1 / 22

Understanding Active Directory

Understanding Active Directory. Christopher Chapman | MCT Content PM, Microsoft Learning, PDG Planning , Microsoft. Active Directory Federation Services (AD FS). Module Overview . AD FS Overview AD FS Deployment Scenarios Configuring AD FS Components . Lesson 1: AD FS Overview.

alaqua
Download Presentation

Understanding Active Directory

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Understanding Active Directory Christopher Chapman | MCT Content PM, Microsoft Learning, PDG Planning , Microsoft

  2. Active Directory Federation Services (AD FS)

  3. Module Overview • AD FS Overview • AD FS Deployment Scenarios • Configuring AD FS Components

  4. Lesson 1: AD FS Overview • What Is Identity Federation? • What Are the Identity Federation Scenarios? • Benefits of Deploying AD FS

  5. An identity federation: What is Identity Federation? Identity federation is a process that enables distributed identification, authentication, and authorization across organizational and platform boundaries Requires a trust relationship between two organizations or entities • Allows organizations to retain control of: • Resource access • Their own user and group accounts

  6. What Are the Identity Federation Scenarios? Federation for business-to-business (B2B) Federation within an organization across multiple Web applications Federation for business-to-consumer or business-to-employee in a Web single sign-on scenario

  7. AD FS provides the following benefits: Benefits of Deploying AD FS • Enables improved: • Security and control over authentication • Regulatory compliance • Interoperability with heterogeneous systems Works with Active Directory Domain Services (AD DS) or Active Directory Lightweight Directory Services (AD LDS) Extends AD DS to the Internet

  8. Demonstration: Installing AD FS • In this demonstration, you will see how to install the Active Directory Federation Services Server Role

  9. Lesson 2: AD FS Deployment Scenarios • What Is a Federation Trust? • What Are the AD FS Components? • How AD FS Provides Identity Federation in a B2B Scenario • How AD FS Traffic Flows in a B2B Federation Scenario • How AD FS Provides Web Single Sign-On • Integrating AD FS and AD RMS

  10. What Is a Federation Trust? Web Server AD DS Federation Trust Account Federation Server Resource Federation Server Account Partner Organization Resource Partner Organization

  11. AD FS Components: What Are the AD FS Components? AD DS domain controllers Account federation server Account Federation Service Proxy Resource Federation Server Resource Federation Server Proxy AD FS Web Agent

  12. How AD FS Provides Identity Federation in a B2B Scenario INTRANET FOREST PERIMETER NETWORK Resource Federation Server Proxy Account Federation Server Proxy AD DS AD FS-enabled Web Server Resource FederationServer Federation Trust Account Federation Server Contoso Online Retailer

  13. How AD FS Traffic Flows in a Business to Business Federation Scenario 5 Web Server 4 1 3 2 AD DS Federation Trust Resource Federation Server Account Federation Server Contoso Online Retailer

  14. Lesson 3: Configuring AD FS Components • Federation Service Configuration Options • What Are AD FS Trust Policies? • Demonstration: Configuring the Federation Services for an Account Partner • AD FS Web Proxy Agent Configuration Options • What Are AD FS Claims?

  15. To implement the federation service: Federation Service Configuration Options Create a trust policy for both the resource and account partners Create organizational claims Create account stores Create and configure applications

  16. Resource partner trust policies include: In addition, the account partner trust policies include: What Are AD FS Trust Policies? Trust policies are the configuration settings that define how to configure a federated trust and how the federated trust works Token Lifetime Federation Service URI Federation Service endpoint URL The option to use a Windows trust relationship for this partner Location for a certificate to verify the resource partner Options for configuring how resource accounts are created

  17. Demonstration: AD FS Initial Configuration • In this demonstration, you will see how run the AD FS Management Snap-In and run through the initial configuration steps.

  18. AD FS Web Proxy Agent Configuration Options AD FS Web Proxy Agent Configuration Options: • Install the AD FS Web Agent on the IIS server • Windows Token-based authentication requires ISAPI extensions • Claims-aware authorization can authenticate natively with ASP.NET 1 Determine how to collect user credential information from browser clients and Web applications 2

  19. What Are AD FS Claims?

  20. Module Review and Takeaways • Review Questions • Summary of AD FS

  21. Thanks for Watching!

More Related