Download   Report
  1. No category

Office 365: Identity and Access Solutions Suresh Menon – Office 365

Office 365: Identity and
Access Solutions
Suresh Menon
Technology Specialist – Office 365
Microsoft Corporation India
Session Objectives
•
•
•
•
•
Describe the different Identity Features
Explain the Identity Architecture and Features
Describe how federated authentication works
Describe the various deployment scenarios
Questions
Office 365 Identity features
• Microsoft Online IDs
• Microsoft Online ID + Active Directory Sync
• Federated ID -Single sign-on with corporate
credentials
• Role-based administration: Five
administration roles
•
•
•
•
•
Company Admin
Billing Admin
User Account Admin
HelpDesk Admin
Service Support Admin
Identity architecture: Identity
options
1. Microsoft Online IDs
Microsoft Online Services
Contoso customer
premises
Trust
Authentication
platform
Active Directory
Federation
Server 2.0
IdP
AD
MS Online
Directory Sync
Office 365
Desktop
Setup
Exchange
Online
IdP
Provisioning
platform
Admin Portal
Directory
Store
SharePoint
Online
Lync
Online
Identity options comparison
1. MS Online IDs
2. MS Online IDs + Dir Sync
3. Federated IDs + Dir Sync
Appropriate for
• Smaller orgs without
AD on-premise
Appropriate for
• Medium/Large orgs with
AD on-premise
Appropriate for
• Larger enterprise orgs
with AD on-premise
Pros
• No servers required onpremise
Pros
• Users and groups
mastered on-premise
• Enables co-existence
scenarios
Pros
• SSO with corporate cred
• IDs mastered onpremise
• Password policy
controlled on-premise
• 2FA solutions possible
• Enables co-existence
scenarios
Cons
• No SSO
• No 2FA
• 2 sets of credentials to
manage with differing
password policies
• IDs mastered in the
cloud
Cons
• No SSO
• No 2FA
• 2 sets of credentials to
manage with differing
password policies
• Single server
deployment
Cons
• High availability server
deployments required
Single Sign on setup
Identity Federation
Authentication flow (Passive/Web profile)
Customer
Microsoft Online Services
Active Directory
User
AD FS 2.0 Source
Server
ID
NET
AuthenticationIDplatform
`
Client
(joined to CorpNet)
Exchange Online or
SharePoint Online
Identity Federation
Authentication flow (Rich Client profile)
Customer
Microsoft Online Services
Active Directory
User
Source
ID
AD FS 2.0 Server
NET
ID
Authentication platform
`
Client
(joined to CorpNet)
Exchange Online
Identity Federation
Authentication flow (EAS Basic Auth/Active profile)
Customer
Microsoft Online Services
Active Directory
User
Source
ID
AD FS 2.0 Server
NET
ID
Authentication Platform
`
Basic
Creden
tial
Client
(joined to CorpNet)
Exchange Online
AD FS 2.0 deployment options
1.Single server configuration
2.AD FS 2.0 server farm and load-balancer
3.AD FS 2.0 proxy server or UAG/TMG
(External Users, Active Sync, Down-level Clients with Outlook)
Active
Directory
AD FS 2.0
Server
Internal
user
AD FS 2.0
Server
AD FS 2.0
Server
Proxy
AD FS 2.0
Server
Proxy
Enterprise
DMZ
Customer AD Structures
• Matching domains
– Internal Domain and External domain are the
same
• Eg. contoso.com
• Sub Domain
– Internal domains is a sub domain of the external
domain
• Eg. Corp.contoso.com
• Local Domain
– Internal domain is not publicly “registered”
• Eg. Contoso.local
• Multi Forest
– Not Currently supported
General Rules
• Every User must have a UPN
• UPNs must match a validated domain in
MSOL.
• Users need to understand that they must use
UPN to logon to Microsoft Online Services
Active Directory Considerations
• Matching domain
– No special requirements
• Sub Domain
– Requires that Domains be registered in order,
primary then sub domain
• Local Domain
– Domain can not be registered thus cannot be used
for federation
• Requires all users to get new UPN
•
•
•
•
Additional resources link
www.office365.com
Office 365 Beta service Descriptions
Setting up a Federation Service
Resources
Software Application Developers
Infrastructure Professionals
http://msdn.microsoft.com/
http://technet.microsoft.com/
msdnindia
@msdnindia
technetindia
@technetindia
© 2011 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in
the U.S. and/or other countries.
The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft
must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any
information provided after the date of this presentation.
MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
Tayyib Oladoja PERSONAL STATEMENT

Tayyib Oladoja PERSONAL STATEMENT

Document 388498

Document 388498

pubCenter Instructions: How to Configure a New Account May, 2012

pubCenter Instructions: How to Configure a New Account May, 2012

Document 231162

Document 231162

Document 390300

Document 390300

How to Make Money Around Microsoft Office 365

How to Make Money Around Microsoft Office 365

Document 390331

Document 390331

Software Engineer

Software Engineer

What is the Microsoft Software & Systems Academy (MSSA)?

What is the Microsoft Software & Systems Academy (MSSA)?

This article shows you the way to make Microsoft Access... which equivalent to the MDE file in Microsoft Access 2003.

This article shows you the way to make Microsoft Access... which equivalent to the MDE file in Microsoft Access 2003.

Computing With Numbers Objects and Graphics

Computing With Numbers Objects and Graphics

70-413 Microsoft Certification Training

70-413 Microsoft Certification Training

YELLOW MONDAY - Institute of Development Studies

YELLOW MONDAY - Institute of Development Studies

Troubleshooting AD Replication Errors

Troubleshooting AD Replication Errors

abcdocz.com

© Copyright 2024