Nathan Miller Solutions Strategist Microsoft Israel Vega, Jr SharePoint Architect InkBlot Consulting Previously…. On…. The SharePoint -6 on a leap year i:0#.f|membership|[email protected] i:0#.w|domain\sAMAccountName Sites Composites Communities Insights Content Search Business Intelligence Business Forms Content Management Collaboration Platform Services Workspaces, Mgmt, Security, Storage, Topology, Site Model Search Portal.
Download ReportTranscript Nathan Miller Solutions Strategist Microsoft Israel Vega, Jr SharePoint Architect InkBlot Consulting Previously…. On…. The SharePoint -6 on a leap year i:0#.f|membership|[email protected] i:0#.w|domain\sAMAccountName Sites Composites Communities Insights Content Search Business Intelligence Business Forms Content Management Collaboration Platform Services Workspaces, Mgmt, Security, Storage, Topology, Site Model Search Portal.
Nathan Miller Solutions Strategist Microsoft Israel Vega, Jr SharePoint Architect InkBlot Consulting Previously…. On…. The SharePoint -6 on a leap year i:0#.f|membership|[email protected] i:0#.w|domain\sAMAccountName Sites Composites Communities Insights Content Search Business Intelligence Business Forms Content Management Collaboration Platform Services Workspaces, Mgmt, Security, Storage, Topology, Site Model Search Portal Meanwhile… back at the ranch…. SSO Active Directory, Azure AD, LDAP, Federated, SQL, Custom Authentication source + Authentication Method Machine, Cookie, Form, Device, Cached Credentials UID & PWD, Certificate, Device, Biometric, OTP, MFA, App, Service Credential + Credential Presentation Active (client) Passive (Browser) Web page title http://www.url.com Browsers Devices & Location Demo Connected Enterprise Overview Nathan Miller - Microsoft User Type of Access Remote Devices Authentication Information LAN Home Time Office Location Entitlement Information Profile Information Runtime Information Pattern AKA Party time Anonymous/No authentication Right this way (keep an eye out) Tracked anonymous If you got this far, I trust you Already verified somewhere else Who are you again? Single Sign once…everywhere He’s with me/VIP Association/federation Wait right here Trusted subsystem You look like someone I know Shadow account Let me do that for you Impersonation Authentication Method Available On Premises/IAAS Available In O365 Classic (NTLM, Kerberos) Yes No Custom Forms Based Authentication OAuth Yes No Yes with Customization No, Apps Only Windows Claims SAML Claims Yes Yes No Yes with ADFS or 3rd party Multi Factor Yes with ADFS, Azure AD or 3rd party Yes with Azure AD PC Authentication Information (STS) Additional Runtime Information (Claims, Roles, Groups) Profile Information (Email, SIP) SPUser User in SP Context User in App / Service Context [Windows User OR FBA User OR SAML User] OR [Organizational ID (O365) AKA Azure AD (O365)] SharePoint User OAuth User + APP • • • • Active Directory Claims to Windows Token Service Windows Token Data Repository, SQL Server or SSAS Windows Token Windows 2012 R2 Remote Access Proxy Windows Claim SharePoint WFE SharePoint App SP SQL Server SharePoint Farm Directory Sync with SSO Publish ADFS from On Premises to do Authentication Active Directory (On prem) Directory Sync Azure Cloud Sync Ids For Profiles, GALs W/Password Hash SharePoint Online Sign-in Auth Requests Azure AD Azure Auth Platform • • www.url.com http://support.microsoft.com/kb/2602377 Constrained Delegation For CIFS fails with ACCESS_DENIED. http://channel9.msdn.com/Events/TechEd www.microsoft.com/learning http://microsoft.com/technet http://microsoft.com/msdn