Microsoft Office 365 with ADFS



Similar documents
DualShield SAML & SSO. Integration Guide. Copyright 2011 Deepnet Security Limited. Copyright 2011, Deepnet Security. All Rights Reserved.

NetMotion Mobility XE

Cisco ASA. Implementation Guide. (Version 5.4) Copyright 2011 Deepnet Security Limited. Copyright 2011, Deepnet Security. All Rights Reserved.

DualShield. for. Microsoft TMG. Implementation Guide. (Version 5.2) Copyright 2011 Deepnet Security Limited

DualShield Authentication Platform

High Availability And Disaster Recovery

Apache HTTP Server. Implementation Guide. (Version 5.7) Copyright 2013 Deepnet Security Limited

DualShield. for PAM RADIUS. Implementation Guide. (Version 5.4) Copyright 2012 Deepnet Security Limited

Network Policy Server (NPS) Remote Routing Access (RRAS)

High Availability And Disaster Recovery

Microsoft Office365 with Active Directory Federated Services (ADFS) Authenticating Users Using SecurAccess Server by SecurEnvoy

2 FACTOR + 2. Authentication WAY

Agenda. Federation using ADFS and Extensibility options. Office 365 Identity overview. Federation and Synchronization

Mod 2: User Management

Dell One Identity Cloud Access Manager How to Configure Microsoft Office 365

Omniquad Exchange Archiving

HOTPin Integration Guide: Microsoft Office 365 with Active Directory Federated Services

2X ApplicationServer & LoadBalancer Manual

Microsoft Dynamics GP SQL Server Reporting Services Guide

SalesForce SSO with Active Directory Federated Services (ADFS) v2.0 Authenticating Users Using SecurAccess Server by SecurEnvoy

2X ApplicationServer & LoadBalancer & VirtualDesktopServer Manual

SafeNet Authentication Service

CA Nimsoft Service Desk

Configuring Single Sign-On from the VMware Identity Manager Service to Office 365

How to Create a Basic VPN Connection in Panda GateDefender eseries

Application Note. Intelligent Application Gateway with SA server using AD password and OTP

Business Portal for Microsoft Dynamics GP Field Service Suite

Cloud Attached Storage

Folder Proxy + OWA + ECP/EAC Guide. Version 2.0 April 2016

Archiving User Guide Outlook Plugin. Manual version 3.1

Implementation Guide for protecting

SafeNet Cisco AnyConnect Client. Configuration Guide

Lab 05: Deploying Microsoft Office Web Apps Server

Strong Authentication for Juniper Networks

The End User Experience. Introduction to Archiving for End Users

Strong Authentication for Microsoft SharePoint

Integration Guide. SafeNet Authentication Service. Using SAS as an Identity Provider for Tableau Server

Agent Configuration Guide

TIBCO Spotfire Web Player 6.0. Installation and Configuration Manual

Integration Guide. SafeNet Authentication Service. Using SAS as an Identity Provider for Salesforce

Installation Guide. SafeNet Authentication Service

Using IIS Application Request Routing to Publish Lync Server 2013 Web Services

2 factor + 2. Authentication. way

Installing the BlackBerry Enterprise Server Management Software on an administrator or remote computer

Integration Guide. SafeNet Authentication Service. SAS Using RADIUS Protocol with Microsoft DirectAccess

Single sign-on for ASP.Net and SharePoint

PaperClip. em4 Cloud Client. Manual Setup Guide

Cloud Attached Storage

Deploying RSA ClearTrust with the FirePass controller

SafeNet Authentication Service

Microsoft Office 365 with MailDefender

SafeNet Authentication Service

DIGIPASS Authentication for Windows Logon Getting Started Guide 1.1

WatchDox SharePoint Beta Guide. Application Version 1.0.0

Configuration Guide. SafeNet Authentication Service. SAS Agent for Microsoft Internet Information Services (IIS)

Secure Web Service - Hybrid. Policy Server Setup. Release Manual Version 1.01

Lab 00: Configuring the Microsoft Lync Ignite Environment Cloud Hosted Version

Sage 200 Web Time & Expenses Guide

PingFederate. Windows Live Cloud Identity Connector. User Guide. Version 1.0

DIGIPASS Authentication for Microsoft ISA 2006 Single Sign-On for Outlook Web Access

CCH Portal. Installation Guide. June 2013

CA Spectrum and CA Embedded Entitlements Manager

Strong Authentication for Microsoft TS Web / RD Web

Polar Help Desk Installation Guide

Digipass Plug-In for IAS. IAS Plug-In IAS. Microsoft's Internet Authentication Service. Installation Guide

2X Cloud Portal v10.5

Configuration Task 3: (Optional) As part of configuration, you can deploy rules. For more information, see "Deploy Inbox Rules" below.

CA Nimsoft Monitor Snap

Step-by-Step guide for SSO from MS Sharepoint 2010 to SAP EP 7.0x

The Project Management Software for Outlook, Web and Smartphone

FortiAuthenticator Agent for Microsoft IIS/OWA. Install Guide

ADFS Integration Guidelines

VERITAS Backup Exec 9.1 for Windows Servers Quick Installation Guide

Microsoft Office 365 from Vodafone. Administrator s Guide for Midsize Businesses and Enterprises

Configuring Microsoft Internet Information Service (IIS6 & IIS7)

HOTPin Integration Guide: Salesforce SSO with Active Directory Federated Services

Azure Multi-Factor Authentication. KEMP LoadMaster and Azure Multi- Factor Authentication. Technical Note

SafeNet Authentication Manager Express. Upgrade Instructions All versions

SOLARWINDS ORION. Patch Manager Evaluation Guide for ConfigMgr 2012

Decommissioning the original Microsoft Exchange

Administering Jive for Outlook

SafeNet Authentication Service

Setup Guide: Server-side synchronization for CRM Online and Exchange Server

SETTING UP ACTIVE DIRECTORY (AD) ON WINDOWS 2008 FOR EROOM

How to Secure a Groove Manager Web Site

Google Drive. Administrator's Guide

Backing Up and Restoring Microsoft Hyper-V Server Virtual Machines. Cloud Attached Storage. February 2014 Version 4.0

Embedded Document Accounting Solution (edas) for Cost Recovery. Administrator's Guide

Secure File Transfer Protocol Updated Procedures. June 20, 2011

Microsoft Dynamics GP. Workflow Installation Guide Release 10.0

Cloud Authentication. Getting Started Guide. Version

HP Software as a Service

Strong Authentication for Juniper Networks SSL VPN

CA VPN Client. User Guide for Windows

Enterprise Self Service Quick start Guide

Reverse Proxy Guide. Version 2.0 April 2016

Apache Server Implementation Guide

Clearview Customer Web Access

Dell Enterprise Reporter 2.5. Configuration Manager User Guide

Deploying Business Objects Crystal Reports Server on IBM InfoSphere Balanced Warehouse C-Class Solution for Windows

Transcription:

Microsoft Office 365 with ADFS Implementation Guide (Version 5.4) Copyright 2012 Deepnet Security Limited Copyright 2012, Deepnet Security. All Rights Reserved. Page 1

Trademarks Deepnet Unified Authentication, MobileID, QuickID, PocketID, SafeID, GridID, FlashID, SmartID, TypeSense, VoiceSense, MobilePass, DevicePass, RemotePass and Site Stamp are trademarks of Deepnet Security Limited. All other brand names and product names are trademarks or registered trademarks of their respective owners. Copyrights Under the international copyright law, neither the Deepnet Security software or documentation may be copied, reproduced, translated or reduced to any electronic medium or machine readable form, in whole or in part, without the prior written consent of Deepnet Security. Licence Conditions Please read your licence agreement with Deepnet carefully and make sure you understand the exact terms of usage. In particular, for which projects, on which platforms and at which sites, you are allowed to use the product. You are not allowed to make any modifications to the product. If you feel the need for any modifications, please contact Deepnet Security. Disclaimer This document is provided as is without warranty of any kind, either expressed or implied, including, but not limited to, the implied warranties of merchantability, fitness for a particular purpose, or non-infringement. This document could include technical inaccuracies or typographical errors. Changes are periodically made to the information herein; these changes will be incorporated in new editions of the document. Deepnet Security may make improvements of and/or changes to the product described in this document at any time. Contact If you wish to obtain further information on this product or any other Deepnet Security products, you are always welcome to contact us. Deepnet Security Limited Northway House 1379 High Road London N20 9LP United Kingdom Tel: +44(0)20 8343 9663 Fax: +44(0)20 8446 3182 Web: www.deepnetsecurity.com Email: support@deepnetsecurity.com Copyright 2012, Deepnet Security. All Rights Reserved. Page 2

Table of Contents Overview... 4 Prerequisites... 4 Installation of DualShield IIS Agent... 6 Configure IIS on ADFS... 7 Enable Form-Based Authentication... 7 Enable DualShield Authentication... 8 Enable Reverse Proxy...10 Test Logon... 11 Copyright 2012, Deepnet Security. All Rights Reserved. Page 3

Overview This document describes how to implement multifactor authentication for Microsoft Office 365 configured for SSO to a local ADFS 2.0 service with the DualShield SSO service provided by the DualShield Unified Authentication Platform. Microsoft Office 365 is a cloud based service that can be configured to use a local Active Directory Federation Service (ADFS) to enable local users to sign on with their existing AD credential to gain access to various Microsoft online services such as Office, Outlook, SharePoint and Lync. Prerequisites It is expected that Office365 has already been setup for SSO to an on-premises ADFS server with working SSO based on users AD passwords. You must have the DualShield Authentication Server and DualShield SSO Server installed and operating (both are installed by default in the installation of the platform). For the installation, configuration and administration of DualShield Authentication and SSO servers please refer to the following documents: DualShield Authentication Platform Installation Guide DualShield Authentication Platform Quick Start Guide DualShield Authentication Platform Administration Guide You should also have created an application in DualShield for your Office 365 service, and published the application on the DualShield SSO server. Copyright 2012, Deepnet Security. All Rights Reserved. Page 4

For Office 36 service, the logon procedure would typically contains 2 steps with the AD Static Password and a second-factor token: Copyright 2012, Deepnet Security. All Rights Reserved. Page 5

Use the Self-Test function to verify that the application is ready: Installation of DualShield IIS Agent To implement two-factor authentication for Office 365, you will need to install the DualShield IIS Agent on the ADFS server. For the general instruction of the installation and configuration of the DualShield IIS Agent, please refer to the following document: IIS 7.0 - Implementation Guide Copyright 2012, Deepnet Security. All Rights Reserved. Page 6

Configure IIS on ADFS The first step is to configure the IIS on ADFS to work on Form Based authentication. Enable Form-Based Authentication 1. Open IIS and Windows Explore under Default Website\adfs\ls 2. Open the web.config file with Notepad, look for the localauthenticationtypes section. 3. Move the line for Forms above the line for Integrated and save the web.config file. This will force the ADFS application to use the Form Based authentication before trying to use Windows Authentication. Copyright 2012, Deepnet Security. All Rights Reserved. Page 7

4. Restart the IIS server and test your Office 365 logon to ensure that Form-based authentication is functional. Below is the screen short of the default logon page when ADFS works in form-based authentication: Enable DualShield Authentication The next step is to enable DualShield two-factor authentication 1. In the IIS Manager, select Default Web Site adfs ls Copyright 2012, Deepnet Security. All Rights Reserved. Page 8

2. Double click the DualShield Authentication icon Enable Enable Two-Factor Authentication on the Current Node Enable Apply Settings to Child Nodes Select Service Type to ADFS 2.0 Click Change in the SSO Server section, enter the connection details of your DualShield SSO server Only to enable the SSL option if your DualShield platform is operating on the SSL mode. Copyright 2012, Deepnet Security. All Rights Reserved. Page 9

Select your DualShield application for the Office 365 service Click Apply to save changes. Enable Reverse Proxy If you chose to enable the proxy feature in the DualShield SSO server settings, you will also need to enable the reverse proxy engine in the IIS server. 1. Select the web server (not a web site or virtual directory) node from the list on the left pane in the IIS manager window 2. In the "features view" window (the window in the middle), find "Application Request Routing" and double click it Copyright 2012, Deepnet Security. All Rights Reserved. Page 10

3. On the right pane, find the "Server Proxy Settings..." link and click it 4. Back to the middle pane, tick (enable) the first check box, "Enable Proxy" 5. Click "Apply" on the left hand side window to save the change Test Logon 1. Open a browser and navigate to https://login.microsoftonline.com 2. Enter a valid User ID Copyright 2012, Deepnet Security. All Rights Reserved. Page 11

3. You will be then redirected to your ADFS server, and see the logon page presented by the DualShield SSO server: 4. Once you have been successfully authenticated by the DualShield SSO server, you ll be redirected back to the Office 365 online portal: - END - Copyright 2012, Deepnet Security. All Rights Reserved. Page 12

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information