Post on 26-Jul-2020
transcript
© 2020 SWITCH | 1
Azure AD – O365 Integration
Thomas BäreckeThomas.baerecke@switch.chZürich, 20.05.2020
© 2020 SWITCH | 2
Microsoft Azure AD with Pass-Through-Authentication (PTA)
Microsoft Cloud SWITCH edu-ID (production federation)
Organisation SWITCH(edu-ID adopted)
Admin
0. user provisioningwith scripts to AAD User
1. Access attempt(unauthenticated)
2. Home realmdiscovery(WAYF)
3. Authentication
4. Service access
(authenticated)
Azure AD
© 2020 SWITCH | 3
Limitations and workarounds
• Limitation: Bilateral non-standard configuration• Current solution: Special configuration on SWITCH edu-ID
IdP• Long-term solution: Proxy
• Limitation: One Microsoft Custom Domain per SAML-IdP only
• Shortly available solution: One proxy per domain
© 2020 SWITCH | 4
Multiple instances for multiple domains
Bundled together in Shibboleth IdP V4.0
Proxy architecture
SWITCH edu-ID IdP
ShibSP
ShibIdP
Azure AD / O365
ShibSP
ShibIdP
SWITCHaai federationMicrosoft