Office 365 and Cloud Identity – What Does It Mean For Me?
4 likes1,655 views
The document discusses identity management in Office 365, covering key concepts such as authentication, authorization, and synchronization. It introduces Azure Active Directory as a cloud solution for managing user access and outlines various identity scenarios, including single sign-on and federated identity. Additionally, it details the necessary steps for configuring directory synchronization and highlights the support for third-party identity providers.
Office 365 and Cloud Identity – What Does It Mean For Me?
- 1. S H A R E P O I N T CONFERENCES 2 0 1 4 Scott Hoag bit.ly/ STP1413
- 3. #auspc #nzspc #spt1413 Identity Management in Office 365 Identity Scenarios Synchronisation Demo Add-ons and More to Think About 1 2 3 4
- 5. #auspc #nzspc #spt1413 What is Identity Management? “Identity management (IdM) describes the management of individual principals, their authentication, authorisation, and privileges within or across system and enterprise boundaries with the goal of increasing security and productivity while decreasing cost, downtime and repetitive tasks.” https://en.wikipedia.org/wiki/Identity_management
- 6. #auspc #nzspc #spt1413 Authentication and Authorization Verifying that a user, device, or service such as an application provided on a network server is the entity that it claims to be. Determining which actions an authenticated entity is authorized to perform on the network Authentication Authorization
- 7. #auspc #nzspc #spt1413 Single Sign On (SSO) is the ability for two disjoint Identity Providers (IDP) to trust each other such that a user logged in to one does not need to log in again for the second Relying Party (RP) is the system that relies on the IDP to authenticate a user Security Assertion Markup Language (SAML) SAML is a public standard managed by OASIS. SAML is the identity token and also the protocol. WSFED is used for web browser-based authentication with an IDP. WS-Trust is used by Office client apps to authenticate.* WS-Federation (WSFED) / WS-Trust
- 9. #auspc #nzspc #spt1413User Microsoft Account Ex: alice@outlook.com User Organizational Account Ex: alice@contoso.com Microsoft Account Azure Active Directory
- 10. #auspc #nzspc #spt1413 What is AAD? “Azure Active Directory is a comprehensive identity and access management cloud solution that provides a robust set of capabilities to manage users and groups and help secure access to applications including Microsoft online services like Office 365 and a world of non-Microsoft SaaS applications.”
- 13. #auspc #nzspc #spt1413 Cloud Identity Zero on-premises servers On-premises directory restructuring Pilots and Proof of Concept
- 14. #auspc #nzspc #spt1413 Synchronized Identity Federation is not required Simple Sign On is acceptable
- 15. #auspc #nzspc #spt1413 Federated Identity Already have ADFS or a 3rd party IDP Require immediate disable or Sign-in Audit SSO is required Multiple Forests CAC or on-premises MFA Business requires it
- 16. #auspc #nzspc #spt1413 On your terms
- 18. #auspc #nzspc #spt1413 What are we going to do? Office 365 E3 Tenant Configure DirSync Users in targeted OU One way password sync Alternate Login ID
- 19. #auspc #nzspc #spt1413 Logon to the Portal Select Users and groups and then activate DirSync Select Users and Groups and click Set up Active Directory synchronization Activate Directory Synchronization Wait for DirSync to enable Review all documentation, follow the implementation steps, and download DirSync Form DirSync server Download DirSync
- 20. #auspc #nzspc #spt1413 Logon to DirSync server and run setup Follow setup wizard When finished, option to start the configuration wizard
- 21. #auspc #nzspc #spt1413 Run configuration wizard Provide O365admin creds Provide AD admin creds If Exchange hybrid, configure “write-back” Password sync option Create configuration When finished, option to run synchronization
- 23. #auspc #nzspc #spt1413 When your on-premises UPN is non-routable on the public internet and you can’t easily update UPN suffixes Requires Windows Server 2012 R2 for AD FS* Requires comfort with FIM and editing Management Agents
- 24. #auspc #nzspc #spt1413 DirSync for LDAPv3 Supports multiple forests Doesn’t include password hash sync Includes write back capability with Azure AD Premium subscription Availability Preview now available at: http://go.microsoft.com/?linkid=9845645 Release later in 2014 Target Identity Providers Same as FIM 2010 R2 connector FIM connector details at http://go.microsoft.com/fwlink/?LinkID=270179
- 25. #auspc #nzspc #spt1413 SSO with passive authentication Works with WSFED and SAML 2.0 Planned for later in 2014 Will require Office Client updates Move to Active Directory Authentication Library (ADAL) OAUTH for passive authentication Support for MFA with AAD CAC/PIV support SAML 2.0
- 26. #auspc #nzspc #spt1413 What is it? Qualification of third party identity providers for federation with Office 365. Microsoft supports Office 365 only when qualified third party identity providers are used. Program Requirements Published Qualification Requirements Published Technical Integration Docs Automated Testing Tool Self Testing work by Partner Predictable and Shorter Qualification http://aka.ms/ssoproviders *For representative purposes only. WS-Trust & WS- Federation SAML (passive auth) Active Directory with ADFS • Flexibility to reuse existing identity provider investments • Confidence that the solution is qualified by Microsoft • Coordinated support between the partner and Microsoft Customer Benefits
- 27. #auspc #nzspc #spt1413 Suitable for medium, large enterprises including educational organizations Suitable for medium, large enterprises including educational organizations Suitable for educational organizations For organizations that need to use SAML 2.0
- 30. #auspc #nzspc #spt1413 Identity Management in Office 365 Identity Scenarios Synchronisation Demo Add-ons and More to Think About
- 32. #auspc #nzspc #spt1413 Use third-party identity providers to implement single sign-on Deployment scenarios for Office 365 with single sign- on and Azure Choosing a sign-in model for Office 365 Password hash sync simplifies user management for Office 365 Using Alternate Login IDs with Azure Active Directory Office 365 SAML 2.0 Federation Implementer’s Guide Simplified login to Yammer from Office 365 Multi-Factor Authentication for Office 365 Office 365 User Account Management
- 33. #auspc #nzspc #spt1413 Thank you to our sponsors