1 / 21

Agenda

Agenda. Microsoft Directory Synchronization Tool Active Directory Federation Server ADFS Proxy Hybrid Features – LAB. Microsoft Directory Synchronization. Directory Synchronization – Why to use. Easy to onboard large number of users – small to medium size companies

danil
Download Presentation

Agenda

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Agenda • Microsoft Directory Synchronization Tool • Active Directory Federation Server • ADFS Proxy • Hybrid Features – LAB

  2. Microsoft Directory Synchronization

  3. Directory Synchronization – Why to use • Easy to onboard large number of users – small to medium size companies • Identities to be mastered/manage on premises • Free / busy coexistence • Support for identity federation • Synchronization of photos, thumbnails, conference rooms, and security groups • Filtering coexistence

  4. Directory Synchronization – How it works

  5. Deploying steps for Directory Synchronization tool Step 1 –> system requirement / permission / performance consideration Step 2 –> Activate Directory synchronization via MS online portal Step 3 –> Install and configure DS tool – config wizard Step 4 –> Synchronize your directory – write objects on Azure AD from on premises Step 5 – > Activate synced users – individual / bulk Step 6 –> Verify / Upgrade / Reinstall

  6. What will it synchronizes & what not Will  • All users, Mail-Enabled Contacts, Mail-Enabled Groups • Only some attributes • Will not  • Built-in administrative user accounts • Passwords • Built-in administrative groups • Default Exchange Administrative groups • Exchange System Mailbox Accounts

  7. Windows Azure Active Directory Sync Tool - Update The tool is downloaded from the Office 365 admin portal. Only a one way hash of the password will be synchronized to WAAD such that the original password cannot be reconstructed from it. Synchronizes user passwords from on-premises AD to Azure AD (Office 365). Respects on-premises password policies. Can’t sync passwords for Federated Users, but can co-exist. SAML2 Identity Provider

  8. Directory Sync Tool or Active Directory Federation Services

  9. Active Authentication: Why Multi-Factor Your data and applications are under attack Passwords are easily compromised Consumerization of IT has only increased the scope of vulnerability Strengthening regulatory requirements call for strongly authenticating access

  10. Active Directory Federation Services

  11. Active Directory Federation Services • Extremely important feature for many customers is Identity Federation • AD FS 2.0 to provide users with a single sign-on experience • Use corporate credentials to access their Office 365 services

  12. Non federated users – Mailbox • User Experiences: • Logs in with cloud identity • User authentication takes place on cloud AD • Users have two IDs – one to access on-premise services & one for Online services • Users prompted for credentials even when logged into the domain when accessing Online Services • Administrator Experience: • Manages password policy in cloud & on premises • Password reset for on premises & MS Online IDs • No 2 Factor Authentication integration

  13. Federated Users – Mailbox • User Experiences: • Users Sign in with corporate ID • Authentication happens on premises • Users have a single credential to provide SSO to on premises and Online services • Users get true SSO experience • 2 factor Authentication can be utilized if it is deployed on-premise • Administrator Experience: • Manages password policy on premise only • Password reset for on premise IDs only • 2 Factor Authentication integration options • Requires additional servers to enable identity federation so there will be an additional up front cost

  14. ADFS Authentication Flow • Authentication for passive / web profile • Authentication for rich client profile • Authentication Exchange Active Sync / MS Outlook

  15. ADFS 2.0 – Deployment Options • Single server configuration • AD FS 2.0 server farm and load-balancer • AD FS 2.0 proxy server or UAG/TMG • (External Users, Active Sync, Down-level Clients with Outlook)

  16. ADFS Certificates / Policy Store • Certificates • Token signing • Token decryption • Secure Communication Certificate • Policy Store • In AD FS 2.0 the policy is stored in a database that uses either Windows Internal Database or Microsoft SQL Server as the dedicated store • AD FS 2.0 makes policy decisions based on identity information that is provided to it in the form of claims and other contextual information

  17. What is ADFS proxy ? • A service that brokers a connection between external users and your internal AD FS 2.0 server • Three primary functions • Assertion provider: The proxy accepts token requests from users and passes the information over SSL (default port 443) to the internal AD FS server. It receives the token from the internal AD FS server and passes it back to the user. • Assertion consumer: The proxy accepts tokens from users and passes them over SSL (default port 443) to the internal AD FS server for processing. • Metadata provider: The proxy will also respond to requests for Federation Metadata.

  18. How does the AD FS 2.0 Proxy work

  19. Troubleshooting O365 Issues • Certificates – on all ADFS servers / client browsers(default trusted certs.) • ISA/TMG O365 Rules – Domains • Network Firewall – IP white lists • Internet – Backup • ADFS / Proxy server event viewer – correlation ID • DIR Sync server event viewer • https://www.testexchangeconnectivity.com/

  20. Additional reading… Select an Office 365 plan for business (Trial) – http://office.microsoft.com/en-in/business/compare-office-365-for-business-plans-FX102918419.aspx Explore the Community & Blogs • http://community.office365.com/en-us/default.aspx • Office 365 for IT pros – Learn / Training / Try / Deploy • http://technet.microsoft.com/en-us/office365/hh528489.aspx

  21. Questions?

More Related