Agenda Office 365 Identity overview 1 Federation and Synchronization Federation using ADFS and Extensibility options 2 3 What s New in Azure AD? Cloud Business App - Overview 4
Identity Management is about identifying individuals for a system and controlling access to resources in that system. Identity and access management system key components are: Authentication Verifying that a user, device, or service such as an application is the entity that it claims to be. Determining which actions an authenticated entity is authorized to perform
Microsoft Azure Active Directory identity common deployment options: Office 365 identity deployment options Identities are managed entirely in cloud. Office 365 Office 365 Office 365 Identities and passwords are synchronized from on-premises user store. Microsoft Azure AD Microsoft Azure AD Microsoft Azure AD Identities synchronized from on-premises user store but the user identities are federated. Single Identity, all user information, including passwords are stored in MAAD Directory & Password Sync On-Premises Identity Single Identity. Users are synchronized from on-premises Federation DirSync On-Premises Identity Single federated Identity. Users are synchronized from onpremises Cloud Cloud + On-Premises Federated
Pros Simple to deploy and manage. High availability and reliability as identities are managed in cloud. Lower cost as there is no server deployment necessary. Office 365 Microsoft Azure AD Cons Separate identity for O365 if on-premises credential exists. Separate passwords and policy management. No single sign on between on-premises application and O365. Cloud Identity Ex: senthil@lighthousecs.com User Cloud
Pros User accounts are synchronized between onpremises and online. Identities are created in a single place (onpremises). Directory and password sync tool for AD. Non AD account synchronization through custom PowerShell, Graph API. Cons Additional server for directory and password synchronization. Although single identity, single sign on. between on-premises application and O365 is not possible. Office 365 Microsoft Azure AD User Cloud Identity Ex: senthil@lighthousecs.com On-Premise (Non- AD & AD) Lighthousecs\senthil Cloud + On-Premises
Pros Single identity and sign on for on-premises and O365 services. Directory and password sync tool for AD. Non AD account synchronization through custom PowerShell, Graph API. Forefront Identity Manager (FIM) Synchronization for Non-AD and Multiforest scenarios. Secure Token based authentication 2 Factor Authentication Client access control based on IP address with ADFS Office 365 Windows Azure AD Federation On-Premises Identity DirSync Single federated Identity. Users are synchronized from on-premises Cons Additional servers for directory and password synchronization, Federation server(s) and Proxies Federated
Office 365 Identity overview 1 Federation and Synchronization Federation using ADFS and Extensibility options 2 3 What s New in Azure AD? Cloud Business App - Overview 4
Works with AD Works with AD & Non-AD Shibboleth (SAML-P) Works with AD & Non-AD
Works ONLY with AD Works with AD & Non-AD FIM Forefront Identity Manager Works with AD & Non-AD
Microsoft Azure AD stores a partial view of the user information during synchronization for it to protect resources. The key fields that you need to be aware of during the planning process: Immutable ID By default this is the object ID if you are synchronizing from AD. Think of this as the internal id of the user object in Azure AD. UPN User Principal Name is used for the SSO redirection to direct the browser to the Security Token Services. Default is the domain name. If you have a non-routable UPN, you can add it in AD Domains and Trust MMC. Right click on the top node and enter a routable UPN and run a full synchronization. Display Name Account Status
Office 365 Identity overview 1 Federation and Synchronization Federation using ADFS and Extensibility options 2 3 What s New in Azure AD? Cloud Business App - Overview 4
Limit access to O365 services based on Location of the client http://technet.microsoft.com/en-us/library/hh526961%28v=ws.10%29.aspx#cptrust2
Office 365 Identity overview 1 Federation and Synchronization Federation using ADFS and Extensibility options 2 3 What s New in Azure AD? Cloud Business App - Overview 4
From here to.
https://login.microsoftonline.com
spanchatcharam@lighthousecs.com