Identity in office 365 sps michigan 2013

Identity in Office 365

Blog: http://www.MyCentralAdmin.com Twitter: @ferringer

http://www.mycentraladmin.com/

3 | SharePoint Saturday Michigan 2013

Outline

Office 365 Overview

Changing the Identity Perspective

Authentication vs. Authorization

Who Are You?

What Do You Do Here?

Who’s in Charge Here?


Email and Calendaring

Websites and Collaboration

IM and Online Meetings

Office Client and Web Apps

Hosted by Microsoft – in the cloud!


Office 365 Overview



Who Are You?




Did Someone say Cloud?


What’s Your Perspective?


Identity’s impact on Office 365

End User Experience

Complexity

Scale

Manageability

Investment


Office 365 Overview



Who Are You?





Who gets in?

What can they do?


Who gets in?

Where do your Office 365 user accounts live?

What is needed to use them?

What can they do?

What are the limitations of the approach?


Office 365 Overview



Who Are You?




Identity Options 1. Microsoft Online (MSO) IDs

2. MSO IDs + Directory Synchronization

3. Single Sign On + Directory Synchronization

Your Environment

AD

MS Online Directory Sync

Identity Services

Provisioning platform

Lync Online

SharePoint Online

Exchange Online

Active Directory Federation

Services 2.0

Trust

IdP Directory

Store

Admin Portal/ PowerShell

Authentication platform

Office 365

Desktop Setup

Microsoft Online Services

IdP


What can they do?

Appropriate for

• Smaller orgs without AD on-premise

Pros • No servers required on-

premise

Cons

• No SSO • No 2FA

• 2 sets of credentials to manage with differing

password policies

• IDs mastered in the cloud

Appropriate for

• Medium/Large orgs with AD on-premise

Pros • Users and groups

mastered on-premise • Enables co-existence

scenarios

Cons

• No SSO • No 2FA

• 2 sets of credentials to

manage with differing password policies

• Single server deployment

Appropriate for

• Larger enterprise orgs with AD on-premise

Pros • SSO with corporate cred

• IDs mastered on-premise • Password policy

controlled on-premise

• 2FA solutions possible • Enables co-existence

scenarios

Cons

• High availability server deployments required


Sign On Experience *SSO vs. Online IDs Summary

Win7/Vista/XP

SSO IDs (domain joined)

MS Online IDs

Outlook Web Application

SharePoint Web Application

ActiveSync, POP, IMAP,

Entourage Outlook 2007 or

2010

Online ID Online ID Online ID

Win 7/Vista/XP

Office 2010, or Office 2007 SP2

Online ID

Win7/Vista/XP

Lync Online

Online ID

AD credentials AD credentials AD credentials AD credentials AD credentials

SSO IDs (non-domain joined)

AD credentials AD credentials AD credentials AD credentials AD credentials

*Requires ADFS 2.0


How does AD FS work?

Claims authentication

Think of it like a passport

Passport Application

Visa Application

Submit for authorization

Allowed access


AD FS’s Authentication flow

`

Client

(joined to CorpNet)

Authentication platformAD FS 2.0 Server

Exchange Online or

SharePoint Online

Active Directory

Your Environment Microsoft Online Services

Logon (SAML 1.1) Token UPN:[email protected] Source User ID: ABC123

Auth Token UPN:[email protected] Unique ID: 254729


AD FS 2.0 deployment options 1. Single server configuration

2. AD FS 2.0 server farm and load-balancer

3. AD FS 2.0 proxy server or UAG/TMG (External Users, Active Sync, Outlook)

Enterprise

DMZ

AD FS 2.0 Server Proxy

External user Internal

user

Active Directory

AD FS 2.0 Server

AD FS 2.0 Server

AD FS 2.0 Server Proxy


ADFS Considerations Can you afford an outage?

How do you secure it?

It’s complex

Requires specific AD config

UPN formatting

Requires DirSync

Other options available

Shibboleth

Ping

Okta

Hat tip: @usher


Directory Synchronization

One-way or two-way copy of accounts to Office 365

Required for SSO/AD FS

But can be used without AD FS

Required for Hybrid scenarios

Think of it as an appliance, always running


Your Environment

AD

MS Online Directory Sync

Identity Services

Lync Online

SharePoint Online

Exchange Online

Active Directory Federation

Services 2.0

Trust

IdP Directory

Store

Authentication platform

Office 365

Desktop Setup

Microsoft Online Services

IdP

How DirSync Fits in


Getting to know DirSync

It’s actually Forefront Identity Manager

Copies AD accounts into Office 365

But not back down

Doesn’t sync passwords

Filtering now available

Can have sizing issues

Upload sizing

Database sizing

FIM: no touchy! (maybe)


Office 365 Overview



Who Are You?




Office 365 admin roles

Global administrator

Billing administrator

Password administrator

Services administrator

User management administrator

Delegated administrator

See the Office 365 Support Services Description document for more info:

http://tinyurl.com/o365SvcDescrs




Office 365 Overview



Who Are You?




Managing Identity in Office 365

Admin activities do not go away

AD FS is complex

And important!

PowerShell is your friend

How’s your internet connection?

Office 365 is constantly changing


Troubleshooting Identity

Microsoft Online Diagnostics and Logging tool (MOSDAL)

Microsoft Remote Connectivity Analyzer: HTTP://testexchangeconnectivity.com

Fiddler

WireShark/Netmon

Office 365 Expert Discussion Series: http://tinyurl.com/o365ExptDisc

http://testexchangeconnectivity.com/

http://testexchangeconnectivity.com/

http://tinyurl.com/o365ExptDisc

http://tinyurl.com/o365ExptDisc


Tie IT All Together

Blog: http://www.MyCentralAdmin.com Twitter: @ferringer

http://www.mycentraladmin.com/

Date post:	21-Nov-2014
Category:	Technology
Upload:	john-ferringer
View:	431 times
Download:	0 times

Identity in office 365 sps michigan 2013

Technology