1 / 18

AD FS Installation

Learn how to install, configure, and manage Active Directory Federation Services (AD FS) in Windows Server 2016. This course covers identity management, claims-based authentication, single sign-on, and more.

wilsonanthony
Download Presentation

AD FS Installation

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. 7.1 Active Directory Federation Services (AD FS) TestOut Server Pro 2016: Identity AD FS Installation

  2. Section Skill Overview • Install Active Directory Federated Services (AD FS) Configure Active Directory Federated Services (AD FS) Upgrade Active Directory Federated Services (AD FS) to Windows 2016 TestOut Server Pro 2016: Identity

  3. Key Terms • Active Directory Federation Services (AD FS) Active Directory Domain Services (AD DS) Federation Server Certificates Lightweight Directory Access Protocol (LDAP) TestOut Server Pro 2016: Identity

  4. Key Definitions • Active Directory Federation Services (AD FS): The Active Directory Federation Services (AD FS) server role allows single sign-on access to web-based resources. Active Directory Domain Services (AD DS): Active Directory Domain Services (AD DS) is a server role in Active Directory that allows admins to manage and store network resource information in a distributed database. Federation Server: Federation server is the name of the server that you install the Active Directory Federation Services role on. Certificates: Certificates are used to identify AD FS server components for security purposes. Lightweight Directory Access Protocol (LDAP): Lightweight Directory Access Protocol (LDAP) is an vendor-neutral protocol for accessing and maintaining distributed directory information services over an IP network. TestOut Server Pro 2016: Identity

  5. AD FS • Identity product Uses claims-based authentication Single sign-on Support for many clients Customized claims from third-party apps TestOut Server Pro 2016: Identity

  6. Overview of AD FS TestOut Server Pro 2016: Identity

  7. Overview of AD FS TestOut Server Pro 2016: Identity

  8. Overview of AD FS TestOut Server Pro 2016: Identity

  9. Overview of AD FS TestOut Server Pro 2016: Identity

  10. Overview of AD FS TestOut Server Pro 2016: Identity

  11. AD FS Claims • AD FS: • Provides a default set of claims. • Enables custom claims creation. • Claims can be: • Retrieved from an attribute store. Calculated based on retrieved values. Transformed into alternate values. TestOut Server Pro 2016: Identity

  12. Claim Rules • How claims are sent and consumed. Provider rules and acceptance transforms rules. Relying party rules can be: • Issuance transform rules Issuance authorization rules Delegation authorization rules TestOut Server Pro 2016: Identity

  13. Claims Provider Trust • Configured on relying party federation server. Identify the claims provider. Configure claim rules for provider. Configure claims provider trusts by: • Importing federation metadata Importing a configuration file Configuring the trust manually TestOut Server Pro 2016: Identity

  14. Relying Party Trusts • Are configured on the claims provider. Identify the relying party. Configure claim rules. Defines connection to internal app in SSO. TestOut Server Pro 2016: Identity

  15. Configure an Account Partner • Implement the physical topology. Add an attribute store. Configure a relying party trust. Add a claim description. Prepare client computer for federation. TestOut Server Pro 2016: Identity

  16. Overview of AD FS TestOut Server Pro 2016: Identity

  17. Configure a Resource Partner • Implement the physical topology. Add an attribute store. Configure a claims provider trust. Create claim rule sets for the claims provider trust. TestOut Server Pro 2016: Identity

  18. AD FS Management Tasks • Get-AD FSCertificate: view certificate expiration dates. Update-MsolFederatedDomain: manage certificate rollover. Set-AD FSSyncProperties: change primary and secondary AD FS federation servers. TestOut Server Pro 2016: Identity

More Related