WHITEPAPER. 13 Questions You Must Ask When Integrating Office 365 With Active Directory



Similar documents
INTRODUCTION IDENTITY MANAGEMENT AND THE CLOUD

Total Cost of Ownership Overview ADFS vs OneLogin WHITEPAPER

Choosing the Right Active Directory Framework

The Top 3 Identity Management Considerations When Implementing Google Apps for the Enterprise

Bill Fiddes Learning and Development Specialist Rob Latino Program Manager in Office 365 Support

Office 365 deployment checklists

Office 365 deploym. ployment checklists. Chapter 27

Active Directory Integration WHITEPAPER

Hybrid Cloud Identity and Access Management Challenges

Azure Active Directory

Agenda. Federation using ADFS and Extensibility options. Office 365 Identity overview. Federation and Synchronization

Active Directory Integration twitter.com/onelogin ONELOGIN WHITEPAPER

Identity. Provide. ...to Office 365 & Beyond

Speeding Office 365 Implementation Using Identity-as-a-Service

Get started with cloud hybrid search for SharePoint

SINGLE & SAME SIGN-ON ASPECTS

WHITEPAPER. Modern Identity. Addressing Risk, Complexity & User Experience

WHITEPAPER. NAPPS: A Game-Changer for Mobile Single Sign-On (SSO)

The PortalGuard All-In-One Authentication Solution-set: A Comparison Guide of Two-Factor Capabilities vs. the Competition

User identity, Account Provisioning, Directory Synchronization, Federation

Creating a Single Sign on Web Portal using Azure. Robert Crane Office 365

Implementing Microsoft Azure Infrastructure Solutions

Fast & Secure On-Boarding to Student Devices

Course 20533: Implementing Microsoft Azure Infrastructure Solutions

Centrify Cloud Connector Deployment Guide

Integrating Active Directory Federation Services (ADFS) with Office 365 through IaaS

Microsoft SharePoint Architectural Models

Ondřej Výšek Sales Lead, Microsoft MVP.

Extend and Enhance AD FS

Implementing Microsoft Azure Infrastructure Solutions 20533B; 5 Days, Instructor-led

Course 20533B: Implementing Microsoft Azure Infrastructure Solutions

WHITEPAPER. SECUREAUTH 2-FACTOR AS A SERVICE 2FaaS

How to Overcome Challenges in Deploying Cloud Apps to Get the Most from your IAM Investment

Implementing Microsoft Azure Infrastructure Solutions

OVERVIEW. DIGIPASS Authentication for Office 365

The Top 5 Federated Single Sign-On Scenarios

Banking Corporation Provides Unified Communications with Cloud-Based Services

Implementing Microsoft Azure Infrastructure Solutions

Microsoft Enterprise Mobility Suite

Federated single sign-on (SSO) and identity management. Secure mobile access. Social identity integration. Automated user provisioning.

Documentation. CloudAnywhere. Page 1

Collaborating with External Users

Easy as 1-2-3: The Steps to XE. Mark Hoye Services Portfolio Consultant

Integrating Single Sign-on Across the Cloud By David Strom

Mod 3: Office 365 DirSync, Single Sign-On & ADFS

Aurora Hosted Services Hosted AD, Identity Management & ADFS

Managing Office 365 Identities and Services 20346C; 5 Days, Instructor-led

Course 20346: Managing Office 365 Identities and Services

MICROSOFT EXAM QUESTIONS & ANSWERS

The Challenges of Managing Multiple Cloud Identities and Enterprise Identity by BlackBerry

EXECUTIVE VIEW. EmpowerID KuppingerCole Report. By Peter Cummings October By Peter Cummings

PROVIDING SINGLE SIGN-ON TO AMAZON EC2 APPLICATIONS FROM AN ON-PREMISES WINDOWS DOMAIN

Managing Office 365 Identities and Services

Office365 Adoption eguide. Identity and Mobility Challenges. Okta Inc. 301 Brannan Street San Francisco, CA

Client Operating System and Applications Scope

Microsoft Implementing Microsoft Azure Infrastructure Solutions

Identity and Access Management for the Hybrid Enterprise

Please contact Cyber and Technology Training at for registration and pricing information.

Mod 2: User Management

Three Ways to Integrate Active Directory with Your SaaS Applications OKTA WHITE PAPER. Okta Inc. 301 Brannan Street, Suite 300 San Francisco CA, 94107

EXTENDING SINGLE SIGN-ON TO AMAZON WEB SERVICES

2015 USER GROUP CONFERENCE

Where are Organizations Today? The Cloud. The Current and Future State of IT When, Where, and How To Leverage the Cloud. The Cloud and the Players

White Paper. What is an Identity Provider, and Why Should My Organization Become One?

Agenda. Enterprise challenges. Hybrid identity. Mobile device management. Data protection. Offering details

System Requirements for Microsoft Dynamics NAV 2016

Cloud-Accelerated Hybrid Scenarios with SharePoint and Office 365

Overview of products, services and capabilities

Exchange Server Hybrid Deployment for Exchange Online Dedicated

Managing Office 365 Identities and Services

Cisco ASA Adaptive Security Appliance Single Sign-On: Solution Brief

White Paper: Cloud Identity is Different. World Leading Directory Technology. Three approaches to identity management for cloud services

This document is provided to you by ABC E BUSINESS, Microsoft Dynamics Preferred partner. System Requirements NAV 2016

Now that you have a Microsoft private cloud, what the heck are you going to do with it?

System Requirements for Microsoft Dynamics NAV 2016

Planning your Microsoft Application Strategy in a Cloud Crazy World. Steve Soper Senior Managing Partner

AZP: Microsoft Azure Infrastructure for IT Professional

Implementing Microsoft Azure Infrastructure Solutions

A viable alternative to TMG / UAG Web Application security, acceleration and authentication with DenyAll s DA-WAF

Office 365 Single Sign-On: High Availability Without High Complexity

Identity for Enterprises. Service Description

How Microsoft IT manages mobile device management

System Requirements for Microsoft Dynamics NAV 2016

Avoid the Hidden Costs of AD FS with Okta

Retailer protects omnichannel

IT Exam Training online / Bootcamp

Encore Software Solutions (V3) Identity Lifecycle Management and Federated Security Suite (ILM/FSS) Overview and Technical Requirements

KEMP LoadMaster. Enabling Hybrid Cloud Solutions in Microsoft Azure

Implementing Microsoft Azure Infrastructure Solutions

Increase the Security of Your Box Account With Single Sign-On

Directory Integration with Okta. An Architectural Overview. Okta Inc. 301 Brannan Street San Francisco, CA

System Requirements for Microsoft Dynamics NAV 2016

BES10 Cloud architecture and data flows

MICROSOFT OFFICE 365 HIGH AVAILABILITY SSO (SINGLE SIGN-ON) SOLUTION IN AZURE

Microsoft Azure for IT Professionals 55065A; 3 days

WHITEPAPER. Identity Access Management: Beyond Convenience

Webinar Self-service in Microsoft Azure AD Premium

Office365 Packaged Consultancy

IT is complicated. There are so many moving pieces and parts, and your business is dependent on all

Single Sign-on for Office 365, Microsoft Azure and On-Premises Environments:

Transcription:

WHITEPAPER 13 Questions You Must Ask When Integrating Office 365 With Active Directory

Many organizations have begun their push to the cloud with a handful of applications. Microsoft s Office 365 offering is the driving force for many, but getting to the point where Office 365 is seamlessly integrated and ready for use is not a small project. Ask yourself and/or your vendors the questions below, and understand the impact on your organization. By doing so, you ll be in a good position to choose the best way for your organization to integrate Office 365 with Active Directory and enable secure single sign-on across web, Outlook and mobile mail clients. PART 1 WHEN CONSIDERING THE MICROSOFT SOLUTION SET Microsoft has a rapidly evolving platform for cloud identity management that centers on their Active Directory brand. Below are a few questions to ponder as well as some FAQs that pertain to implementing a 100% Microsoft-based solution. 1. WHICH COMPONENTS OF MICROSOFT S CLOUD IDENTITY ARCHITECTURE WILL I NEED FOR MY ORGANIZATION? At a minimum, Office 365 will require the deployment of Azure Active Directory, Azure AD Directory Synchronization appliance (aka DirSync) and Active Directory Federation Services (AD FS). Azure AD Premium Edition includes a license to Microsoft s MFA Server (for multi-factor authentication). The MFA Server can also enable VPN integration and RADIUS support. Organizations with larger directories will need a full version of Microsoft SQL Server to handle the Azure AD Directory Synchronization database. Do you have more than one Active Directory forest? If so, then synchronizing multiple forests with Microsoft s native solution set requires a custom deployment of Forefront Identity Manager 2010 R2 (FIM). Designing and deploying FIM for this purpose generally requires the use of specialized consultants plus the added burden of ongoing maintenance. If you only have one AD forest but want to sync with an additional LDAP directory then you ll also need FIM. 2. WHAT S INVOLVED IN DEPLOYING AD FS AS A HIGH AVAILABILITY SERVICE? As you may know, the service level agreements (SLAs) that cloud hosted services like Office 365 offer are a moot point if the AD FS infrastructure that brokers logins to these applications and services isn t running at the same service level (or higher). WHITEPAPER /// 13 QUESTIONS

Highly available AD FS is primarily predicated on load balancing multiple sets of servers. For organizations with advanced requirements, SQL Server or a SQL Server cluster may be required to take advantage of advanced AD FS features like token replay detection and SAML artifact resolution. When AD FS is deployed in geographically dispersed data centers, then a global traffic management solution will be needed to manage requests across data centers. 3. WHAT TYPE OF EXPERTISE WILL I NEED TO DEPLOY AD FS AS A HIGH AVAILABILITY SERVICE? The dependencies above add several layers of complexity to AD FS, and require collaboration across multiple teams. For example, in many enterprises, load balancers and global traffic management solutions (e.g. F5 Global Traffic Managers or Cisco Global Site Selectors) are generally managed by dedicated networking teams. SQL Server may require support from a database administration team, and the addition of SQL Server clustering will add a dependency on a storage management team as well. 4. WHAT S THE DIFFERENCE BETWEEN AZURE AD AND AZURE AD PREMIUM? While many of the basic directory and federation features are available for free in the basic edition, the features that make Azure AD a competitive cloud identity management solution are licensed via the premium edition. The Azure AD premium edition is licensed on a per user basis (as of the time of this writing $6 per user per month) and includes all of the premium features for each user. The premium feature set of Azure Active Directory is focused around branding and customization, group-based access control, self-service password management, multi-factor authentication, and advanced reporting. For a more detailed explanation of the Microsoft solution set, please refer to Choosing the Right Directory Integration Framework for Your Cloud Application Portfolio, written by Brian Desmond (a Microsoft MVP for Directory Services ten times over, author of Active Directory 5th edition, published by O Reilly Media, and a world-renowned expert in Microsoft s SSO solutions). /// ONELOGIN.COM

PART 2 WHEN CONSIDERING INDEPENDENT IDENTITY MANAGEMENT VENDORS Independent identity solution providers (what Microsoft calls third-party vendors ) have recognized the challenges of Microsoft s native solution set. Some of these vendors have developed turnkey solutions that deliver rapid cloud identity management and SSO to Office 365 without the overhead and setup complexity of maintaining an AD FS infrastructure and related components. Below are some questions you should consider or directly ask any third party vendor vying for your business. 5. IS AN ON-PREMISES OR CLOUD-BASED IDENTITY MANAGEMENT SOLUTION THE RIGHT OPTION FOR MY OFFICE 365 IMPLEMENTATION? Independent vendor solutions come in two main deployment models: on-premises and Cloud. The cloud model offers compelling cost and security efficiencies across multiple dimensions, including patterns in infrastructure, greater automation, and discipline in process. Cloud-based identity management solutions take full advantage of these efficiencies, but is that enough for you to go cloud rather than on-premises for your Office 365 deployment? Clearly, the more that s happening beyond your corporate firewall, the more it makes sense to put identity in the cloud as it provides an innately more centralized control point for managing identities across all apps and devices, independent of access location (Office for ipad anyone?). In addition to Office 365, consider your rate of adoption of additional cloud apps, how and where users will be accessing corporate applications and data, and your propensity to develop your own web apps accessible beyond your firewall. 6. WHAT OTHER PIECES OF INFRASTRUCTURE OR TOOLS WILL I NEED TO INSTALL, CONFIGURE OR MAINTAIN OFFICE 365 WITH YOUR SOLUTION? This is especially important to understand with a cloud-based identity management solution. After all, one of the key benefits of going with Cloud IAM is to avoid the complexity of managing disparate pieces of software, hardware and tools. Most Cloud-based solutions will require an agent that sits behind your corporate firewall to securely sync back with the identity provider and out to cloud apps like Office 365. Beyond that, will you need to install a separate tool to enable Desktop SSO WHITEPAPER /// 13 QUESTIONS

(integrated windows authentication)? Will you still need to use additional tools like DirSync to enable synchronization with Active Directory? Will you need to install and run PowerShell? Will you need to setup or configure any other services outside of the vendor s solution to make it work with Office 365? 7. DOES YOUR SOLUTION SUPPORT MULTI-FOREST TOPOLOGIES? Smaller firms with less complicated directory infrastructures may never need to support more than one Active Directory forest with Office 365. However, if you do have multiple ADs and forests then make sure your vendor supports this requirement. If they do support it, be sure to ask if any additional infrastructure is required. 8. DOES YOUR SOLUTION SUPPORT MIXED DIRECTORY TYPES? Many enterprises have LDAP or cloud directories like Workday and Google Apps. Is your vendor s solution capable of creating a meta-directory from mixed directory types and presenting them as one unified cloud directory to Office 365 and other cloud apps? 9. IS YOUR ACTIVE DIRECTORY INTEGRATION WITH OFFICE 365 BATCH OR REAL-TIME? Real-time directory integration means that all directories are updated whenever changes are made in one directory with the changes propagating through to connected services like Office 365 within seconds. This not only saves a tremendous amount of time and effort, but also acts as an effective kill switch for when employees leave the company. This is critical in order to eliminate backdoor access to Office 365 through protocols like IMAP. Unless the user is immediately disabled, unwarranted access can occur. If the vendor s directory synchronization is batch and you are comfortable with that, then what is the default synchronization interval? Can this interval be shortened? If so, what are the implications on your infrastructure? Any scalability issues in synching at shorter intervals? /// ONELOGIN.COM

10. HOW EASY IS IT TO DEFINE A LOGICAL STRUCTURE FOR OFFICE 365 ACCESS THAT DOESN T CORRELATE EXACTLY WITH ACTIVE DIRECTORY GROUPS? Will you ever need to manage Office 365 access outside of your on-premises Active Directory model? Today, many businesses are hiring temporary workers and external consultants. For example, let s say you have an external graphic designer. If he was an internal employee he would belong to the marketing group in Active Directory. However, you only want the contractor to have access to a subset of the internal marketing team s applications, including Office 365. Furthermore, you want to impose stricter security policies for outside consultants then you would for regular employees. Rather than having to modify Active Directory and create a whole new permission structure that supports this requirement, you might find it helpful to be able to do this in the identity management solution outside of AD. 11. HAS YOUR SOLUTION BEEN VALIDATED BY MICROSOFT AS PART OF THEIR WORKS WITH OFFICE 365 PROGRAM? The validation by Microsoft provides the additional assurance that the identity provider has passed a series of interoperability tests with Office 365. In addition, Microsoft support teams will support your integration with the independent vendor. Microsoft maintains a list of qualified vendors on TechNet. 12. WERE THERE ANY EXCEPTIONS WITH REGARD TO YOUR WORKS WITH OFFICE 365 VALIDATION? For each vendor, Microsoft does single sign-on interoperability tests across three sets of clients and then notes any exceptions. The three clients are: Web-based clients such as Exchange Web Access and SharePoint Online Rich client applications such as Lync, Office Subscription, CRM Email-rich clients such as Outlook and ActiveSync If the vender has exceptions to their support for one or more types of clients, then how will these impact your Office 365 deployment? For example, if the vendor doesn t support Desktop SSO (Integrated Windows Authentication) with SharePoint Online and your employees often access SharePoint while on the corporate network then what friction will that cause in the way they work? Does the vendor require the setup of additional on-premises infrastructure that you ll have to maintain? If so, how will that affect the complexity of your network, maintenance overhead, etc.? WHITEPAPER /// 13 QUESTIONS

13. WHAT AUTOMATIC AND MANUAL OPTIONS FOR OFFICE 365 USER PROVISIONING DO YOU OFFER? Automatic user provisioning allows a large user base to be quickly paired up with Office 365 licenses without having to manually update each user individually. Does the vendor s automatic user provisioning capabilities allow you to create custom mappings based on Active Directory Groups as well as define role-based access to Office 365? Can you preview what users will be affected by with your user provisioning mappings? Can you use the user management capabilities within the identity management solution or will you have to disable those capabilities when integrating with Office 365? Will you need to use any additional tools in order to automatically sync users? In terms of manual Office 365 user provisioning, can you do this within the vendor s solution or are you limited to simply importing users from Active Directory? Do you have to sync your identity management solution with Office 365 and then carry out a separate sync with Active Directory? /// ONELOGIN.COM

ABOUT ONELOGIN OneLogin is the innovator in enterprise identity management and provides the industry s fastest, easiest and most secure solution for managing internal and external users across all devices and applications. Considered a Major Player in IAM by IDC, and Ranked #1 in Network World Magazine s review of SSO tools, OneLogin s cloud identity managment platform provides secure single sign on, multi factor authentication, integration with common directory infrastructures such as Active Directory and LDAP, user provisioning and more. OneLogin is SAML enabled and pre integrated with more than 4,000 applications commonly used by today s enterprises.

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information