Archive for the ‘Active Directory Services / Federation / Identy & Access’ Category

#AllAbout Integrating #AzureAD with OnPremAD – #ADConnect #O365 #CSP

July 21, 2016 Comments off

In a nutshell Azure AD Connect is what will be required to integrate on-premises directories with Azure Active Directory, which is the identity and access management service used by Office365 Services; this will allow users to access Office365 services using their on-premises AD credentials.

There are several more advanced topics to cover different on-prem directory scenarios, but below are almost the basic min level of understanding required; everything else will build on these base concepts … advanced topics will be covered in another post.

Onboarding to #CREST APIs for new #CSP Partners #O365 #Azure

August 13, 2015 Comments off

Onboarding to #CREST APIs for new #CSP Partners #O365 #Azure

YouTubeNew CSP partner? Need to connect with the CREST APIs? This 18 minute tutorial walks through all the details end to end. Starting with a newly…

Five quick links: Active Directory #Federation Services #ADFS #Cloud-Apps

August 16, 2011 Comments off

Five quick links: Active Directory Federation Services.

Active Directory Federation Services  is a single sign-on technology that authenticates a user for multiple Web applications over the course of a single session. This federated identity management functionality, which was introduced in Windows Server 2003 and is now in its second version for Windows Server 2008 R2, has become increasingly important as IT shops begin to run more and more applications in the cloud. These five quick links help explain ADFS and how it can be used to increase efficiency and security in your organization.

Active Directory Federation Services 2.0: Is it right for you?

August 16, 2011 Comments off

Active Directory Federation Services 2.0: Is it right for you?.

ADFS can be useful in federating directories between your organization and another organization to reduce Identity and Access Management headaches.

Prior to ADFS (or its previous incarnations), many organizations deployed a ‘separate’ Active Directory implementation, perhaps in their DMZ for less-trusted systems or to act as an extranet authentication and authorization for third parties that are coming in to consume services. The big challenge here is becoming an accounts administrator for extranet users (which may start as a “small 100 user pilot” that rapidly expands, as we’ve all experienced); when they need their password reset, when they have a new employee to be added, they have to call you to get it done. The other big concern here is around de-provisioning of users; do all of your extranet partners call you when they terminate an employee? You could potentially have a nasty security incident on your hands if a disgruntled employee still has access via the extranet.

Active Directory Federation Services does what it sounds like – it federates Directory A with Directory B to allow for mutually agreed upon authorization, authentication and access control decisions to be made. It allows for a more seamless experience for the user; they are able to manage (and remember) one set of credentials for access to multiple systems. This is also a lot easier on the administrator(s) as they can easily control access and set ACLs based on one set of credentials without getting lost in the overly complex task of managing users and groups, mapping which users should belong to which groups and which account (there may be several per person in different directory instances) the person is authenticating with.

%d bloggers like this: