The document discusses integrating Office 365 with UAG SP1 for OTP authentication. It covers key components of the solution including ADFS v2.0, UAG, Active Directory, and NPS. It then discusses topics like directory synchronization, federation, UAG, Exchange migration, building and piloting the solution, and troubleshooting.
This slidedeck provides a quick overview about Active Directory Federation Services technology for federated authentication with Office 365 and other relying parties.
Una presentacion muy rapida y por eso nunca finalizada acerca de Windows Server Federation Services en Windows Server 2008, aunque tiene muchas fallas en el uso de informacion como la mezcla de idiomas, o muchos datos plasmados en el slide, puede servir de base para otra presentacion mejor
This slidedeck provides a quick overview about Active Directory Federation Services technology for federated authentication with Office 365 and other relying parties.
Una presentacion muy rapida y por eso nunca finalizada acerca de Windows Server Federation Services en Windows Server 2008, aunque tiene muchas fallas en el uso de informacion como la mezcla de idiomas, o muchos datos plasmados en el slide, puede servir de base para otra presentacion mejor
SEASPC 2011 - Collaborating with Extranet Partners on SharePoint 2010 Michael Noel
Organizations planning for Extranet access to SharePoint 2010 or faced with providing access to an Intranet from multiple internal authentication platforms often find it challenging to properly architect SharePoint for extranets, to isolate content, and to manage identities across disparate systems. The complexity involved in understanding how to isolate content from a security perspective but still provide for a collaborative space for end users is complex, and if not done correctly can lead to security breaches and confusion. This session focuses on understanding the various extranet models for SharePoint 2010 and providing real world guidance on how to implement them. Covered are extranet content models and extranet authentication options, including Claims-based authentication and also covering advanced options using tools such as Microsoft's Forefront Identity Manager (FIM) 2010 to centralize identity management to SharePoint 2010 farms, allowing for better control, automatic account provisioning, and synchronization of profile information across multiple SharePoint authentication providers. • Review Extranet design options with SharePoint 2010 • Understand the need for identity management across SharePoint farms • Examine real world deployment guidance and architecture for SharePoint environments using multiple authentication providers
TechEd Africa 2011 - Collaborating with Extranet Partners on SharePoint 2010Michael Noel
Organizations planning for Extranet access to SharePoint 2010 or faced with providing access to an Intranet from multiple internal authentication platforms often find it challenging to properly architect SharePoint for extranets, to isolate content, and to manage identities across disparate systems. The complexity involved in understanding how to isolate content from a security perspective but still provide for a collaborative space for end users is complex, and if not done correctly can lead to security breaches and confusion. This session focuses on understanding the various extranet models for SharePoint 2010 and providing real world guidance on how to implement them. Covered are extranet content models and extranet authentication options, including Claims-based authentication and also covering advanced options using tools such as Microsoft's Forefront Identity Manager (FIM) 2010 to centralize identity management to SharePoint 2010 farms, allowing for better control, automatic account provisioning, and synchronization of profile information across multiple SharePoint authentication providers. • Review Extranet design options with SharePoint 2010 • Understand the need for identity management across SharePoint farms • Examine real world deployment guidance and architecture for SharePoint environments using multiple authentication providers
SharePoint Connector – Setup and ConfigurationAdobe
Adobe’s SharePoint Connector exposes content via the standard JCR interface, enabling applications to access content that resides in a proprietary repository in a standardized manner, thus, simplifying access to content. This presentation provides step-by-step guidelines on how to setup and configure a Share Connector with CQ/AEM (5.6.0). Watch the on-demand webinar: http://adobe.ly/1ffzutV.
Introduction to the SharePoint Client Object Model and REST APIRob Windsor
As Microsoft was releasing SharePoint 2013 it was pretty clear that they were steering people away from using the product as a portal to using it as a gateway to external systems and services. Since the Server Object Model cannot be used remotely, developers building these external systems will need to become familiar with the Client Object Model (CSOM) and/or the REST API if they want to communicate with SharePoint. This session will introduce these two APIs, give a brief overview of their history, and then show you how to get started using them through a series of demonstrations.
Identity Management for Office 365 and Microsoft AzureSparkhound Inc.
Sparkhound Senior Infrastructure Consultant David Pechon discusses Identity Management for O365 and Azure at the 2015 SharePoint TechFest Dallas event held at the Irving Convention Center. Learn how Active Directory Federation Services and DirSync allow you to synchronize your organization’s Active Directory and use it to authenticate users to Office 365 applications, such as Exchange Online, OneDrive for Business and SharePoint Online.
SEASPC 2011 - Collaborating with Extranet Partners on SharePoint 2010 Michael Noel
Organizations planning for Extranet access to SharePoint 2010 or faced with providing access to an Intranet from multiple internal authentication platforms often find it challenging to properly architect SharePoint for extranets, to isolate content, and to manage identities across disparate systems. The complexity involved in understanding how to isolate content from a security perspective but still provide for a collaborative space for end users is complex, and if not done correctly can lead to security breaches and confusion. This session focuses on understanding the various extranet models for SharePoint 2010 and providing real world guidance on how to implement them. Covered are extranet content models and extranet authentication options, including Claims-based authentication and also covering advanced options using tools such as Microsoft's Forefront Identity Manager (FIM) 2010 to centralize identity management to SharePoint 2010 farms, allowing for better control, automatic account provisioning, and synchronization of profile information across multiple SharePoint authentication providers. • Review Extranet design options with SharePoint 2010 • Understand the need for identity management across SharePoint farms • Examine real world deployment guidance and architecture for SharePoint environments using multiple authentication providers
TechEd Africa 2011 - Collaborating with Extranet Partners on SharePoint 2010Michael Noel
Organizations planning for Extranet access to SharePoint 2010 or faced with providing access to an Intranet from multiple internal authentication platforms often find it challenging to properly architect SharePoint for extranets, to isolate content, and to manage identities across disparate systems. The complexity involved in understanding how to isolate content from a security perspective but still provide for a collaborative space for end users is complex, and if not done correctly can lead to security breaches and confusion. This session focuses on understanding the various extranet models for SharePoint 2010 and providing real world guidance on how to implement them. Covered are extranet content models and extranet authentication options, including Claims-based authentication and also covering advanced options using tools such as Microsoft's Forefront Identity Manager (FIM) 2010 to centralize identity management to SharePoint 2010 farms, allowing for better control, automatic account provisioning, and synchronization of profile information across multiple SharePoint authentication providers. • Review Extranet design options with SharePoint 2010 • Understand the need for identity management across SharePoint farms • Examine real world deployment guidance and architecture for SharePoint environments using multiple authentication providers
SharePoint Connector – Setup and ConfigurationAdobe
Adobe’s SharePoint Connector exposes content via the standard JCR interface, enabling applications to access content that resides in a proprietary repository in a standardized manner, thus, simplifying access to content. This presentation provides step-by-step guidelines on how to setup and configure a Share Connector with CQ/AEM (5.6.0). Watch the on-demand webinar: http://adobe.ly/1ffzutV.
Introduction to the SharePoint Client Object Model and REST APIRob Windsor
As Microsoft was releasing SharePoint 2013 it was pretty clear that they were steering people away from using the product as a portal to using it as a gateway to external systems and services. Since the Server Object Model cannot be used remotely, developers building these external systems will need to become familiar with the Client Object Model (CSOM) and/or the REST API if they want to communicate with SharePoint. This session will introduce these two APIs, give a brief overview of their history, and then show you how to get started using them through a series of demonstrations.
Identity Management for Office 365 and Microsoft AzureSparkhound Inc.
Sparkhound Senior Infrastructure Consultant David Pechon discusses Identity Management for O365 and Azure at the 2015 SharePoint TechFest Dallas event held at the Irving Convention Center. Learn how Active Directory Federation Services and DirSync allow you to synchronize your organization’s Active Directory and use it to authenticate users to Office 365 applications, such as Exchange Online, OneDrive for Business and SharePoint Online.
Understanding Identity Management with Office 365Perficient, Inc.
As more companies leverage Office 365, identity management between on-premise and cloud has become a topic of increasing importance. Fortunately, Office 365 offers a wide range of different identity management options that you can select based on your organization’s needs and preferences.
Join Perficient as we take a look at:
What constitutes identity management in Office 365
Federation and synchronization options available with Office 365, including ADFS and DirSync with password synchronization
Multi-forest deployments and deploying infrastructure using Windows Azure
Are you looking for a better strategy to implement Office 365 but already have an on premise SharePoint 2013 or SharePoint 2010 implementation? If so this session is for you to understand how both systems can help solve distinct business problems that your organization might want to leverage SharePoint to address.
Office 365 brings SharePoint to the cloud to allow for the best of both the worlds together to simplify and enhance the SharePoint experience while significantly reducing costs. Office 365 allows more flexibility and greater business agility. It helps leveraging familiar tools for simple deployment, and user experiences as well as a leaner, controlled model for enterprises.
Topics covered include
• An overview of Office 365 & SharePoint 2013 On Premise: Better together!
• Use cases to consider for each environment?
• Impact to your Infrastructure
• Key Considerations
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...Neo4j
Leonard Jayamohan, Partner & Generative AI Lead, Deloitte
This keynote will reveal how Deloitte leverages Neo4j’s graph power for groundbreaking digital twin solutions, achieving a staggering 100x performance boost. Discover the essential role knowledge graphs play in successful generative AI implementations. Plus, get an exclusive look at an innovative Neo4j + Generative AI solution Deloitte is developing in-house.
A tale of scale & speed: How the US Navy is enabling software delivery from l...sonjaschweigert1
Rapid and secure feature delivery is a goal across every application team and every branch of the DoD. The Navy’s DevSecOps platform, Party Barge, has achieved:
- Reduction in onboarding time from 5 weeks to 1 day
- Improved developer experience and productivity through actionable findings and reduction of false positives
- Maintenance of superior security standards and inherent policy enforcement with Authorization to Operate (ATO)
Development teams can ship efficiently and ensure applications are cyber ready for Navy Authorizing Officials (AOs). In this webinar, Sigma Defense and Anchore will give attendees a look behind the scenes and demo secure pipeline automation and security artifacts that speed up application ATO and time to production.
We will cover:
- How to remove silos in DevSecOps
- How to build efficient development pipeline roles and component templates
- How to deliver security artifacts that matter for ATO’s (SBOMs, vulnerability reports, and policy evidence)
- How to streamline operations with automated policy checks on container images
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...SOFTTECHHUB
The choice of an operating system plays a pivotal role in shaping our computing experience. For decades, Microsoft's Windows has dominated the market, offering a familiar and widely adopted platform for personal and professional use. However, as technological advancements continue to push the boundaries of innovation, alternative operating systems have emerged, challenging the status quo and offering users a fresh perspective on computing.
One such alternative that has garnered significant attention and acclaim is Nitrux Linux 3.5.0, a sleek, powerful, and user-friendly Linux distribution that promises to redefine the way we interact with our devices. With its focus on performance, security, and customization, Nitrux Linux presents a compelling case for those seeking to break free from the constraints of proprietary software and embrace the freedom and flexibility of open-source computing.
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
PHP Frameworks: I want to break free (IPC Berlin 2024)Ralf Eggert
In this presentation, we examine the challenges and limitations of relying too heavily on PHP frameworks in web development. We discuss the history of PHP and its frameworks to understand how this dependence has evolved. The focus will be on providing concrete tips and strategies to reduce reliance on these frameworks, based on real-world examples and practical considerations. The goal is to equip developers with the skills and knowledge to create more flexible and future-proof web applications. We'll explore the importance of maintaining autonomy in a rapidly changing tech landscape and how to make informed decisions in PHP development.
This talk is aimed at encouraging a more independent approach to using PHP frameworks, moving towards a more flexible and future-proof approach to PHP development.
Communications Mining Series - Zero to Hero - Session 1DianaGray10
This session provides introduction to UiPath Communication Mining, importance and platform overview. You will acquire a good understand of the phases in Communication Mining as we go over the platform with you. Topics covered:
• Communication Mining Overview
• Why is it important?
• How can it help today’s business and the benefits
• Phases in Communication Mining
• Demo on Platform overview
• Q/A
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Dr. Sean Tan, Head of Data Science, Changi Airport Group
Discover how Changi Airport Group (CAG) leverages graph technologies and generative AI to revolutionize their search capabilities. This session delves into the unique search needs of CAG’s diverse passengers and customers, showcasing how graph data structures enhance the accuracy and relevance of AI-generated search results, mitigating the risk of “hallucinations” and improving the overall customer journey.
Pushing the limits of ePRTC: 100ns holdover for 100 daysAdtran
At WSTS 2024, Alon Stern explored the topic of parametric holdover and explained how recent research findings can be implemented in real-world PNT networks to achieve 100 nanoseconds of accuracy for up to 100 days.
GridMate - End to end testing is a critical piece to ensure quality and avoid...ThomasParaiso2
End to end testing is a critical piece to ensure quality and avoid regressions. In this session, we share our journey building an E2E testing pipeline for GridMate components (LWC and Aura) using Cypress, JSForce, FakerJS…
30. SafenetDemos
customer premises
IdentityArchitecture
1. Microsoft Online IDs
AD
MS Online
Directory Sync
Provisioning
platform
Lync
Online
SharePoint
Online
Exchange
Online
Active Directory
Federation
Server 2.0
Trust
IdP Directory
Store
Admin Portal
Authentication
platform
Office 365
Desktop
Setup
Microsoft Online Services
2. Microsoft Online IDs + DirSync
3.Federated IDs + DirSync
IdP
31. safenetdemos customer
premises
Single Sign on Setup for New domains
1. Microsoft Online PowerShell Module for Windows
2. Connect to AD FS 2.0 and Microsoft Office 365
3. Add Domain (returns details for proof of ownership)
4. Add Domain
Identity Services
Provisioning
platform
Active Directory
Federation Server
2.0
Trust
Directory
Store
Admin Portal/
PowerShell
Authentication
platform
MSOL PowerShell
Module
Microsoft Online Services
Add Domain
Required
Cname
Add Trust
- Claim Rules
- User Source ID = AD ObjectGUID
Verify-Domain
- Active/Mex/Passive
- Token certs Current/Next
- Brand URI etc
Update
34. Identity Comparison options comparison
1. MS Online IDs
Appropriate for
• Smaller orgs without
AD on-premise
Pros
• No servers required
on-premise
Cons
• No SSO
• No 2FA
• 2 sets of credentials
to manage with
differing password
policies
• IDs mastered in the
cloud
2. MS Online IDs + Dir
Sync
Appropriate for
• Medium/Large orgs
with AD on-premise
Pros
• Users and groups
mastered on-premise
• Enables co-existence
scenarios
Cons
• No SSO
• No 2FA
• 2 sets of credentials to
manage with differing
password policies
• Single server
deployment
3. Federated IDs + Dir
Sync
Appropriate for
• Larger enterprise orgs
with AD on-premise
Pros
• SSO with corporate
cred
• IDs mastered on-
premise
• Password policy
controlled on-premise
• 2FA solutions possible
• Enables co-existence
scenarios
Cons
• High availability server
deployments required
How to pilot single sign-on in a production user forestThis post describes the steps necessary to pilot single sign-on (also known as identity federation) using corporate credentials within a production user forest through the use of a fictional organization “contoso.com”. This post assumes that the reader is somewhat familiar with single sign-on (identity federation) with Office 365 and that they have already read:How single sign-on worksPreparing for single sign-on Plan and deploy AD FS 2.0 for Office 365Establishing a trust to Office 365 Install and configure the Microsoft Online Services Module for Windows PowerShell for single sign-onThere are two key scenarios involved in piloting and staging rollout of single sign-on to an organization:Scenario 1: The organization knows that it wants single sign-on (identity federation) to Office 365 right from the start. Therefore the organization establishes a trust between its Active Directory (via Active Directory Federation Service 2.0) and Office 365.In this scenario, the organization is able to pilot and stage rollout, to its users, of single sign-on to Office 365 services, by simply licensing directory synchronized federated users in the administration portal (once they have established the trust using the Microsoft Online Services Module for Windows PowerShell)Additionally the organization can set up an Authorization claim rule on the ADFS 2.0 server, that will only generate a security token (for the authenticated user) if they are a member of an on-premise security group. Hence your pilot users can be put into this security group, as can your other users as you stage rollout to the organization.Scenario 2: The organization has decided initially not to use single sign-on (identity federation). Instead the organization’s users are using Microsoft Online cloud IDs (i.e. non-federated IDs) to sign in to Office 365 services. At some point later the organization decides that they want to start using single sign-on, by converting their existing users from standard Microsoft Online cloud IDs to federated IDs. This is a more complicated scenario for piloting and staging rollout, and hence is described in much more detail below.NOTE: Staging rollout of single sign-on to your organization for this scenario is not currently possible with Office 365. This is because conversion of a standard domain to a federated domain is currently an all or nothing switch (all users are automatically converted to use single sign-on at their next login). A federated domain may only contain federated/single sign-on users.However, piloting single sign-on with a set of production users from your production forest is possible and is described in detail below.Setting the stageContoso Ltd. is an Enterprise size organization with over 2000 employees worldwide. Contoso has deployed Active Directory on premise in a single forest contoso.com. Contoso is also an O365 customer and has over 2000 O365 suite licenses. Contoso has verified domain ownership of contoso.com with O365, and uses Directory Sync to synchronize their on premise AD forest contoso.com (users, contacts and groups) with O365. This has automatically created Microsoft Online IDs (cloud credentials) for each of the on premise users (logon enabled users) in the contoso.com forest. Hence, all Contoso employees using O365 have a cloud credential/UPN (separate from their corporate credential) under the contoso.com. Additionally, contoso.com is the organization’s primary SMTP domain. Contoso is very happy with their move to Office 365. However they are evaluating various pain points associated with managing accounts on premise and in the cloud. This has led to Contoso researching single sign-on. As such Contoso has decided that the investment to deploy single sign-on is worth taking. However, before making that investment, Contoso IT Admins would like to first pilot single sign-on with real production users and test various federated authentication scenarios before rolling this out to the rest of their company.AssumptionsContoso Publishing (or your organization) already has:AD on premise.A single forest containing the user accounts.Directory synchronization running in their forest.Users logging in to Office 365 using Microsoft Online cloud IDs that are under the forest domain (like contoso.com). These are non-federated accounts and are therefore authenticated by the Office 365 identity system.Users who have a primary SMTP address under contoso.com. (Note: this is not mandatory.)Not yet set up single sign-on.Steps to Pilot Deploy AD FS 2.0 (as per Plan for and deploy AD FS 2.0 for Office 365) in Contoso’s production environment.Purchase a new domain from a domain registrar. This domain should be distinct from your production domain (i.e. this cannot be a sub-domain of an existing production domain). For example here we will assume purchase of fabrikam.com and use this in the example from now on.Federate the fabrikam.com domain with Office 365 by following the instructions in Install and configure the Microsoft Online Services Module for Windows PowerShell for single sign-on on “how to Add a federated domain”. Add fabrikam.com as another UPN domain suffix in your Active Directory forest (See http://technet.microsoft.com/en-us/library/cc756944(WS.10).aspx for instructions).Select pilot users for this pilot program and inform them (ahead of time via emails) that they are part of this single sign-on pilot and the login changes that they should expect during this pilot, and when this change is scheduled for. Inform them that once the transition is complete that at any time when asked to enter an ID, they need to enter their new UPN (the one under the fabrikam.com domain).Go into Active Directory Administrative Center or ADSI (Active Directory Users and Computers) and toggle the pilot user’s UPNs to be under the fabrikam.com domain.NOTE: If the users who are in the pilot test group have smart cards then this technique may not be appropriate, since it involves changing the UPN of the user and will render their smart cards invalid for the period of the pilot program. Organizations should also review whether there are any internal applications or resource access that makes use of user’s UPNs and whether they need any updating.NOTE: This will not affect the user’s SIP address or SMTP proxy addresses. It is perfectly valid to have a UPN that is different from a primary SMTP address.Once all the pilot users have had their UPNs changed, go to the DirSync machine and “force” a synchronization (or simply wait up to 3 hours for the next sync):Go to %program files%\Microsoft Online Directory Sync.Double click on DirSyncConfigShell.psc1 to open a powershellDirSync snap-in session.At the PS command line type: Start-OnlineCoexistenceSync and press Enter.Check that the DirSync update is complete by logging on to the O365 administration portal and into the Exchange Control Panel (ECP) and looking at the user lists in both places. Your pilot user’s UPN changes should be reflected in both the user lists.Contoso pilot users are asked to thoroughly test various sign in scenarios to ensure that single sign-on (and the AD FS 2.0 deployment) is correctly configured, and that single sign-on is ready to be rolled out across the entire organization. Tests include accessing Office 365 services from both browsers and rich client apps (such as Office 2007 or Office 2010, Lync and Outlook 2007 or Outlook 2010) in the following environments:From a domain joined machine.From a non-domain joined machine inside the corporate network.From a roaming domain joined machine outside the corporate network.From a home PC.From a web kiosk (browser only).From a smart phone (i.e. Exchange Active Sync).Federate the production domain contoso.comOnce Contoso is satisfied that single sign-on is correctly configured and working properly through the pilot testing process outlined earlier, Contoso is now ready to roll this out to the existing production users. This involves 2 main steps:Moving the pilot users back into the production standard domain (contoso.com) and removing the test federated domain (fabrikam.com). Removing the test federated domain means that the AD FS 2.0 deployment can now be used to federate your production domain (contoso.com)Federating the contoso.com domain, by converting this standard domain to be federatedInform the pilot users that they are being moved back to the regular production domain and that their single sign-on experience will temporarily go away. Inform them that their UPN will change back to the production domain (contoso.com) and that they will be issued with a new temporary password to access Office 365 (i.e. the experience they had before the pilot program began). They should also be informed that as part of this move they may experience a brief period of downtime.Toggle the pilot users UPN’s domain back to contoso.com from fabrikam.com.Either wait for DirSync to synchronize the changes or force a synchronization using the instructions given previously.Moving the pilot users back to the production domain (contoso.com)NOTE: Due to a code defect Directory Sync will show an error. Moving from a federated domain to a standard domain in this fashion will be supported in the future once this defect is fixed.Moving the user back to a standard (non-federated) domain in the cloud requires the use of the Microsoft Online Services Module for Windows PowerShell. This is the same module that contains the federation tool cmdlets. For each of your pilot users, move them to the contoso.comdomain by using the Set-MsolUserPrincipalNamecmdlet. For example:set-msoluserprincipalname –UserPrincipalNamejohn@fabrikam.com-newUserPrincipalNamejohn@contoso.comOnce you can see the pilot user’s UPNs updated in the administration portal, reset all those pilot user’s cloud passwords (using the administration portal) and distribute the temporary passwords to the pilot users.The pilot users will be forced to change their passwords the first time they login, after being moved back to the contoso.com domain[1].Federating the production domain (contoso.com)On the AD FS machine, open the Microsoft Online Services Module for Windows PowerShell (see Install and configure the Microsoft Online Services Module for Windows PowerShell for single sign-on for further information). This time, after connecting to the service and AD FS, remove the federated test domain fabrikam.com by using the Remove-MSOLFederatedDomaincmdlet.Inform all production users with Office 365 licenses/accounts in contoso.com that single sign-on is going to be enabled for their Office 365 login accounts and when this is scheduled for. Explain the changes in the login experiences to all end users once the contoso.com domain is federated.Next federate the contoso.com domain using the Convert-MSOLDomainToFederatedcmdlet. NOTE: This conversion process can take up to 24 hours to complete. Microsoft recommends that this operation is performed over a weekend.NOTE: This conversion process will convert all the contoso.com user’s cloud credentials into federated credentials – allowing them to use their corporate credentials to sign in to Office 365 services. Staging of this conversion process is not currently possible with Office 365.[1] Being prompted for credentials may not happen immediately because the client caches a service token for the user. When the service token expires, the user will be prompted for credentials.