Shibboleth 2.x with Office 365 David Fisher (dfisher) – 1/24/2013
Shibboleth 2.x with Office 365 David Fisher (dfisher) – 1/24/2013 Federation options Works with AD Works with AD & Non-AD Shibboleth (SAML*) Works with AD & Non-AD Suitable for medium, large enterprises including educational organizations Suitable for medium, large enterprises including educational organizations Suitable for educational organizations j Recommended option for Active Directory (AD) based customers Recommended where customers may use existing non-ADFS Identity systems with AD or Non-AD Recommended where customers may use existing non-ADFS Identity systems Single sign-on Single sign-on Single sign-on Secure token based authentication Secure token based authentication Secure token based authentication Support for web and rich clients Support for web and rich clients Support for web clients and outlook only Microsoft supported Third-party supported Phonefactor can be used for two factor auth Microsoft supported for integration only, no shibboleth deployment support Phonefactor can be used for two factor auth Works for Office 365 Hybrid Scenarios Works for Office 365 Hybrid Scenarios Requires on-premises servers, licenses & support Requires on-premises servers, licenses & support Requires on-premises servers & support Works with AD and other directories on-premises Verified through ‘works with Office 365’ program Works for Office 365 Hybrid Scenarios 2 Shibboleth 2.X with Office 365 • Open source software package providing similar functionality as ADFS (e.g. SSO, Authentication, SAML 2.0) Web Client Email Rich Clients • Popular implementation of SAML 2.x with Higher Education institutions world-wide • Shibboleth is managed by the Shibboleth Consortium (http://www.shibboleth.net/index.html) • Latest version is 2.3.6 • Setup a SAML 2.0 federation between Office 365 and their Shibboleth IdP • Deploy DirSync for user provisioning with AD and deploy MSOMA+FIM for user provisioning from non-AD Shibboleth 2.x IdP Non-AD MSOMA + FIM Contoso.edu Shibboleth 2.x IdP AD MSOMA + FIM Fabrikam.edu Windows Azure Active Directory Preferred option for Directory Synchronization with Non-AD Sources Non-AD support with FIM is available through Microsoft-led deployments FIM 2010 Office 365 connector supports complex multi-forest topologies Federation using NonADFS STS Office 365 Connector on FIM Non-AD (LDAP) On-Premises Identity Ex: Domain\Alice User Rich Applications (SIA) • • • Cloud Identity Lync Office Subscriptions CRM Rich Client Web Clients Exchange Clients • • • • • Office with SharePoint Online Outlook Web Application Username and Password Username and Password Username and Password Online ID Online ID Online ID Username and Password Username and Password* Federation w/ Shibboleth Not currently supported Federation w/ ADFS/3rd party Username and Password Username and Password AD credentials AD credentials (non-domain joined) Outlook Active Sync/POP/IMAP Entourage On-premises credentials On-premises credentials Username and Password AD credentials * Exchange clients support w/ Shibboleth requires Enhanced Client/Proxy (ECP) extension to be enabled/configured
© Copyright 2024