Azure Active Directory Active Directory Azure Active Directory Active Directory http://social.technet.microsoft.com/wiki/contents/articles/17857.how-to-switchfrom-single-sign-on-to-password-sync.aspx Password Sync Same password to access resources Control password policies onpremises Support for two factor authentication No password re-entry.
Download ReportTranscript Azure Active Directory Active Directory Azure Active Directory Active Directory http://social.technet.microsoft.com/wiki/contents/articles/17857.how-to-switchfrom-single-sign-on-to-password-sync.aspx Password Sync Same password to access resources Control password policies onpremises Support for two factor authentication No password re-entry.
Azure Active Directory Active Directory Azure Active Directory Active Directory http://social.technet.microsoft.com/wiki/contents/articles/17857.how-to-switchfrom-single-sign-on-to-password-sync.aspx Password Sync Same password to access resources Control password policies onpremises Support for two factor authentication No password re-entry if on premises Client access filtering Authentication occurs in on premises directory * SSO with AD FS Portal PowerShell/ Directory GRAPH DirSync w/Cloud identities DirSync w/Password Sync DirSync w/SSO Target customer segment • Small • Small/Medium • Small/Medium • Small/Medium • Medium/Large What can I do? • Least • Least • Some limitation • Some limitations • All Where do I make changes? • Cloud • Cloud • On-premises • On-premises • On-premises • None • None • DirSync appliance • DirSync appliance • DirSync appliance • ADFS/other STS, HA Where do users Sign-In? • Cloud • Cloud • Cloud • Cloud • On-premises User login experience • Disjoint username and password • Enter credentials twice • Disjoint username and password • Enter credentials twice • Same username, • Same username disjoint password and password • Enter credentials • Enter credentials twice twice • Same username and password • Login once (if on-premises) Complexity • Low • Medium • Low • High (setup SSO) What Hardware do I need? • Low On-premises Azure AD Supported? Sync Solution ADFS/SSO Solution 1 AD Forest 1 Tenant Yes DirSync Appliance ADFS or 3rd Party STS n AD Forests* 1 Tenant Yes FIM + AAD Connector** ADFS or 3rd Party STS 1 AD Forest n Tenants Yes FIM + AAD Connector OR n DirSync Appliances ADFS or 3rd Party STS Non-AD directory n Tenants Yes FIM + AAD Connector 3rd Party STS n AD Forests + m non-AD Directories n Tenants Yes FIM + AAD Connector 3rd Party STS Resource Forest DirSync (migrate data) etc.) (sync UPN,Exchange ImmutableID, Account Forest AD FS Azure AD Tenant DirSync AD Forest Azure AD Tenant AD FS DirSync Azure AD Tenant http://www.microsoft.com/downloads/details.aspx?FamilyID=72c15d25-65154763-9b76-054362b58398 NEW! Rich Applications (SIA) • • • • Lync Online Office Subscriptions CRM Rich Client Office 2013 Web Clients Exchange Clients • • • Office 2010, Office 2007 SP2 with SharePoint Online Outlook Web Application • • Office 2010, Office 2007 SP2 Active Sync/POP/IMAP Entourage MS Online IDs Username and Password Username and Password Username and Password Cloud ID Cloud ID Cloud ID SSO IDs Username and Password (non-domain joined) Username and Password Username and Password AD credentials AD credentials AD credentials SSO IDs No Prompt Username AD credentials AD credentials (domain joined) Can save credentials Remember last user Username and Password AD credentials Can save credentials TechNet *Slight variation between SAML and WS-* tokens MEX Web Lync 2010/ Office Subscription Active AD FS 2.0 Proxy OWA Internal Basic auth proposal: Pass client IP, protocol, device name Exchange Online MEX Web Active Corporate Boundary OWA External Username Password AD FS 2.0 Server Lync 2010/ Office Subscription Username Password Username Password Username Password Outlook 2010/2007 IMAP/POP Outlook 2010/2007 Active Sync IMAP/POP Active Sync Authentication flow (Passive/Web profile) Customer Microsoft Online Services Active Directory Logon (SAML 1.1) Token AD FS 2.0 Server UPN:[email protected] Authentication platform Source User ID: ABC123 Auth Token UPN:[email protected] Unique ID: 254729 ` Client (joined to CorpNet) Exchange Online or SharePoint Online Authentication flow (MEX/Rich Client Profile) Customer Microsoft Online Services Active Directory Logon (SAML 1.1) Token AD FS 2.0 Server UPN:[email protected] Authentication platform Source User ID: ABC123 Auth Token UPN:[email protected] Unique ID: 254729 ` Client (joined to CorpNet) Lync Online Customer Windows Azure Active Directory Active Directory AD FS 2.0 Server (SAML 1.1) Token AD FS 2.0Logon Proxy UPN:[email protected] Authentication platform Source User ID: ABC123 Auth Token UPN:[email protected] Unique ID: 254729 ` Basic Auth Credentials Username/Password Client (joined to CorpNet) Exchange Online here Windows Azure Active Directory Generate SAML token for authentication platform Redirect to Authentication platform Types User Name Redirect Back Authenticate 2FA response Authenticate 2FA Install 3rd party auth provider ADFS proxy Access Application Present ticket to Application Authentication platform http://technet.microsoft.com/en-us/library/jj151781.aspx http://technet.microsoft.com/en-us/library/dn246918.aspx http://social.technet.microsoft.com/wiki/contents/articles/18096.dirsyncwaad-password-sync-frequently-askedquestions.aspx http://technet.microsoft.com/en-us/library/hh967628.aspx https://twitter.com/Office365 3724282 http://www.linkedin.com/groups/Microsoft-Office-365- www.microsoft.com/garage : http://fasttrack.office.com// http://channel9.msdn.com/Events/TechEd www.microsoft.com/learning http://microsoft.com/technet http://microsoft.com/msdn