1 / 51

Microsoft O365 identity and authentication

Microsoft O365 identity and authentication. Peter Ginnegar Technical Solution Professional Microsoft Corporation Peter.Ginnegar@Microsoft.com. Topics. Office 365 identity models Identity overview IdFix Tool (demo) O365 Directory Synchronization (demo)

salaam
Download Presentation

Microsoft O365 identity and authentication

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Microsoft O365 identity and authentication Peter Ginnegar Technical Solution Professional Microsoft Corporation Peter.Ginnegar@Microsoft.com

  2. Topics • Office 365 identity models • Identity overview • IdFixTool (demo) • O365 Directory Synchronization (demo) • Active Directory Federation Services • O365 Multifactor Authentication (demo)

  3. O365 Active Directory • What is O365 Active Directory? • O365 uses Windows Azure Active Directory • What services are provided by Windows Azure Active Directory • Provides authentication, synchronization and federation services. • An identity management system spanning cloud and On Premises. • What systems make up a typical O365 Active Directory? • -On Premises Active Directory Servers and Windows Azure Active Directory.

  4. Identity management

  5. What is identity management? “Identity management deals with identifying individuals in a system and controlling access to the resources in that system.”

  6. What are the major components of identity management? • Authentication – Verifying that a user, device, or application is the entity that it claims to be. • Authorization - Determining which actions an authenticated entity is authorized to perform on the network.

  7. Office 365 identity models

  8. Office 365 identity Models

  9. Cloud identity model

  10. Synchronized accounts identity model

  11. Federated identity model

  12. Federated identity model- multiple forests

  13. Third party federated model

  14. Third party partners for federated identity TechNet http://technet.microsoft.com/en-us/library/jj679342.aspx

  15. Federation Terms - SSO What is SSO? Single Sign On (SSO) is the ability for two disjointed Providers to trust each other such that a user logged on does not need to log in again for the second.

  16. Authentication types • Passive authentication – Web Based • SharePoint Online, Outlook Web Access Active authentication – Office 365 Client • Services that use the Sign-In assistant including Lync, Office 365 Pro Plus, Word, Excel, Visio, PowerPoint, PowerShell access to O365. • Proxy authentication – Required for Outlook and Active sync clients. • Username and password proxy through Exchange Online. Uses WS-Trust or SAML ECP to authenticate

  17. Federation protocols • WS-* Supported by ADFS and works with Office 365 -Passive authentication – WS-Federation -Active authentication – WS-Trust - Exchange Online uses WS-Trust • Shibboleth • An Open source federated provider based on SAML • Passive authentication only (Web Forms) • Exchange Online supports SAML 2.0 and ECP.

  18. Federation Terms - WS* What is WS-Federation? • WS-Federation is a protocol used for web browser based authentication. • What is WS-Trust? • WS-Trust is a protocol used by Office rich client applications to authenticate (Sign-in Assistant)

  19. Federation Terms - SAML What is SAML? (Small Assertion Markup Language) SAML is an XML-based framework for communicating user authentication, entitlement, and attribute information Developed by the Security Services Technical Committee of OASIS

  20. Directory Sync Tool or Active Directory Federation Services

  21. Identity Overview

  22. Identities in Active Directory

  23. IdFix Tool – Directory Remediation

  24. Office 365 IdFix Tool • Provides the ability to identify and remediate object synchronization issues in preparation for O365 • Users • Groups • Contacts

  25. Office 365 IdFix Tool • Important Attributes that are update by the IdFix Tool for O365 identity Synchronization. -displayName -givenName -Mail -mailNickName -proxyAddress -targetAddress -Sn -sAMAccountName -userPrincipalName

  26. Office 365 IdFix Tool • Query user identities • Identify attribute and issue • Take action to correct • Apply changes

  27. Office 365 Directory Synchronization

  28. Office 365 Directory Synchronization components • Windows Azure AD (O365 Identities) • On Premise Active Directory (Local Identities) • Directory Synchronization Tool • User Account Attributes • User, Group, synchronization • SourceAnchor, msDS-CloudAnchor (Windows 2012 R2)

  29. Office 365 DirSync workflow Authentication

  30. O365 Synchronization results • Accounts are still separate • O365 Services are accessed using Cloud Identity • Password sync is enabled • Password stored in double hashed format • Not a true Single Sign On Solution • Can be used as a backup to Federated Service Solution

  31. Windows Azure Active Directory Sync Tool • Synchronizes on premise Active Directory accounts to Windows Azure Active Directory. • Synchronizes passwords (double hashed) • Synchronization of accounts occurs every 3 hours • Can for Synchronization using PowerShell command • SQL Express Database (10GB)

  32. Azure AD Sync Services (Preview) • Azure AD Sync Services is a new identity sync tool that provides customers with the ability to sync identity information from complex AD environments (i.e. multi-forest) and other identity directories • http://go.microsoft.com/?linkid=9845645

  33. Demo • Idfix tool • Office 365 DirSync Tool

  34. Active Directory Federation

  35. Active Directory Federation Services • Active Directory Federation Services (AD FS) 2.x provides access to applications and other systems with an open and interoperable claims-based model • The AD FS 2.x platform provides Windows-based Federation Service that supports the WS-Trust, WS-Federation, and Security Assertion Markup Language (SAML) protocols.

  36. Directory Federation • Web Application Proxy can use AD FS for pre-authentication. • Unauthenticated client requests are redirected to the AD FS server for authentication and authorization before forwarding the request to the published web application.

  37. O365 Active Directory Federated Service

  38. ADFS and SSO with Online Services Federated Trust

  39. O365 Multifactor authentication

  40. What is Multifactor Authentication? • Is an approach to authentication which requires the presentation of two or more authentication factors. • Two-factor authentication seeks to decrease the probability that the requester is presenting false evidence of its identity.

  41. What Components make up multifactor authentication? • Two-factor authentication requires the use of two of the three authentication factors • Phone Call • SMS Text message (On Time Passcode) • Software Token • Hardware Token

  42. Multi-factor authentication using any Phone

  43. O365 Multi-factor authentication administration

  44. Office 365 User Setup for MFA

  45. O365 App Password Mobile Apps End user Self Service Each user can have up to 40 app passwords

  46. O365 App Passwords for Rich Client Applications • End user Self Service • Each user can have up to 40 app passwords • 16 Character randomly generated once

  47. Multifactor Authentication for Office 365

  48. MFA Demo

  49. Topics • Office 365 identity models • Identity overview • IdFixTool (demo) • O365 Directory Synchronization (demo) • Active Directory Federation Services • O365 Multifactor Authentication (demo)

  50. Reference Articles Peter.Ginnegar@Microsoft.com http://technet.microsoft.com/en-us/video/office-365-identity-management-and-federation.aspx http://www.microsoft.com/en-us/download/details.aspx?id=36832 http://technet.microsoft.com/en-us/library/dn383636.aspx http://technet.microsoft.com/en-us/library/hh852469.aspx

More Related