Tuesday, September 12, 2017

Active Directory Federation Services

Active Directory Federation Services
Active Directory  Federation Services(ADFS) provides single sign-on (SSO) by using token-based authentication. With SSO, a service will trust the authentication token of a user who has successfully logged on to a disparate but trusted network. As, such the service will grant access without requiring the user to authenticate again.
SSO through AD FS is not mandatory for Office 365, but enterprise customers usually implement it because of the need to desire to leverage existing identity management solutions such as AD.

Different types of user accounts
There are essentially two classes of user accounts:
Ø  Cloud Identity
Ø  Federated Identity
Cloud Identities are user accounts that are created directly in Office 365 through the admin center. The passwords associated with cloud identities are also stored in Office 365. Cloud identities can be managed through the admin center as well as through Windows PowerShell.
Federated Identities refer to user accounts that are maintained outside if Office 365 such as in AD. Federated identities are the most commonly used accounts in an enterprise because most enterprises already have an identity management solution such as AD.

Integrating Active Directory with Office 365
To fully leverage AD in Office 365, follow these general steps:
Ø  Add your domain name to your Office 365 tenant.
Ø  Set up and configure SSO through AD FS
Ø  Install and configure the Directory Sync tool.

Active Directory Federation Services
AD FS is a role in Windows Server. The most prominent and primary reason to use AD FS with Office 365 is that it allows and AD user to seamlessly access office 365 without having to re-supply her credentials again. However, if your organization decides to implement AD FS, the minimum AD FS version required by office 365 is version 2.0; thus, it is often referred to as AD FS 2.0
Single sign-on experience
Ø  Scenario 1: No single sign-on experience
Ø  Scenario 2: User is logged on at work
Ø  Scenario 3: Remote worker on a virtual private network connection
Ø  Scenario 4: Remote worker is not logged on to the corporate network
Steps to Implement SSO using AD FS
Ø  Remediate your AD UPN suffix.
Ø  Install IIS on the server that will host AD FS.
Ø  Protect IIS with an Secure Sockets Layer(SSL) certificate
Ø  Install and configure AD FS 2.0
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)