Key Considerations in Architecting Active Directory Federation Alexander Yim WSHFC NCSHA, Nashville...
-
Upload
ethel-bates -
Category
Documents
-
view
214 -
download
0
Transcript of Key Considerations in Architecting Active Directory Federation Alexander Yim WSHFC NCSHA, Nashville...
Key Considerations in Architecting Active
Directory Federation
Alexander YimWSHFC
NCSHA, Nashville on Sept 28th, 2015
Running your AD in Cloud for your domain:
• Current status of Office365
• Need for SSO (Single Sign On)
• Microsoft Azure server vs. AWS (Amazon Web Services)
• ADFS (AD Federation Service) running on Azure server
• Preparations for the ADFS Migration
• MessageOps script for SSO
• Other options: Using F5’s BIG-IP APM solution for ADFS
• Other concerns..
SSO (Single Sign On)
• Cloud AD server running outside the FireWall
• Issues with Microsoft’s earlier version of ADFS
• Major improvement in recent years
• Renamed: from DirSync to Azure AD Sync Tool
• Has M/S ever been hacked? Do we know?
• Any time, Any where, on Any devices
Microsoft Azure Server for SaaS
• Office365
• Dynamic SQL
• SharePoint
• vs. AWS (Amazon Web Services)
• Virtualization vs. SaaS (Software as a Service)
Preparations for Azure ADFS Migration
• Identify and Resolve errors in the on-premise AD
• Use IdFix DirSync Error Remediation Tool
• Change UPN (User Principal Name) to match Email Addresses in Office365: e.g. jeffsmith > [email protected]
• Fix the List of Errors: .local, etc
• Microsoft added ADFS running on Azure in Admin of O365
• One chance to make the right decision
Vendor script for Password Sync
• Tiny script by MessageOps using PowerShell
• Works great until it breaks ..
Kg$2Ebi%*9
Other options:
• F5 Networks’ BIG5-IP APM appliance (Access Policy Management)
• Able to change passwords outside the F/W
• Email a temp password
• Two-Factor or Multi-Factor Authentication using SMS, iPhone, etc.
F5 APM solution:
Thank you!