle Sign On using ADFS.pptx
Single Sign On using ADFS.pptx
 
Windows server 2012_r2_
Windows server 2012_r2_ Windows server 2012_r2_
Windows server 2012_r2_
 
SharePoint 2013 Platform Options - office 365, Azure, On premise
SharePoint 2013 Platform Options - office 365, Azure, On premiseSharePoint 2013 Platform Options - office 365, Azure, On premise
SharePoint 2013 Platform Options - office 365, Azure, On premise
 
Análisis de riesgos en Azure y protección de la información
Análisis de riesgos en Azure y protección de la informaciónAnálisis de riesgos en Azure y protección de la información
Análisis de riesgos en Azure y protección de la información
 
Azure Virtual Desktop Overview.pptx
Azure Virtual Desktop Overview.pptxAzure Virtual Desktop Overview.pptx
Azure Virtual Desktop Overview.pptx
 
SharePoint in the Extranet Joel Oleson
SharePoint in the Extranet Joel OlesonSharePoint in the Extranet Joel Oleson
SharePoint in the Extranet Joel Oleson
 
Best Practices for Active Directory with AWS Workloads
Best Practices for Active Directory with AWS WorkloadsBest Practices for Active Directory with AWS Workloads
Best Practices for Active Directory with AWS Workloads
 
O365con14 - moving from on-premises to online, the road to follow
O365con14 - moving from on-premises to online, the road to followO365con14 - moving from on-premises to online, the road to follow
O365con14 - moving from on-premises to online, the road to follow
 
Azure PTA vs ADFS vs Desktop SSO
Azure PTA vs ADFS vs Desktop SSOAzure PTA vs ADFS vs Desktop SSO
Azure PTA vs ADFS vs Desktop SSO
 
Windows server 2003_r2
Windows server 2003_r2Windows server 2003_r2
Windows server 2003_r2
 
One-2019-WVD-Citrix-Tech-Track-11-19-19.pdf
One-2019-WVD-Citrix-Tech-Track-11-19-19.pdfOne-2019-WVD-Citrix-Tech-Track-11-19-19.pdf
One-2019-WVD-Citrix-Tech-Track-11-19-19.pdf
 
Developing and deploying Identity-enabled applications for the cloud
Developing and deploying Identity-enabled applications for the cloudDeveloping and deploying Identity-enabled applications for the cloud
Developing and deploying Identity-enabled applications for the cloud
 
Windows Server 2008 R2 Overview
Windows Server 2008 R2 OverviewWindows Server 2008 R2 Overview
Windows Server 2008 R2 Overview
 
Windows Server 2008 - Active Directory Components
Windows Server 2008 - Active Directory ComponentsWindows Server 2008 - Active Directory Components
Windows Server 2008 - Active Directory Components
 
Best Practices for Integrating Active Directory with AWS Workloads
Best Practices for Integrating Active Directory with AWS WorkloadsBest Practices for Integrating Active Directory with AWS Workloads
Best Practices for Integrating Active Directory with AWS Workloads
 
Connect your datacenter to Microsoft Azure
Connect your datacenter to Microsoft AzureConnect your datacenter to Microsoft Azure
Connect your datacenter to Microsoft Azure
 
Identity Management for Office 365 and Microsoft Azure
Identity Management for Office 365 and Microsoft AzureIdentity Management for Office 365 and Microsoft Azure
Identity Management for Office 365 and Microsoft Azure
 
New capabilities for modern data integration in the cloud
New capabilities for modern data integration in the cloudNew capabilities for modern data integration in the cloud
New capabilities for modern data integration in the cloud
 
Azure Community Tour 2019 - AZUGDK
Azure Community Tour 2019 - AZUGDKAzure Community Tour 2019 - AZUGDK
Azure Community Tour 2019 - AZUGDK
 
ITPROCEED_TransformTheDatacenter_ten most common mistakes when deploying adfs...
ITPROCEED_TransformTheDatacenter_ten most common mistakes when deploying adfs...ITPROCEED_TransformTheDatacenter_ten most common mistakes when deploying adfs...
ITPROCEED_TransformTheDatacenter_ten most common mistakes when deploying adfs...
 

More from Granikos GmbH & Co. KG

Langzeitarchivierung - Warum ist Archivierung wichtig?
Langzeitarchivierung - Warum ist Archivierung wichtig?Langzeitarchivierung - Warum ist Archivierung wichtig?
Langzeitarchivierung - Warum ist Archivierung wichtig?Granikos GmbH & Co. KG
 
Modern Anti-Spam Protection - Rejection, no sorting
Modern Anti-Spam Protection - Rejection, no sortingModern Anti-Spam Protection - Rejection, no sorting
Modern Anti-Spam Protection - Rejection, no sortingGranikos GmbH & Co. KG
 
Modernes Anti-Spam - Abweisen, nicht sortieren
Modernes Anti-Spam - Abweisen, nicht sortierenModernes Anti-Spam - Abweisen, nicht sortieren
Modernes Anti-Spam - Abweisen, nicht sortierenGranikos GmbH & Co. KG
 
Long Time Preservation - The Importance of Archiving
Long Time Preservation - The Importance of ArchivingLong Time Preservation - The Importance of Archiving
Long Time Preservation - The Importance of ArchivingGranikos GmbH & Co. KG
 

More from Granikos GmbH & Co. KG (6)

Langzeitarchivierung - Warum ist Archivierung wichtig?
Langzeitarchivierung - Warum ist Archivierung wichtig?Langzeitarchivierung - Warum ist Archivierung wichtig?
Langzeitarchivierung - Warum ist Archivierung wichtig?
 
AD FS Workshop | Part 2 | Deep Dive
AD FS Workshop | Part 2 | Deep DiveAD FS Workshop | Part 2 | Deep Dive
AD FS Workshop | Part 2 | Deep Dive
 
Exchange 2013 Site Mailboxes
Exchange 2013 Site MailboxesExchange 2013 Site Mailboxes
Exchange 2013 Site Mailboxes
 
Modern Anti-Spam Protection - Rejection, no sorting
Modern Anti-Spam Protection - Rejection, no sortingModern Anti-Spam Protection - Rejection, no sorting
Modern Anti-Spam Protection - Rejection, no sorting
 
Modernes Anti-Spam - Abweisen, nicht sortieren
Modernes Anti-Spam - Abweisen, nicht sortierenModernes Anti-Spam - Abweisen, nicht sortieren
Modernes Anti-Spam - Abweisen, nicht sortieren
 
Long Time Preservation - The Importance of Archiving
Long Time Preservation - The Importance of ArchivingLong Time Preservation - The Importance of Archiving
Long Time Preservation - The Importance of Archiving
 

Recently uploaded

Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxhariprasad279825
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024The Digital Insurer
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 

Recently uploaded (20)

Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 

AD FS Workshop | Part 1 | Quick Overview

  • 1. Active Directory Federation Services Thomas Stensitzki
  • 2. AD FS | Quick Overview Page  2
  • 3. What is AD FS  AD FS  Active Directory Federation Services  AD FS provides the infrastructure that enables a user to authenticate in one network and use a secure service or application in another network  Authentication Methods - Resources accessed from outside the corporate network - Forms authentication - Certificate authentication | Smart Card, Soft Certificate - Resources accessed from inside the corporate network - Windows Authentication  Device authentication can provide a secondary authentication method when multi-factor authentication (MFA) is required Page  3
  • 4. AD FS Versions  AD FS 1.0 was originally released as a Windows component with Windows Server 2003 R2.  AD FS 1.1 was released with Windows Server 2008 and Windows Server 2008 R2, as an installable server role.  AD FS 2.0 was released as an installable download for Windows Server 2008 SP2 or above.  AD FS 2.1 was released with Windows Server 2012 as an installable server role.  AD FS 3.0 is an installable server role on Windows Server 2012 R2. AD FS 3.0 does not require a separate IIS install and it includes a new AD FS proxy role called the Web Application Proxy.  AD FS 4.0 released with Windows Server 2016 Page  4
  • 5. How AD FS works  Security token service (STS) infrastructure - Active Directory Federation Services - Shibboleth Identity Provider - Third-Party Identity Providers  AD FS and AAD Connect - Account synchronization for federated domain users  AAD Connect, Password Sync and AD FS - AAD Connect w/o Password Sync does not store password hashes in Azure AD  No failback, if AD FS is not available - AAD Connect w/ Password Sync synchronizes password hash to Azure AD  Convert federated domain to standard, if AD FS is not available Page  5
  • 6. Azure AD Federation Compatibility - Optimal IDM Virtual Identity Server Federation Services - PingFederate 6.11, 7.2, 8.x - Centrify - IBM Tivoli Federated Identity Manager 6.2.2 - SecureAuth IdP 7.2.0 - CA SiteMinder 12.52 - RadiantOne CFS 3.0 - Okta - OneLogin - NetIQ Access Manager 4.0.1 - BIG-IP with Access Policy Manager BIG-IP ver. 11.3x – 11.6x - VMware Workspace Portal version 2.1 - Sign&go 5.3 - IceWall Federation Version 3.0 - CA Secure Cloud - Dell One Identity Cloud Access Manager v7.1 - AuthAnvil Single Sign On 4.5 - Sailpoint IdentityNow Active Directory Federation Services Page  6
  • 7. AD FS Planning Considerations (1)  Preparation for end devices and browsers  Placement of AD FS servers and proxies  Appropriate internal network topologies for farms/proxies  Check AD for non-supported characters, and invalid data  Preparation of DNS host names records  Purchase or issuing of certificates Page  7
  • 8. AD FS Planning Considerations (2)  Configuration of firewalls for AD FS-related ports - TCP 443  Selection of appropriate AD FS database technology - Windows Internal Database or SQL Server  Capacity planning to determine required servers, and server specifications - Number users to authenticate, number of relying party trusts  Planning for AD FS High Availability  Preparation for multifactor authentication  Planning for access filtering using claims rules Page  8
  • 9. AD FS Clients  Microsoft Online Services Sign-In Assistant - Office 365 Desktop setup - System Center Configuration Manager - Manual install  Modern Browsers with JScript - Internet Explorer - Mozilla Firefox - Safari Page  9
  • 10. ADAL  ADAL  Active Directory Authentication Library  ADAL works with OAuth 2.0 to enable more authentication and authorization scenarios  Utilizes AD FS Infrastructure  Office 2016 clients support modern authentication by default Link: How modern authentication works for Office 2013 and Office 2016 client apps Page  10
  • 11. AD FS Topologies (1)  Stand-alone server versus server farm - Always create a server farm, even with one server  Windows Internal Database (WID) versus SQL Server  Number of Servers Page  11 1 - 100 Relying Party (RP) Trusts More than 100 RP Trusts 1 - 30 AD FS Nodes WID Supported WID not supported - SQL Required More than 30 AD FS Nodes WID not supported - SQL Required WID not supported - SQL Required Number of users Minimum number of servers (Source: Microsoft) < 1.000 0 dedicated federation server, can co-locate on DC 0 dedicated federation server proxy, can co-locate on web server 1.000 – 15.000 2 dedicated federation servers 2 dedicated federation server proxies 15.000 – 60.000 3 – 5 dedicated federation servers Min 2 dedicated federation server proxies
  • 12. AD FS Topologies (2)  AD FS Proxies - Not mandatory but recommended for extranet/internet users  Server Placement - AD FS servers are domain joined are located in the internal network - AD FS proxy servers should not be domain joined and are located in the perimeter network fs.contoso.com 172.16.1.3 wap1.contoso.com 192.0.2.1 wap2.contoso.com 192.0.2.2 AD FS Proxies Perimeter Network fs.contoso.com 192.0.2.3 fs2.lan.contoso.com 172.16.1.2 Federation Server Farm Internal Network fs1.lan.contoso.com 172.16.1.1 fs.contoso.com PUBLIC IP Internal Users ExternalUsers
  • 13. AD FS Requirements (1)  Active Directory - Domain controllers running Windows Server 2008 or later - Windows Server 2016 domain controller for Microsoft Passport - Account domain and AD FS server domain must be operating at DFL Windows Server 2003 - User account client certificate authentication requires DFL Windows Server 2008 - Check on-premises Active Directory for UPN domain - Remediate UPN for invalid characters  DNS and namespaces - Namespace planning, e.g. sts, fs or adfs - All clients must be able to resolve either internal or external AD FS service name - Windows Integrated authentication requires a DNS A record, not a CNAME record Page  13
  • 14. AD FS Requirements (2)  Certificates - Same SSL certificate for AD FS and Web Application proxies - Common name of the certificate should match the service name - User certificate authentication requires certauth.[federation service name] as SAN - Device registration or modern authentication for pre-Windows 10 clients requires enterpriseregistration.[UPN suffix] as SAN]  Network - Firewall policy to allow HTTPS on TCP 443 - Client user certificate authentication requires TCP 49443 to Web Application proxy, if certauth on 443 is not enabled  Database - Windows Internal Database - SQL Server 2008 or higher Page  14
  • 15. AD FS Capacity Planning  AD FS Capacity Planning Sizing Spreadsheet: - Number of users requiring SSO access - Number of users sending authentication requests (peak) - Duration of peak usage period - Geo redundancy information - AD FS Proxy information Link: AD FS 2016 Capacity Planning Spreadsheet Page  15
  • 16. High Availability for AD FS  Why HA is essential - Federated sources are not accessible when AD FS fails or is not reachable  Load Balancing - Use a simple Load Balancing solution  Protecting SQL Server - SQL Cluster - SQL failover partner  Office 365 Adapter for Windows Azure Virtual Machines - White paper: Office 365 Adapter - Deploying Office 365 single sign-on using Azure Virtual Machines https://technet.microsoft.com/en-us/library/dn509539.aspx - Deployment scenarios for Office 365 with single sign-on and Azure https://technet.microsoft.com/en-us/library/dn509537.aspx Page  16
  • 17. High Availability for AD FS – Azure for Disaster Recovery Page  17 VPNTunnel AD DS 1x AAD Connect 1x AD FS 1x AD FS Proxy 2x AD DS AD FS AAD Connect AD FS AD FS Proxy AD FS Proxy
  • 18. High Availability for AD FS – Azure Only Page  18 VPNTunnel AD DS 1x AAD Connect 1x AD FS 1x AD FS Proxy 2x AD DS
  • 19. Best Practices for AD FS  Plan for AD FS proxy servers  Avoid having federation servers directly accessible on the Internet  Prepare DNS - Split DNS requires proper DNS zone maintenance  Networking, firewall, and security design  Ensure certificates export includes private key Page  19
  • 20. Page  20 Questions Thomas Stensitzki Expert Granikos GmbH & Co. KG MCSM Messaging, MCM: Exchange 2010 MCT, MCSE, MCITP, MCTS, MCSA, MCSA:M E-Mail: thomas.stensitzki@granikos.eu Web: http://www.Granikos.eu Blog: http://blog.Granikos.eu Blog: http://JustCantGetEnough.Granikos.eu