Choosing)the)RightDirectory)Integraon)Framework)) for)Your...
Transcript of Choosing)the)RightDirectory)Integraon)Framework)) for)Your...
![Page 1: Choosing)the)RightDirectory)Integraon)Framework)) for)Your ...resources.onelogin.com/Webinar-Choosing-the-Right-Directory... · Office 365 – Time to Federate with ADFS? ADFS Overhead](https://reader034.fdocuments.us/reader034/viewer/2022050508/5f99510a48e56a4f220f2ef1/html5/thumbnails/1.jpg)
Extending Iden+ty to the Cloud:
Choosing the Right Directory Integra+on Framework for Your Cloud Applica+on PorBolio
Brian Desmond Microsoft MVP for Directory
Services
Collin Hachwi IT Infrastructure Manager
Elias Terman VP Product Marketing
![Page 2: Choosing)the)RightDirectory)Integraon)Framework)) for)Your ...resources.onelogin.com/Webinar-Choosing-the-Right-Directory... · Office 365 – Time to Federate with ADFS? ADFS Overhead](https://reader034.fdocuments.us/reader034/viewer/2022050508/5f99510a48e56a4f220f2ef1/html5/thumbnails/2.jpg)
Managing users
Corporate Network The Cloud
Signing into apps Securing and enabling mobile users
Enterprises' Challenges with Cloud and Iden+ty
Remote access to internal apps
VPN
Directory integra+on
Analyzing usage Managing apps Preven+ng unauthorized access
![Page 3: Choosing)the)RightDirectory)Integraon)Framework)) for)Your ...resources.onelogin.com/Webinar-Choosing-the-Right-Directory... · Office 365 – Time to Federate with ADFS? ADFS Overhead](https://reader034.fdocuments.us/reader034/viewer/2022050508/5f99510a48e56a4f220f2ef1/html5/thumbnails/3.jpg)
High Tech Media Healthcare Industrial Finance/Legal Education Services
OneLogin has 800+ paying customers in 44 countries across the globe
![Page 4: Choosing)the)RightDirectory)Integraon)Framework)) for)Your ...resources.onelogin.com/Webinar-Choosing-the-Right-Directory... · Office 365 – Time to Federate with ADFS? ADFS Overhead](https://reader034.fdocuments.us/reader034/viewer/2022050508/5f99510a48e56a4f220f2ef1/html5/thumbnails/4.jpg)
How Companies Use OneLogin
Employee Productivity
Customer Service Portals
Federation for partners
On-premise Integration
Eliminate passwords for
employees and provide one-click to
their apps.
Let customers sign into sales and
support apps with their social identity.
Establish trust relationship with partner identity
providers.
Bridge the gap between on-prem applications and
identity providers – and the cloud.
![Page 5: Choosing)the)RightDirectory)Integraon)Framework)) for)Your ...resources.onelogin.com/Webinar-Choosing-the-Right-Directory... · Office 365 – Time to Federate with ADFS? ADFS Overhead](https://reader034.fdocuments.us/reader034/viewer/2022050508/5f99510a48e56a4f220f2ef1/html5/thumbnails/5.jpg)
OneLogin Enterprise Iden+ty -‐ Key Capabili+es
Single sign-on Directory Integration
MFA
Reporting
Password Vaulting User Management
![Page 6: Choosing)the)RightDirectory)Integraon)Framework)) for)Your ...resources.onelogin.com/Webinar-Choosing-the-Right-Directory... · Office 365 – Time to Federate with ADFS? ADFS Overhead](https://reader034.fdocuments.us/reader034/viewer/2022050508/5f99510a48e56a4f220f2ef1/html5/thumbnails/6.jpg)
Global Enterprise-‐grade Infrastructure
Chicago
Dallas
Amsterdam
London
Local EU hos+ng conforms to developing EU data protec+on guidelines
![Page 7: Choosing)the)RightDirectory)Integraon)Framework)) for)Your ...resources.onelogin.com/Webinar-Choosing-the-Right-Directory... · Office 365 – Time to Federate with ADFS? ADFS Overhead](https://reader034.fdocuments.us/reader034/viewer/2022050508/5f99510a48e56a4f220f2ef1/html5/thumbnails/7.jpg)
Iden%ty in the Cloud with Microso4 and Azure
Brian Desmond
![Page 8: Choosing)the)RightDirectory)Integraon)Framework)) for)Your ...resources.onelogin.com/Webinar-Choosing-the-Right-Directory... · Office 365 – Time to Federate with ADFS? ADFS Overhead](https://reader034.fdocuments.us/reader034/viewer/2022050508/5f99510a48e56a4f220f2ef1/html5/thumbnails/8.jpg)
Agenda
• Microso1 Azure Ac4ve Directory
• Federa4on with Ac4ve Directory Federa4on Services • Iden4ty and Office 365
![Page 9: Choosing)the)RightDirectory)Integraon)Framework)) for)Your ...resources.onelogin.com/Webinar-Choosing-the-Right-Directory... · Office 365 – Time to Federate with ADFS? ADFS Overhead](https://reader034.fdocuments.us/reader034/viewer/2022050508/5f99510a48e56a4f220f2ef1/html5/thumbnails/9.jpg)
Microso1 Azure Ac4ve Directory
• Microso1’s strategy for iden4ty in the cloud • Iden4ty repository for cloud applica4ons • Backing store for Office 365 services • Single point of federa4on for applica4ons • Rapidly emerging self-‐service and applica4on catalog func4onality
• Available in free and premium edi4ons
• Don’t confuse the brand with the features • Ac4ve Directory Domain Services (AD DS) and Azure Ac4ve Directory do not have feature parity
![Page 10: Choosing)the)RightDirectory)Integraon)Framework)) for)Your ...resources.onelogin.com/Webinar-Choosing-the-Right-Directory... · Office 365 – Time to Federate with ADFS? ADFS Overhead](https://reader034.fdocuments.us/reader034/viewer/2022050508/5f99510a48e56a4f220f2ef1/html5/thumbnails/10.jpg)
Microso1 Azure Ac4ve Directory Premium Edi4on
• Licensed per user under an Enterprise Agreement
• Five key feature areas • Branding and Customiza4on • Group/Role Based Access Control • Self Service Password Management • Mul4-‐Factor Authen4ca4on • Enhanced Security Repor4ng and Analy4cs
• Factor in these capabili4es versus your business and technical requirements as you evaluate the free edi4on
![Page 11: Choosing)the)RightDirectory)Integraon)Framework)) for)Your ...resources.onelogin.com/Webinar-Choosing-the-Right-Directory... · Office 365 – Time to Federate with ADFS? ADFS Overhead](https://reader034.fdocuments.us/reader034/viewer/2022050508/5f99510a48e56a4f220f2ef1/html5/thumbnails/11.jpg)
Azure Ac4ve Directory Architecture
![Page 12: Choosing)the)RightDirectory)Integraon)Framework)) for)Your ...resources.onelogin.com/Webinar-Choosing-the-Right-Directory... · Office 365 – Time to Federate with ADFS? ADFS Overhead](https://reader034.fdocuments.us/reader034/viewer/2022050508/5f99510a48e56a4f220f2ef1/html5/thumbnails/12.jpg)
Ac4ve Directory Federa4on Services
• AD FS is the bridge from on-‐premises to the cloud • You can federate each individual applica4on with AD FS • You can also just federate with AAD and then federate each applica4on with AAD
• Suppor4ng AD FS will require some new skills • Interpre4ng HTTP traces is cri4cal • Understanding federa4on protocols like SAML
• The availability of your cloud services will never be greater than your iden4ty infrastructure
![Page 13: Choosing)the)RightDirectory)Integraon)Framework)) for)Your ...resources.onelogin.com/Webinar-Choosing-the-Right-Directory... · Office 365 – Time to Federate with ADFS? ADFS Overhead](https://reader034.fdocuments.us/reader034/viewer/2022050508/5f99510a48e56a4f220f2ef1/html5/thumbnails/13.jpg)
AD FS Infrastructure Considera4ons
• Consider your high availability requirements for AD FS • What infrastructure will you need to deploy? • What teams will you depend on to meet your goals?
• Single site and mul4ple site op4ons are common
• Networking and DNS dependencies are key • Highly available SQL Server may also be required
![Page 14: Choosing)the)RightDirectory)Integraon)Framework)) for)Your ...resources.onelogin.com/Webinar-Choosing-the-Right-Directory... · Office 365 – Time to Federate with ADFS? ADFS Overhead](https://reader034.fdocuments.us/reader034/viewer/2022050508/5f99510a48e56a4f220f2ef1/html5/thumbnails/14.jpg)
Highly Available Single Site ADFS Deployment
Enterprise Network
DMZ
Web Applica4on
Proxy
Ac4ve Directory
AD FS Server
AD FS Server
Web Applica4on
Proxy
NLB
![Page 15: Choosing)the)RightDirectory)Integraon)Framework)) for)Your ...resources.onelogin.com/Webinar-Choosing-the-Right-Directory... · Office 365 – Time to Federate with ADFS? ADFS Overhead](https://reader034.fdocuments.us/reader034/viewer/2022050508/5f99510a48e56a4f220f2ef1/html5/thumbnails/15.jpg)
Highly Available Mul4 Site ADFS Deployment
Site A Enterprise Network
Ac4ve Directory
AD FS Server
AD FS Server
Site A DMZ
GLB NLB GLB NLB
Web Applica4on
Proxy
Web Applica4on
Proxy SQL Server Cluster
Site B Enterprise Network
Ac4ve Directory
AD FS Server
AD FS Server
Site B DMZ
GLB NLB GLB NLB
Web Applica4on
Proxy
Web Applica4on
Proxy SQL Server Cluster
SQ
L M
irror
ing
![Page 16: Choosing)the)RightDirectory)Integraon)Framework)) for)Your ...resources.onelogin.com/Webinar-Choosing-the-Right-Directory... · Office 365 – Time to Federate with ADFS? ADFS Overhead](https://reader034.fdocuments.us/reader034/viewer/2022050508/5f99510a48e56a4f220f2ef1/html5/thumbnails/16.jpg)
Prerequisites for Office 365 (and AAD)
• Azure Ac4ve Directory is founda4onal to Office 365
• Synchronize your Ac4ve Directory forest to AAD • Microso1’s Directory Synchroniza4on appliance takes care of this
• Mul4-‐forest topologies will require custom integra4on
• Establish federa4on with AD FS • Password synchroniza4on is also an op4on
• Ensure your infrastructure can deliver the SLAs you need to be successful with Office 365
![Page 17: Choosing)the)RightDirectory)Integraon)Framework)) for)Your ...resources.onelogin.com/Webinar-Choosing-the-Right-Directory... · Office 365 – Time to Federate with ADFS? ADFS Overhead](https://reader034.fdocuments.us/reader034/viewer/2022050508/5f99510a48e56a4f220f2ef1/html5/thumbnails/17.jpg)
The Big Picture
• Cloud applica4ons and services are rapidly becoming the main stream • Your IT organiza4on needs to evolve to respond to this shi1
• Iden4ty management is a cri4cal component of the cloud picture • Federa4on is a technology you must be on top of
• The tools and services IT must run to run successfully in the cloud are new and evolving • You will need to adapt both in skills and service sets to succeed as an enabler
• Don’t discount the cost and complexity of new on-‐premises infrastructure
![Page 18: Choosing)the)RightDirectory)Integraon)Framework)) for)Your ...resources.onelogin.com/Webinar-Choosing-the-Right-Directory... · Office 365 – Time to Federate with ADFS? ADFS Overhead](https://reader034.fdocuments.us/reader034/viewer/2022050508/5f99510a48e56a4f220f2ef1/html5/thumbnails/18.jpg)
www.disys.com © 2013 Digital Intelligence Systems, LLC.
Office 365 and OneLogin Collin Hachwi
IT Infrastructure Manager
![Page 19: Choosing)the)RightDirectory)Integraon)Framework)) for)Your ...resources.onelogin.com/Webinar-Choosing-the-Right-Directory... · Office 365 – Time to Federate with ADFS? ADFS Overhead](https://reader034.fdocuments.us/reader034/viewer/2022050508/5f99510a48e56a4f220f2ef1/html5/thumbnails/19.jpg)
Digital Intelligence Systems, LLC
• Global Services and Staffing • 650 + employees and 4000 consultants, • Offices through US, Brazil, Asia and Europe
2 © 2013 Digital Intelligence Systems, LLC.
![Page 20: Choosing)the)RightDirectory)Integraon)Framework)) for)Your ...resources.onelogin.com/Webinar-Choosing-the-Right-Directory... · Office 365 – Time to Federate with ADFS? ADFS Overhead](https://reader034.fdocuments.us/reader034/viewer/2022050508/5f99510a48e56a4f220f2ef1/html5/thumbnails/20.jpg)
Digital Intelligence Systems, LLC
User Environment • Increasing use of Cloud Apps:
Office 365, BMC Remedyforce, Concur
• 4,650 Users – personal devices, mobile access, 24/7, 20% YOY growth in users
• Demanding and knowledgeable sales force
IT Environment • Datacenter
• 5 person team with 50 simultaneous projects
• Two Active Directory Instances
• Opening 3 or 4 new offices per year
© 2013 Digital Intelligence Systems, LLC. 3
![Page 21: Choosing)the)RightDirectory)Integraon)Framework)) for)Your ...resources.onelogin.com/Webinar-Choosing-the-Right-Directory... · Office 365 – Time to Federate with ADFS? ADFS Overhead](https://reader034.fdocuments.us/reader034/viewer/2022050508/5f99510a48e56a4f220f2ef1/html5/thumbnails/21.jpg)
Time to Federate!
![Page 22: Choosing)the)RightDirectory)Integraon)Framework)) for)Your ...resources.onelogin.com/Webinar-Choosing-the-Right-Directory... · Office 365 – Time to Federate with ADFS? ADFS Overhead](https://reader034.fdocuments.us/reader034/viewer/2022050508/5f99510a48e56a4f220f2ef1/html5/thumbnails/22.jpg)
Office 365 – Time to Federate
Requirements
• Real-time directory integration • Quick provisioning and deprovisioning • Compliance reporting • Secure, easy to manage solution • Ability to go beyond Office 365 • 99.99% uptime SLA
5 © 2013 Digital Intelligence Systems, LLC.
![Page 23: Choosing)the)RightDirectory)Integraon)Framework)) for)Your ...resources.onelogin.com/Webinar-Choosing-the-Right-Directory... · Office 365 – Time to Federate with ADFS? ADFS Overhead](https://reader034.fdocuments.us/reader034/viewer/2022050508/5f99510a48e56a4f220f2ef1/html5/thumbnails/23.jpg)
Office 365 – Time to Federate with ADFS?
ADFS Overhead • 4 Servers: Compute, Storage &
Licensing • On-going maintenance & support • Impact on disaster recovery &
backup • Specialized skills • Clunky, too many components
Limited Functionality • No reporting • Not real time • No security policies • No integrated MFA • No integration with Google Directory • No support for form-based apps • No provisioning with entitlements • No mobile support
© 2013 Digital Intelligence Systems, LLC. 6
…but the biggest consideration was time
![Page 24: Choosing)the)RightDirectory)Integraon)Framework)) for)Your ...resources.onelogin.com/Webinar-Choosing-the-Right-Directory... · Office 365 – Time to Federate with ADFS? ADFS Overhead](https://reader034.fdocuments.us/reader034/viewer/2022050508/5f99510a48e56a4f220f2ef1/html5/thumbnails/24.jpg)
Office 365 – Time to Federate
© 2013 Digital Intelligence Systems, LLC. 7
Prepare Plan Deploy Infrastructure Test Finalize
Federation Ongoing
Maintenance and Support
ADFS
1 2 3 4 5 6 7 8 9 10 11 12 ….
Prepare Plan Deploy and Test Federate Ongoing
![Page 25: Choosing)the)RightDirectory)Integraon)Framework)) for)Your ...resources.onelogin.com/Webinar-Choosing-the-Right-Directory... · Office 365 – Time to Federate with ADFS? ADFS Overhead](https://reader034.fdocuments.us/reader034/viewer/2022050508/5f99510a48e56a4f220f2ef1/html5/thumbnails/25.jpg)
Office 365 – Time to Federate
OneLogin
© 2013 Digital Intelligence Systems, LLC. 8
Prepare Plan Finalize Federation Test
2 hr 2 hr 30 min 30 min
Prepare Plan Federate Test
![Page 26: Choosing)the)RightDirectory)Integraon)Framework)) for)Your ...resources.onelogin.com/Webinar-Choosing-the-Right-Directory... · Office 365 – Time to Federate with ADFS? ADFS Overhead](https://reader034.fdocuments.us/reader034/viewer/2022050508/5f99510a48e56a4f220f2ef1/html5/thumbnails/26.jpg)
OneLogin
© 2013 Digital Intelligence Systems, LLC. 9
![Page 27: Choosing)the)RightDirectory)Integraon)Framework)) for)Your ...resources.onelogin.com/Webinar-Choosing-the-Right-Directory... · Office 365 – Time to Federate with ADFS? ADFS Overhead](https://reader034.fdocuments.us/reader034/viewer/2022050508/5f99510a48e56a4f220f2ef1/html5/thumbnails/27.jpg)
OneLogin – Provisioning with Entitlements
© 2013 Digital Intelligence Systems, LLC. 10
![Page 28: Choosing)the)RightDirectory)Integraon)Framework)) for)Your ...resources.onelogin.com/Webinar-Choosing-the-Right-Directory... · Office 365 – Time to Federate with ADFS? ADFS Overhead](https://reader034.fdocuments.us/reader034/viewer/2022050508/5f99510a48e56a4f220f2ef1/html5/thumbnails/28.jpg)
© 2013 Digital Intelligence Systems, LLC. 11
OneLogin Provisioning with Entitlements
![Page 29: Choosing)the)RightDirectory)Integraon)Framework)) for)Your ...resources.onelogin.com/Webinar-Choosing-the-Right-Directory... · Office 365 – Time to Federate with ADFS? ADFS Overhead](https://reader034.fdocuments.us/reader034/viewer/2022050508/5f99510a48e56a4f220f2ef1/html5/thumbnails/29.jpg)
OneLogin – Desktop SSO
© 2013 Digital Intelligence Systems, LLC. 12
• Automatic sign-on within corporate network • One less step for end users
![Page 30: Choosing)the)RightDirectory)Integraon)Framework)) for)Your ...resources.onelogin.com/Webinar-Choosing-the-Right-Directory... · Office 365 – Time to Federate with ADFS? ADFS Overhead](https://reader034.fdocuments.us/reader034/viewer/2022050508/5f99510a48e56a4f220f2ef1/html5/thumbnails/30.jpg)
OneLogin – Desktop SSO
© 2013 Digital Intelligence Systems, LLC. 13
• Automatic sign-on within corporate network • One less step for end users
![Page 31: Choosing)the)RightDirectory)Integraon)Framework)) for)Your ...resources.onelogin.com/Webinar-Choosing-the-Right-Directory... · Office 365 – Time to Federate with ADFS? ADFS Overhead](https://reader034.fdocuments.us/reader034/viewer/2022050508/5f99510a48e56a4f220f2ef1/html5/thumbnails/31.jpg)
OneLogin – MFA Policies
© 2013 Digital Intelligence Systems, LLC. 14
• Supported without any special hardware or software
![Page 32: Choosing)the)RightDirectory)Integraon)Framework)) for)Your ...resources.onelogin.com/Webinar-Choosing-the-Right-Directory... · Office 365 – Time to Federate with ADFS? ADFS Overhead](https://reader034.fdocuments.us/reader034/viewer/2022050508/5f99510a48e56a4f220f2ef1/html5/thumbnails/32.jpg)
© 2013 Digital Intelligence Systems, LLC. 15
OneLogin – MFA Policies
• Supported without any special hardware or software
![Page 33: Choosing)the)RightDirectory)Integraon)Framework)) for)Your ...resources.onelogin.com/Webinar-Choosing-the-Right-Directory... · Office 365 – Time to Federate with ADFS? ADFS Overhead](https://reader034.fdocuments.us/reader034/viewer/2022050508/5f99510a48e56a4f220f2ef1/html5/thumbnails/33.jpg)
Assume User
© 2013 Digital Intelligence Systems, LLC. 16
![Page 34: Choosing)the)RightDirectory)Integraon)Framework)) for)Your ...resources.onelogin.com/Webinar-Choosing-the-Right-Directory... · Office 365 – Time to Federate with ADFS? ADFS Overhead](https://reader034.fdocuments.us/reader034/viewer/2022050508/5f99510a48e56a4f220f2ef1/html5/thumbnails/34.jpg)
OneLogin - Assume User
© 2013 Digital Intelligence Systems, LLC. 17
![Page 35: Choosing)the)RightDirectory)Integraon)Framework)) for)Your ...resources.onelogin.com/Webinar-Choosing-the-Right-Directory... · Office 365 – Time to Federate with ADFS? ADFS Overhead](https://reader034.fdocuments.us/reader034/viewer/2022050508/5f99510a48e56a4f220f2ef1/html5/thumbnails/35.jpg)
OneLogin – Real-time de-provisioning
© 2013 Digital Intelligence Systems, LLC. 18
• Do it once • All access to corporate data and apps is immediately removed
• Never over or under subscribed for apps
![Page 36: Choosing)the)RightDirectory)Integraon)Framework)) for)Your ...resources.onelogin.com/Webinar-Choosing-the-Right-Directory... · Office 365 – Time to Federate with ADFS? ADFS Overhead](https://reader034.fdocuments.us/reader034/viewer/2022050508/5f99510a48e56a4f220f2ef1/html5/thumbnails/36.jpg)
Recommendations
© 2013 Digital Intelligence Systems, LLC. 19
• Have a plan • Layout your groups and policies beforehand • Identify your report and security environment
![Page 37: Choosing)the)RightDirectory)Integraon)Framework)) for)Your ...resources.onelogin.com/Webinar-Choosing-the-Right-Directory... · Office 365 – Time to Federate with ADFS? ADFS Overhead](https://reader034.fdocuments.us/reader034/viewer/2022050508/5f99510a48e56a4f220f2ef1/html5/thumbnails/37.jpg)
Do More
• Team is working on new business solutions • Saved time and money • Use anywhere on any device • MFA support • With subscription services, you are never under or over provisioned • More than just Office 365
© 2013 Digital Intelligence Systems, LLC. 20