SlideShare a Scribd company logo

SYDSP - Office 365 and Cloud Identity - What does it mean for me?

Scott Hoag, profile picture
Scott Hoag

The document outlines identity management in Office 365, defining key concepts such as authentication, authorization, and single sign-on (SSO). It emphasizes Azure Active Directory (AAD) as a central cloud solution for managing user access and highlights strategies for identity synchronization and federation. Additionally, it discusses the integration of third-party identity providers and resources for implementing single sign-on in organizational contexts.

Technology
1 of 48
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
Office 365 and Cloud Identity What does it mean for me? Scott Hoag Applied Information Sciences
SYDSP - Office 365 and Cloud Identity - What does it mean for me?
Agenda Identity Management in Office 365 Identity Scenarios Synchronisation Demo Add-ons and More to Think About 1 2 3 4
Identity Management Overview
Terminology What is Identity Management? “Identity management (IdM) describes the management of individual principals, their authentication, authorisation, and privileges within or across system and enterprise boundaries with the goal of increasing security and productivity while decreasing cost, downtime and repetitive tasks.” https://en.wikipedia.org/wiki/Identity_management
Determining which actions an authenticated entity is authorized to perform on the network Terminology Verifying that a user, device, or service such as an application provided on a network server is the entity that it claims to be. Authentication Authorization
Terminology  Single Sign On (SSO) is the ability for two disjointed Identity Providers (IDP) to trust each other such that a user logged in to one does not need to log in again for the second  Relying Party (RP) is the system that relies on the IDP to authenticate a user Security Assertion Markup Language (SAML) SAML is a public standard managed by OASIS. SAML is the identity token and also the protocol. WSFED is used for web browser-based authentication with an IDP. WS-Trust is used by Office client apps to authenticate.* WS-Federation (WSFED) / WS-Trust
Identity Synchronisation and Federation WS-Federation WS-Trust SAML 2.0 Metadata Shibboleth Graph API
Microsoft Identity Services User Microsoft Account Ex: alice@outlook.com User Organizational Account Ex: alice@contoso.com Microsoft Account Azure Active Directory
Azure Active Directory What is AAD? “Azure Active Directory is a comprehensive identity and access management cloud solution that provides a robust set of capabilities to manage users and groups and help secure access to applications including Microsoft online services like Office 365 and a world of non-Microsoft SaaS applications.”
Identity Scenarios
SYDSP - Office 365 and Cloud Identity - What does it mean for me?
13 Password Synchronisation
Choosing a Model Cloud Identity Zero on-premises servers On-premises directory restructuring Pilots and Proof of Concept
Choosing a Model Synchronized Identity Federation is not required Simple Sign On is acceptable
Choosing a Model Federated Identity Already have ADFS or a 3rd party IDP Require immediate disable or Sign-in Audit SSO is required Multiple Forests CAC or on-premises MFA Business requires it
Choosing a Model On your terms
18 Synchronisation Landscape Feature Azure Active Directory Synchronization Tool (DirSync) Azure Active Directory Synchronization Services (AAD Sync) Azure Active Directory Connect Forefront Identity Manager 2010 R2 (FIM) Connect to single on- premises AD forest X X PP X Connect to multiple on- premises AD forests X PP X Connect to single on- premises LDAP directory CS X Connect to multiple on- premises LDAP directories CS X Connect to on-premises AD and on-premises LDAP directories CS X Connect to custom systems (i.e. SQL, Oracle, MySQL, etc.) X Synchronize customer defined attributes (directory extensions) CS
Directory Sync Demonstration
The Setup What are we going to do? • Office 365 E3 Tenant • Configure Sync ‐ Users in targeted OU ‐ One way password sync ‐ Alternate Login ID
Prepare and Download DirSync • Logon to the Portal • Select Users and groups and then activate DirSync ‐ Select Users and Groups and click Set up Active Directory synchronization ‐ Activate Directory Synchronization • Wait for Sync to enable • Review all documentation, follow the implementation steps, and download Sync appliance Form DirSync server Download DirSync
Install AAD Sync
Install AAD Sync
Install AAD Sync
Install AAD Sync
Install AAD Sync
Install AAD Sync
Install AAD Sync
Install AAD Sync
Install AAD Sync
Install AAD Sync
Install AAD Sync
Install AAD Sync
34 Synchronisation Rules Editor
35 Synchronisation Rules Editor
36 Synchronisation Rules Editor
37 Running Synchronisation
38 Running Synchronisation
39 Finalising Synchronisation
Other Considerations
Alternate Login ID When your on-premises UPN is non-routable on the public internet and you can’t easily update UPN suffixes Requires Windows Server 2012 R2 for AD FS* Requires comfort with FIM and editing Management Agents
Office Client Passive Authentication • SSO with passive authentication ‐ Works with WSFED and SAML 2.0 • Went Tech Preview in Nov 2014 • Requires Office Client updates ‐ Move to Active Directory Authentication Library (ADAL) ‐ OAUTH for passive authentication ‐ Support for MFA with AAD ‐ CAC/PIV support SAML 2.0
Works with Office 365 – Identity program • What is it? ‐ Qualification of third party identity providers for federation with Office 365. Microsoft supports Office 365 only when qualified third party identity providers are used. • Program Requirements ‐ Published Qualification Requirements ‐ Published Technical Integration Docs ‐ Automated Testing Tool ‐ Self Testing work by Partner ‐ Predictable and Shorter Qualification ‐ http://aka.ms/ssoproviders *For representative purposes only. WS-Trust & WS- Federation SAML (passive auth) • Flexibility to reuse existing identity provider investments • Confidence that the solution is qualified by Microsoft • Coordinated support between the partner and Microsoft Customer Benefits
Office 365 Federation Options Suitable for medium, large enterprises including educational organizations Suitable for medium, large enterprises including educational organizations Suitable for educational organizations For organizations that need to use SAML 2.0
Closing Thoughts
The end to end Microsoft Stack WS-Federation WS-Trust
Agenda Identity Management in Office 365 Identity Scenarios Synchronisation Demo Add-ons and More to Think About    
Resources • Use third-party identity providers to implement single sign-on • Deployment scenarios for Office 365 with single sign-on and Azure • Choosing a sign-in model for Office 365 • Password hash sync simplifies user management for Office 365 • Directory Integration Tools • Using Alternate Login IDs with Azure Active Directory • Office 365 SAML 2.0 Federation Implementer’s Guide • Simplified login to Yammer from Office 365 • Multi-Factor Authentication for Office 365 • Office 365 User Account Management

More Related Content

PPTX
Protect Identities and Access to resources with Azure Active Directory
Vignesh Ganesan I Microsoft MVP
 
PPTX
Securing your Azure Identity Infrastructure
Vignesh Ganesan I Microsoft MVP
 
PDF
ざっくり解説 LINE ログイン
Naohiro Fujie
 
PPTX
Single Sign-On security issue in Cloud Computing
Rahul Roshan
 
PPTX
Supporting architecture for office 365 spo
Jethro Seghers
 
DOCX
Microsoft Windows Azure - Developer’s Guide Access Control in the Windows Azu...
Microsoft Private Cloud
 
PPTX
Interesting EMS Sessions for Ignite 2018
JoshuaLanier5
 
PPTX
CoLabora March 2022 - Improve security posture by implementing new Azure AD ...
Peter Selch Dahl
 
Protect Identities and Access to resources with Azure Active Directory
Vignesh Ganesan I Microsoft MVP
 
Securing your Azure Identity Infrastructure
Vignesh Ganesan I Microsoft MVP
 
ざっくり解説 LINE ログイン
Naohiro Fujie
 
Single Sign-On security issue in Cloud Computing
Rahul Roshan
 
Supporting architecture for office 365 spo
Jethro Seghers
 
Microsoft Windows Azure - Developer’s Guide Access Control in the Windows Azu...
Microsoft Private Cloud
 
Interesting EMS Sessions for Ignite 2018
JoshuaLanier5
 
CoLabora March 2022 - Improve security posture by implementing new Azure AD ...
Peter Selch Dahl
 

What's hot (19)

PPTX
SPSNL17 - Securing Office 365 and Microsoft Azure like a rock star (or groupi...
DIWUG
 
PPTX
Managing enterprise applications, permissions, and consent in Azure Active Di...
Peter Selch Dahl
 
PPTX
Community call: Develop multi tenant apps with the Microsoft identity platform
Microsoft 365 Developer
 
PDF
Swiz DAO
devaraj ns
 
PDF
Active Directory & LDAP | Security for Elasticsearch
Jochen Kressin
 
PPTX
MongoDB.local Atlanta: Introduction to Serverless MongoDB
MongoDB
 
PDF
Secure Your Cloud Environment with Azure Active Directory (AD)
WinWire Technologies Inc
 
PPTX
What's acs
Alik Levin
 
PPTX
Assessing security of your Active Directory
Aldo Elam Majiah
 
PDF
Programming with Azure Active Directory
Joonas Westlin
 
PDF
Cqrs journey guide
Steve Xu
 
PDF
2019-06-04 aOS Strasbourg - Technique 3 - MS Threat Protection - Seyfallah Ta...
aOS Community
 
PDF
Microsoft AZ-204 Exam Dumps
Study Material
 
PDF
Microsoft Cloud Identity and Access Management Poster - Atidan
David J Rosenthal
 
PPTX
Web Single sign on system
Swati Sinha
 
PPTX
Webinar: Extend The Power of The ForgeRock Identity Platform Through Scripting
ForgeRock
 
PDF
Windows identityfoundationwhitepaperfordevelopers rtw
Pradeep Krishnamurthy
 
PDF
Managing enterprise applications, permissions, and consent in Azure Active Di...
CoLaboraDK
 
PDF
SPSNL17 - Secure Collaboration: Start classifying, labeling, and protecting y...
DIWUG
 
SPSNL17 - Securing Office 365 and Microsoft Azure like a rock star (or groupi...
DIWUG
 
Managing enterprise applications, permissions, and consent in Azure Active Di...
Peter Selch Dahl
 
Community call: Develop multi tenant apps with the Microsoft identity platform
Microsoft 365 Developer
 
Swiz DAO
devaraj ns
 
Active Directory & LDAP | Security for Elasticsearch
Jochen Kressin
 
MongoDB.local Atlanta: Introduction to Serverless MongoDB
MongoDB
 
Secure Your Cloud Environment with Azure Active Directory (AD)
WinWire Technologies Inc
 
What's acs
Alik Levin
 
Assessing security of your Active Directory
Aldo Elam Majiah
 
Programming with Azure Active Directory
Joonas Westlin
 
Cqrs journey guide
Steve Xu
 
2019-06-04 aOS Strasbourg - Technique 3 - MS Threat Protection - Seyfallah Ta...
aOS Community
 
Microsoft AZ-204 Exam Dumps
Study Material
 
Microsoft Cloud Identity and Access Management Poster - Atidan
David J Rosenthal
 
Web Single sign on system
Swati Sinha
 
Webinar: Extend The Power of The ForgeRock Identity Platform Through Scripting
ForgeRock
 
Windows identityfoundationwhitepaperfordevelopers rtw
Pradeep Krishnamurthy
 
Managing enterprise applications, permissions, and consent in Azure Active Di...
CoLaboraDK
 
SPSNL17 - Secure Collaboration: Start classifying, labeling, and protecting y...
DIWUG
 
Ad

Similar to SYDSP - Office 365 and Cloud Identity - What does it mean for me? (20)

PPTX
SPSVB - Office 365 and Cloud Identity - What Does It Mean for Me?
Scott Hoag
 
PDF
JAXSPUG January 2016 - Microsoft Cloud Identities in Azure and Office 365
Scott Hoag
 
PPTX
SPIntersection 2016 - MICROSOFT CLOUD IDENTITIES IN AZURE AND OFFICE 365
Scott Hoag
 
PPTX
SPS Sydney - Office 365 and Cloud Identity – What does it mean for me?
Scott Hoag
 
PPTX
Understanding Identity Management with Office 365
Perficient, Inc.
 
PPTX
Office 365 MCSA TechEd
Robert Gabos
 
PPTX
70 346 Managing office 365 identities
clounoud
 
PDF
Office 365 identity
Motty Ben Atia
 
PPTX
2. Day 2 - Identify and SSO
Huy Pham
 
PPTX
Understanding Office 365’s Identity Solutions: Deep Dive - EPC Group
EPC Group
 
PDF
Office 365 and Cloud Identity – What Does It Mean For Me?
Scott Hoag
 
PDF
Office 365 Identity Management - SMBNation 2015
Robert Crane
 
PDF
O365con14 - moving from on-premises to online, the road to follow
NCCOMMS
 
PPTX
Microsoft Office 365 Directory Synchronization and Federation Options
Michael Frank
 
PPTX
1. Day 1 - Office 365 Trainning
Huy Pham
 
PPTX
CoLabora - Identity in a World of Cloud - June 2015
CoLaboraDK
 
PPTX
Brian Desmond - Identity and directory synchronization with office 365 and wi...
Nordic Infrastructure Conference
 
PDF
Identity and Authentication in Office 2013 and Office 365 from Microsoft
David J Rosenthal
 
PDF
Andy Malone - The new office 365 for it pro's
Nordic Infrastructure Conference
 
PPTX
Identity Management for Office 365 and Microsoft Azure
Sparkhound Inc.
 
SPSVB - Office 365 and Cloud Identity - What Does It Mean for Me?
Scott Hoag
 
JAXSPUG January 2016 - Microsoft Cloud Identities in Azure and Office 365
Scott Hoag
 
SPIntersection 2016 - MICROSOFT CLOUD IDENTITIES IN AZURE AND OFFICE 365
Scott Hoag
 
SPS Sydney - Office 365 and Cloud Identity – What does it mean for me?
Scott Hoag
 
Understanding Identity Management with Office 365
Perficient, Inc.
 
Office 365 MCSA TechEd
Robert Gabos
 
70 346 Managing office 365 identities
clounoud
 
Office 365 identity
Motty Ben Atia
 
2. Day 2 - Identify and SSO
Huy Pham
 
Understanding Office 365’s Identity Solutions: Deep Dive - EPC Group
EPC Group
 
Office 365 and Cloud Identity – What Does It Mean For Me?
Scott Hoag
 
Office 365 Identity Management - SMBNation 2015
Robert Crane
 
O365con14 - moving from on-premises to online, the road to follow
NCCOMMS
 
Microsoft Office 365 Directory Synchronization and Federation Options
Michael Frank
 
1. Day 1 - Office 365 Trainning
Huy Pham
 
CoLabora - Identity in a World of Cloud - June 2015
CoLaboraDK
 
Brian Desmond - Identity and directory synchronization with office 365 and wi...
Nordic Infrastructure Conference
 
Identity and Authentication in Office 2013 and Office 365 from Microsoft
David J Rosenthal
 
Andy Malone - The new office 365 for it pro's
Nordic Infrastructure Conference
 
Identity Management for Office 365 and Microsoft Azure
Sparkhound Inc.
 
Ad

More from Scott Hoag (20)

PPTX
SharePoint Conference 2018 - Understanding Office 365 Usage Reporting
Scott Hoag
 
PPTX
SharePoint Conference 2018 - Securing Office 365 and SharePoint Online with A...
Scott Hoag
 
PDF
Global Azure Bootcamp 2018 - Azure Security Center
Scott Hoag
 
PDF
Global Azure Bootcamp 2018 - Azure Network Security
Scott Hoag
 
PPTX
SPIntersection 2016 - TO THE CLOUD! USING IAAS AS A HOSTING PROVIDER FOR SHAR...
Scott Hoag
 
PPTX
JAXSPUG April 2016 - Staying in the Know with Office 365
Scott Hoag
 
PPTX
SPSDC - To the Cloud! Using IaaS as a Hosting Provider for SharePoint
Scott Hoag
 
PPTX
SPSNYC SharePoint Worst Practices
Scott Hoag
 
PPTX
March Sydney Office 365 Meetup - Office 365 and Hybrid Solutions... what work...
Scott Hoag
 
PPTX
SPSVB - Office 365 and Hybrid Solutions... what works for my organization?
Scott Hoag
 
PPTX
SPSVB - To the Cloud! Using IaaS as a Hosting Provider for SharePoint
Scott Hoag
 
PPTX
SPS Sydney - To the Cloud! Utilising Azure as a Cloud Hosting Provider for Sh...
Scott Hoag
 
PPTX
SPSCBR - Pitfalls of Migrating to SharePoint 2013
Scott Hoag
 
PPTX
Canberra SPUG - February 2014 - Pitfalls of Migrating to SharePoint 2013
Scott Hoag
 
PPTX
Sydney SPUG - February 2014 - Pitfalls of Migrating to SharePoint 2013
Scott Hoag
 
PPTX
SPSNYC - Authentication, Authorization, and Identity – More than meets the eye…
Scott Hoag
 
PPTX
SPT15 To the Cloud! Utilizing AWS and Azure as Cloud Hosting Providers for Sh...
Scott Hoag
 
PPTX
Getting Started with Office 365
Scott Hoag
 
PPTX
Authentication, Authorization, and Identity – More than meets the eye…
Scott Hoag
 
PPTX
FEDSPUG - SharePoint 2013 - A Brief Capability Overview
Scott Hoag
 
SharePoint Conference 2018 - Understanding Office 365 Usage Reporting
Scott Hoag
 
SharePoint Conference 2018 - Securing Office 365 and SharePoint Online with A...
Scott Hoag
 
Global Azure Bootcamp 2018 - Azure Security Center
Scott Hoag
 
Global Azure Bootcamp 2018 - Azure Network Security
Scott Hoag
 
SPIntersection 2016 - TO THE CLOUD! USING IAAS AS A HOSTING PROVIDER FOR SHAR...
Scott Hoag
 
JAXSPUG April 2016 - Staying in the Know with Office 365
Scott Hoag
 
SPSDC - To the Cloud! Using IaaS as a Hosting Provider for SharePoint
Scott Hoag
 
SPSNYC SharePoint Worst Practices
Scott Hoag
 
March Sydney Office 365 Meetup - Office 365 and Hybrid Solutions... what work...
Scott Hoag
 
SPSVB - Office 365 and Hybrid Solutions... what works for my organization?
Scott Hoag
 
SPSVB - To the Cloud! Using IaaS as a Hosting Provider for SharePoint
Scott Hoag
 
SPS Sydney - To the Cloud! Utilising Azure as a Cloud Hosting Provider for Sh...
Scott Hoag
 
SPSCBR - Pitfalls of Migrating to SharePoint 2013
Scott Hoag
 
Canberra SPUG - February 2014 - Pitfalls of Migrating to SharePoint 2013
Scott Hoag
 
Sydney SPUG - February 2014 - Pitfalls of Migrating to SharePoint 2013
Scott Hoag
 
SPSNYC - Authentication, Authorization, and Identity – More than meets the eye…
Scott Hoag
 
SPT15 To the Cloud! Utilizing AWS and Azure as Cloud Hosting Providers for Sh...
Scott Hoag
 
Getting Started with Office 365
Scott Hoag
 
Authentication, Authorization, and Identity – More than meets the eye…
Scott Hoag
 
FEDSPUG - SharePoint 2013 - A Brief Capability Overview
Scott Hoag
 

Recently uploaded (20)

PPTX
A Presentation on Artificial Intelligence
memembruh336
 
PPTX
Big Data Technologies - Introduction.pptx
kuthubussaman1
 
PDF
Reach Out and Touch Someone: Haptics and Empathic Computing
Mark Billinghurst
 
PPTX
Digital-Transformation-Roadmap-for-Companies.pptx
David Malick Dieng
 
PDF
Approach and Philosophy of On baking technology
30anthuong17
 
PDF
Mobile App Security Testing_ A Comprehensive Guide.pdf
flufftailshop
 
PPTX
KOM of Painting work and Equipment Insulation REV00 update 25-dec.pptx
muhammadmuneebnaeem7
 
PDF
Per capita expenditure prediction using model stacking based on satellite ima...
IAESIJAI
 
PDF
Chapter 3 Spatial Domain Image Processing.pdf
Getnet Tigabie Askale -(GM)
 
PDF
Advanced methodologies resolving dimensionality complications for autism neur...
IAESIJAI
 
PDF
Network Security Unit 5.pdf for BCA BBA.
Serpent6
 
PPTX
Cloud computing and distributed systems.
kkkkkhan
 
PDF
Build a system with the filesystem maintained by OSTree @ COSCUP 2025
Jian-Hong Pan
 
PDF
Encapsulation_ Review paper, used for researhc scholars
gurumoop
 
PPT
Teaching material agriculture food technology
LiaRayya
 
PDF
Agricultural_Statistics_at_a_Glance_2022_0.pdf
SandeepSingh286037
 
PDF
Peak of Data & AI Encore- AI for Metadata and Smarter Workflows
Safe Software
 
PPTX
VMware vSphere Foundation How to Sell Presentation-Ver1.4-2-14-2024.pptx
blackmambaettijean
 
PDF
NewMind AI Weekly Chronicles - August'25 Week I
NewMind AI
 
PDF
KodekX | Application Modernization Development
KodekX
 
A Presentation on Artificial Intelligence
memembruh336
 
Big Data Technologies - Introduction.pptx
kuthubussaman1
 
Reach Out and Touch Someone: Haptics and Empathic Computing
Mark Billinghurst
 
Digital-Transformation-Roadmap-for-Companies.pptx
David Malick Dieng
 
Approach and Philosophy of On baking technology
30anthuong17
 
Mobile App Security Testing_ A Comprehensive Guide.pdf
flufftailshop
 
KOM of Painting work and Equipment Insulation REV00 update 25-dec.pptx
muhammadmuneebnaeem7
 
Per capita expenditure prediction using model stacking based on satellite ima...
IAESIJAI
 
Chapter 3 Spatial Domain Image Processing.pdf
Getnet Tigabie Askale -(GM)
 
Advanced methodologies resolving dimensionality complications for autism neur...
IAESIJAI
 
Network Security Unit 5.pdf for BCA BBA.
Serpent6
 
Cloud computing and distributed systems.
kkkkkhan
 
Build a system with the filesystem maintained by OSTree @ COSCUP 2025
Jian-Hong Pan
 
Encapsulation_ Review paper, used for researhc scholars
gurumoop
 
Teaching material agriculture food technology
LiaRayya
 
Agricultural_Statistics_at_a_Glance_2022_0.pdf
SandeepSingh286037
 
Peak of Data & AI Encore- AI for Metadata and Smarter Workflows
Safe Software
 
VMware vSphere Foundation How to Sell Presentation-Ver1.4-2-14-2024.pptx
blackmambaettijean
 
NewMind AI Weekly Chronicles - August'25 Week I
NewMind AI
 
KodekX | Application Modernization Development
KodekX
 

SYDSP - Office 365 and Cloud Identity - What does it mean for me?

  • 1. Office 365 and Cloud Identity What does it mean for me? Scott Hoag Applied Information Sciences
  • 3. Agenda Identity Management in Office 365 Identity Scenarios Synchronisation Demo Add-ons and More to Think About 1 2 3 4
  • 5. Terminology What is Identity Management? “Identity management (IdM) describes the management of individual principals, their authentication, authorisation, and privileges within or across system and enterprise boundaries with the goal of increasing security and productivity while decreasing cost, downtime and repetitive tasks.” https://en.wikipedia.org/wiki/Identity_management
  • 6. Determining which actions an authenticated entity is authorized to perform on the network Terminology Verifying that a user, device, or service such as an application provided on a network server is the entity that it claims to be. Authentication Authorization
  • 7. Terminology  Single Sign On (SSO) is the ability for two disjointed Identity Providers (IDP) to trust each other such that a user logged in to one does not need to log in again for the second  Relying Party (RP) is the system that relies on the IDP to authenticate a user Security Assertion Markup Language (SAML) SAML is a public standard managed by OASIS. SAML is the identity token and also the protocol. WSFED is used for web browser-based authentication with an IDP. WS-Trust is used by Office client apps to authenticate.* WS-Federation (WSFED) / WS-Trust
  • 8. Identity Synchronisation and Federation WS-Federation WS-Trust SAML 2.0 Metadata Shibboleth Graph API
  • 9. Microsoft Identity Services User Microsoft Account Ex: alice@outlook.com User Organizational Account Ex: alice@contoso.com Microsoft Account Azure Active Directory
  • 10. Azure Active Directory What is AAD? “Azure Active Directory is a comprehensive identity and access management cloud solution that provides a robust set of capabilities to manage users and groups and help secure access to applications including Microsoft online services like Office 365 and a world of non-Microsoft SaaS applications.”
  • 14. Choosing a Model Cloud Identity Zero on-premises servers On-premises directory restructuring Pilots and Proof of Concept
  • 15. Choosing a Model Synchronized Identity Federation is not required Simple Sign On is acceptable
  • 16. Choosing a Model Federated Identity Already have ADFS or a 3rd party IDP Require immediate disable or Sign-in Audit SSO is required Multiple Forests CAC or on-premises MFA Business requires it
  • 17. Choosing a Model On your terms
  • 18. 18 Synchronisation Landscape Feature Azure Active Directory Synchronization Tool (DirSync) Azure Active Directory Synchronization Services (AAD Sync) Azure Active Directory Connect Forefront Identity Manager 2010 R2 (FIM) Connect to single on- premises AD forest X X PP X Connect to multiple on- premises AD forests X PP X Connect to single on- premises LDAP directory CS X Connect to multiple on- premises LDAP directories CS X Connect to on-premises AD and on-premises LDAP directories CS X Connect to custom systems (i.e. SQL, Oracle, MySQL, etc.) X Synchronize customer defined attributes (directory extensions) CS
  • 20. The Setup What are we going to do? • Office 365 E3 Tenant • Configure Sync ‐ Users in targeted OU ‐ One way password sync ‐ Alternate Login ID
  • 21. Prepare and Download DirSync • Logon to the Portal • Select Users and groups and then activate DirSync ‐ Select Users and Groups and click Set up Active Directory synchronization ‐ Activate Directory Synchronization • Wait for Sync to enable • Review all documentation, follow the implementation steps, and download Sync appliance Form DirSync server Download DirSync
  • 41. Alternate Login ID When your on-premises UPN is non-routable on the public internet and you can’t easily update UPN suffixes Requires Windows Server 2012 R2 for AD FS* Requires comfort with FIM and editing Management Agents
  • 42. Office Client Passive Authentication • SSO with passive authentication ‐ Works with WSFED and SAML 2.0 • Went Tech Preview in Nov 2014 • Requires Office Client updates ‐ Move to Active Directory Authentication Library (ADAL) ‐ OAUTH for passive authentication ‐ Support for MFA with AAD ‐ CAC/PIV support SAML 2.0
  • 43. Works with Office 365 – Identity program • What is it? ‐ Qualification of third party identity providers for federation with Office 365. Microsoft supports Office 365 only when qualified third party identity providers are used. • Program Requirements ‐ Published Qualification Requirements ‐ Published Technical Integration Docs ‐ Automated Testing Tool ‐ Self Testing work by Partner ‐ Predictable and Shorter Qualification ‐ http://aka.ms/ssoproviders *For representative purposes only. WS-Trust & WS- Federation SAML (passive auth) • Flexibility to reuse existing identity provider investments • Confidence that the solution is qualified by Microsoft • Coordinated support between the partner and Microsoft Customer Benefits
  • 44. Office 365 Federation Options Suitable for medium, large enterprises including educational organizations Suitable for medium, large enterprises including educational organizations Suitable for educational organizations For organizations that need to use SAML 2.0
  • 46. The end to end Microsoft Stack WS-Federation WS-Trust
  • 47. Agenda Identity Management in Office 365 Identity Scenarios Synchronisation Demo Add-ons and More to Think About    
  • 48. Resources • Use third-party identity providers to implement single sign-on • Deployment scenarios for Office 365 with single sign-on and Azure • Choosing a sign-in model for Office 365 • Password hash sync simplifies user management for Office 365 • Directory Integration Tools • Using Alternate Login IDs with Azure Active Directory • Office 365 SAML 2.0 Federation Implementer’s Guide • Simplified login to Yammer from Office 365 • Multi-Factor Authentication for Office 365 • Office 365 User Account Management