Agenda

Federation and Synchronization

Federation using ADFS and Extensibility options

2 3Office 365 Identity overview

1What’s New in Azure AD?Cloud Business App - Overview

4

Identity and access management system key components are:

Verifying that a user, device, or service such as an application is the “entity” that it “claims” to be.

Determining which actions an authenticated entity is authorized to perform

Authentication

Identity Management is about identifying individuals for a system and controlling access to resources in that system.

Office 365 identity deployment options

Office 365

Microsoft Azure AD

Single Identity, all user information, including passwords are stored in MAAD

Cloud

Office 365

Microsoft Azure AD

Single Identity. Users are synchronized from on-premises

Directory & Password Sync

Cloud + On-Premises

On-Premises Identity

Office 365

Microsoft Azure AD

Single federated Identity. Users are synchronized from on-premises

Federated

Federation

On-Premises Identity

DirSync

Microsoft Azure Active Directory identity common deployment options:

• Identities are managed entirely in cloud.

• Identities and passwords are synchronized from on-premises user store.

• Identities synchronized from on-premises user store but the user identities are federated.

Pros• Simple to deploy and manage.• High availability and reliability as identities are

managed in cloud.• Lower cost as there is no server deployment

necessary.

Office 365

Microsoft Azure AD

Cloud

User

Cloud IdentityEx: senthil@lighthousecs.comCons

• Separate identity for O365 if on-premises credential exists.

• Separate passwords and policy management.• No single sign on between on-premises

application and O365.

Pros

• User accounts are synchronized between on-premises and online.

• Identities are created in a single place (on-premises).

• Directory and password sync tool for AD.

Cons

• Additional server for directory and password synchronization.

• Although single identity, single sign on. between on-premises application and O365 is not possible.

Office 365

Microsoft Azure AD

Cloud + On-Premises

Cloud IdentityEx: senthil@lighthousecs.com

On-Premise (Non-AD & AD)

Lighthousecs\senthil

User

• Non AD account synchronization through custom PowerShell, Graph API.

Pros

• Single identity and sign on for on-premises and O365 services.

• Directory and password sync tool for AD.

Cons• Additional servers for directory and password synchronization, Federation

server(s) and Proxies

• Non AD account synchronization through custom PowerShell, Graph API.

Office 365

Windows Azure AD

Single federated Identity. Users are synchronized from on-premises

Federated

Federation

On-Premises Identity

DirSync• Forefront Identity Manager (FIM) Synchronization for Non-AD and Multi-forest scenarios.

• Secure Token based authentication

• 2 Factor Authentication

• Client access control based on IP address with ADFS

Federation and Synchronization

Federation using ADFS and Extensibility options

2 3Office 365 Identity overview

1What’s New in Azure AD?Cloud Business App - Overview

4

Shibboleth (SAML-P)Works with AD & Non-AD

Works with AD

Works with AD & Non-AD

FIM – Forefront Identity ManagerWorks with AD & Non-AD

Works ONLY with AD

Works with AD & Non-AD

Microsoft Azure AD stores a partial view of the user information during synchronization for it to protect resources.

• Immutable ID – By default this is the object ID if you are synchronizing from AD. Think of this as the internal id of the user object in Azure AD.

• UPN – User Principal Name is used for the SSO redirection to direct the browser to the Security Token Services. Default is the domain name.

• If you have a non-routable UPN, you can add it in AD Domains and Trust MMC. Right click on the top node and enter a routable UPN and run a full synchronization.

• Display Name

• Account Status

The key fields that you need to be aware of during the planning process:

Federation and Synchronization

Federation using ADFS and Extensibility options

2 3Office 365 Identity overview

1What’s New in Azure AD?Cloud Business App - Overview

4

Limit access to O365 services based on Location of the client

http://technet.microsoft.com/en-us/library/hh526961%28v=ws.10%29.aspx#cptrust2

Federation and Synchronization

Federation using ADFS and Extensibility options

2 3Office 365 Identity overview

1What’s New in Azure AD?Cloud Business App - Overview

4

From here to….

https://login.microsoftonline.com

spanchatcharam@lighthousecs.com