Document 388917
Overview of Azure Active Directory for app access Integration with third party SaaS apps User provisioning and federation A comprehensive identity and access management cloud solution. It combines directory services, advanced identity governance, application access management and a rich standards-based platform for developers. Azure Active Directory Premium is an advanced offering that includes IAM capabilities for on-premises, hybrid and cloud environments. Active Directory Microsoft apps Other Directories Non-MS cloud-based apps PCs and devices DirSync AAD Sync ADFS Other IdP Azure PowerShell Third party APIs Azure AD SAML OpenID Connect SDKs Preintegrated SaaS application User provisioning and de-provisioning Federated SSO from Access Panel Password SSO from Access Panel Box Available Available Available Citrix GoToMeeting Available Available Available Concur Available Not available Available DocuSign Available Not available Available Dropbox for Business Available Available Available Google Apps Available Available Available Jive Software Available Not available Available Salesforce.com Available Available Available ServiceNow Available Available Not available Not available Available Not available Workday Domain\AccountName (AD DS, AD FS) User Principal Name (AccountName@local or AccountName@domain ) Pairwise Identifiers Other attributes Names must be globally unique in some apps, e.g., Salesforce Some SaaS apps will assume names are routable email addresses, and email the user (e.g., Box, DropBox for Business, Citrix GoToMeeting) SaaS apps generally require valid domains AAD sends attributes if available – if too many errors, tenant sync to that app is quarantined Attributes required by a SaaS but not part of the Azure AD schema have predetermined values UPNs must match naming attribute in SaaS, otherwise user won’t be able to achieve federated SSO Azure AD issues SAML tokens for any users of consented or integrated applications Microsoft Accounts belonging to a single directory can use the access panel, however Microsoft Accounts and guests from other directories can’t be provisioned into third party SaaS. Requires Enterprise, Unlimited or Developer edition Salesforce This quota might be need to be increased for your tenant with a call to Salesforce support Azure AD will change the UPN upon deletion of the user is Azure AD, to avoid UPN conflicts Salesforce Attribute Name Azure AD Default Value UserName (joining property) lastName Mapped Attribute UserPrincipalName . Surname firstName GivenName Alias First 8 characters of field “UserPrincipalName” IsActive True If user is Soft Deleted “Mail”, otherwise “UserPrincipalName” Email EmailEncodingKey ISO-8859-1 LanguageLocaleKey en_US LocaleSidKey en_US preferredLanguage ProfileName Chatter Free User Based on user’s assignment to Salesforce in Azure AD TimeZoneSidKey America/Los_Angeles UserPermissionsCallCenterAutoLogOn false UserPermissionsMarketingUser False UserPermissionsOfflineUser False ProfileId Box requires a confirming email for new users Users can exist in only one tenant Users’ addresses are validated by Box on rename May need to contact ServiceNow support to enable API access for user management and SAML SSO Identify account for Azure AD that can read user, department and location attributes, and write users Upgrade to SAML 2.0 Update 1 Review http://wiki.servicenow.com/index.php?title=SAML_2.0_Troubleshooting Tutorials http://msdn.microsoft.com/en-us/library/azure/dn308590.aspx (Covers integrations with Box, Citrix GoToMeeting, Concur, DocuSign, DropBox for Business, Google Apps, Jive, Salesforce, ServiceNow, Workday) API docs http://msdn.microsoft.com/library/azure/jj673460.aspx Wiki IT Pro forum http://aka.ms/aadsaas http://aka.ms/aadforum Session Title Timeslot DCIM-B382 Cloud Identity and Access Management: Microsoft Azure Active Directory Premium Tuesday, May 13 10:15 AM- 11:30 AM FDN02 Enabling Enterprise Mobility with Windows Intune, Microsoft Azure, and Windows Server Monday, May 12 11:00 AM - 12:00 PM PCIT-B212 Design Considerations for BYOD Tuesday, May 13 10:15 AM - 11:30 AM PCIT-B213 Access Control in BYOD and Directory Integration in a Hybrid Identity Infrastructure Wednesday, May 14 3:15 PM - 4:30 PM PCIT-B310 Empowering Your Users and Protecting Your Corporate Data Monday, May 12 1:15 PM - 2:30 PM PCIT-B313 Hybrid Identity: Extending Active Directory to the Cloud Monday, May 12 4:45 PM - 6:00 PM PCIT-B314 Understanding Microsoft’s BYOD Strategy and an Introduction to New Capabilities in Windows Server 2012 R2 Tuesday, May 13 8:30 AM - 9:45 AM PCIT-B321 Deploying the New RMS for Cloud-Friendly and Cloud-Reluctant Customers Tuesday, May 13 5:00 PM - 6:15 PM PCIT-B322 Deploying and Managing Work Folders Wednesday, May 14 10:15 AM - 11:30 AM PCIT-B324 How to Rapidly Design and Deploy an Active Directory Federation Services Farm: The Do's and the Don'ts Wednesday, May 14 8:30 AM - 9:45 AM PCIT-B327 Introducing Web Application Proxy in Windows Server 2012 R2: Enable Work from Anywhere Wednesday, May 14 3:15 PM - 4:30 PM PCIT-B328 Microsoft Identity Manager vNext Overview Wednesday, May 14 5:00 PM - 6:15 PM PCIT-B330 Active Directory + BYOD = Peace of Mind Thursday, May 15 8:30 AM - 9:45 AM http://channel9.msdn.com/Events/TechEd www.microsoft.com/learning http://microsoft.com/technet http://microsoft.com/msdn
© Copyright 2024