Download to read offline
More Related Content
Oktane13-O365_v3_custom_SKO
- 2.
- 3.
- 4. okta confidential 4 FederatedSSO • Initially only supported ADFS as IDP • Now opened up to partners • WS-Federation for both ADFS and Okta User Management • Object syncronization through DirSync (Microsoft tool) • Okta can do basic user prov. today. • Plans for DirSync replacement
- 5.
- 6.
- 7.
- 8. Firewall Federated SSO Active DirectoryFederation Services (ADFS) Directory Synchronization Microsoft DirSync
- 9. Internet Firewall Customer Network AD Domain Controller ADFS Farm SeparateWindows Server for DirSync
- 10.
- 11. Year One YearTwo Year Three Total okta confidential 11 More apps = more cost
- 12.
- 13. okta confidential 13 ImplementationChallenge With ADFS With Okta Additional On-Prem Hardware Clustered Servers behind Firewall; additional clustered servers in DMZ None Firewall Reconfiguration Requires hole in firewall None Third Party Certificates 4 Required internally; 1 additional for proxies None Support for additional Applications Time consuming configuration and debugging required Natively speaks WS- Federation and SAML to large catalog of applications Time to Implement 1-2 weeks typically 1 hour typically Cost to implement ADFS is “free”; $25,000 and more for hardware, software, & services Free to implement Office 365
- 14. User Management Internet FirewallCustomer Network AD Domain Controller Okta Agent (On Windows Server)
- 15. Okta for FederatedSSO + DirSync for Provisioning • Use this deployment when users require Sharepoint and Skydrive integration with local office applications and Lync Okta for Federated SSO + Okta • Use this for simple user provisioning to onboard/deprovision new accounts in Office 365 based on AD account creation/disablement with only cloud apps H2 2014 - Okta for Federated SSO + Okta for Full DirSync Replacement okta confidential 15
- 16.
- 17. okta confidential 17 DefineSSO Method WS-Fed or SWA Define Policy Define User- Management & Import Policy
- 18.
- 19.
- 20.
- 21.
- 22.
- 23. okta confidential 23 Greenfield Deployments •DyrSync Required • Windows Server • Need access to Windows Server • Flexibility to enable federated endpoints Brownfield Deployments • Migrate Endpoints from ADFS to Okta using PowerShell • Should recommend using a Sandbox (E3 free trial) User Management • Push users from Okta or AD to Office 365 tenant • Current Okta UM for Office 365 for Cloud only • License Policy enforcement from Okta.
- 24. okta confidential 24 Firewall 1or more Okta agents per domain AD DC 1 Separate Windows Server for DirSync 1 DirSync Server ONLY per tenant Domain 1 Domain 2 Domain 3 Single tenant Multi-domain Setup AD DC 2 AD DC 3 O365 app 1 O365 app 2 O365 app 3
- 25.
- 26.
- 28. okta confidential 28 Eliminatethe need to maintain ADFS • No need to deploy/manage additional Windows Servers • No need to make network changes to support ADFS • No need to maintain O365 SSO integration • Time consuming to set up ADFS Infrastructure • http://technet.microsoft.com/en-us/office365/hh744605.aspx Microsoft Certified Federated-SSO partner • Okta has been certified by Microsoft • Full alignment between Microsoft Support and Okta Support
Editor's Notes
- #10 Microsoft recommend hardware requirements for ADFS is Quad-Core, 2Ghz processors, 4 GB RAM, in addition to the base requirements for Windows Server 2012. ADFS Certificate requirements are SSL Server Cert, Service Communication Certificate (enables WCF message security between all internal federation servers), Token-signing certificate (x.509 cert used for securely signing all tokens that the Federation server issues), & Token-Decryption Certificate (SSL cert used in published federation metadata and for partner federation servers) ADFS Proxy servers require the standard Server Authentication Certificate (used for securing communication between Federation server proxy and internet client computers.)
- #11 In Windows Server 2012, Federation Proxy Server is called the Web Application Proxy.