DigitalPersona. SSO for Office 365. On Premise DigitalPersona SSO for Office 365. Solution Deployment Guide

Similar documents
RSA SecurID Access Configuration for Microsoft Office 365 STS (Secure Token Service)

RSA SecurID Access SAML Configuration for Microsoft Office 365

Cloud Secure. Microsoft Office 365. Configuration Guide. Product Release Document Revisions Published Date

VMware Identity Manager Integration with Office 365

VMware Identity Manager Integration with Office 365

Cloud Access Manager How to Configure Microsoft Office 365

ComponentSpace SAML v2.0 Office 365 Integration Guide

AAD Connect setup guide

Tech Dive: Microsoft Azure Identity Management and Office 365

NetScaler Radius Authentication. Integration Guide

Course Outline 20742B

M20742-Identity with Windows Server 2016

REVISED 6 NOVEMBER 2018 COMPONENT DESIGN: VMWARE IDENTITY MANAGER ARCHITECTURE

20742: Identity with Windows Server 2016

Office 365 Administration and Troubleshooting

Identity with Windows Server 2016

METHODOLOGY This program will be conducted with interactive lectures, PowerPoint presentations, discussions and practical exercises.

Course 10997A: Office 365 Administration and Troubleshooting

INTEGRATING OKTA: VMWARE WORKSPACE ONE OPERATIONAL TUTORIAL VMware Workspace ONE

Single Sign On for Office 365 with NetScaler

Cloud Secure Integration with ADFS. Deployment Guide

Identity with Windows Server 2016

Configuring the BIG-IP APM as a SAML 2.0 Identity Provider for Microsoft Office 365

Setting Up Resources in VMware Identity Manager (SaaS) Modified 15 SEP 2017 VMware Identity Manager


20347: Enabling and Managing Office hours

Enabling and Managing Office 365

SafeNet Authentication Client

Enabling and Managing Office 365 (NI152) 40 Hours MOC 20347A

Office 365 Connector 2.1

Office 365 Administration and Troubleshooting

ENABLING AND MANAGING OFFICE 365

Enabling and Managing Office 365

Office : Enabling and Managing Office 365. Upcoming Dates. Course Description. Course Outline

Microsoft Azure Architect Technologies (beta)

VMWARE HORIZON CLOUD WITH VMWARE IDENTITY MANAGER QUICK START GUIDE WHITE PAPER MARCH 2018

Chime for Lync High Availability Setup

Microsoft Enabling and Managing Office 365

Setting Up Resources in VMware Identity Manager

Configure a one-way hybrid environment with SharePoint Server 2013 and Office 365

Course Outline. Enabling and Managing Office 365 Course 20347A: 5 days Instructor Led

Integrating On-Premises Identity Infrastructure with Microsoft Azure

Planning for and Managing Devices in the Enterprise: Enterprise Mobility Suite (EMS) & On-Premises Tools

Office 365 and Azure Active Directory Identities In-depth

Office 365 Administration and Troubleshooting

2016 Braindump2go Valid Microsoft Exam Preparation Materials:

Course 10993A: Integrating On-Premises Identity Infrastructure with Microsoft Azure

Enabling and Managing Office 365

[MS20347]: Enabling and Managing Office 365

Education and Support for SharePoint, Office 365 and Azure

INSTALLATION GUIDE Spring 2017

Vendor: Microsoft. Exam Code: Exam Name: Managing Office 365 Identities and Requirements. Version: Demo

Planning for and Managing Devices in the Enterprise: Enterprise Management Suite (EMS) & On-Premises Tools

Microsoft Official Curriculum Enabling and Managing Office 365 (5 Days - English) Programme détaillé

Setting Up Resources in VMware Identity Manager (On Premises) Modified on 30 AUG 2017 VMware AirWatch 9.1.1

Coveo Platform 7.0. Microsoft SharePoint Legacy Connector Guide

Use EMS to protect your mobile data and mobile app

Planning for and Managing Devices in the Enterprise: Enterprise Mobility Suite (EMS) & On- Premises Tools

Deploying VMware Workspace ONE Intelligent Hub. October 2018 VMware Workspace ONE

CLI users are not listed on the Cisco Prime Collaboration User Management page.

Course Content of Office 365:

Managing Identity Lifecycles at Scale

MCSA Office 365 Bootcamp

Identity with Windows Server 2016 (20742)

REVIEWERS GUIDE NOVEMBER 2017 REVIEWER S GUIDE FOR CLOUD-BASED VMWARE WORKSPACE ONE: MOBILE SINGLE SIGN-ON. VMware Workspace ONE

ENABLING AND MANAGING OFFICE 365

Colligo Console. Administrator Guide

SAML-Based SSO Configuration

Centrify for Dropbox Deployment Guide

Enabling Single Sign-On Using Microsoft Azure Active Directory in Axon Data Governance 5.2

Single Sign-On for PCF. User's Guide

Configuring ADFS for Academic Works

Manage SAML Single Sign-On

Single Sign-On Showdown

20398: Planning for and Managing Devices in the Enterprise: Enterprise Mobility Suite (EMS) and On- Premises Tools

Q&As Managing Office 365 Identities and Requirements

At Course Completion After completing this course, students will be able to:

Azure MFA Integration with NetScaler

October J. Polycom Cloud Services Portal

Guide to Deploying VMware Workspace ONE. VMware Identity Manager VMware AirWatch 9.1

20347: Enabling and Managing Office 365

Revised: 08/02/ Click the Start button at bottom left, enter Server Manager in the search box, and select it in the list to open it.

DocAve. Release Notes. Governance Automation Service Pack 5 Cumulative Update 2. For Microsoft SharePoint

One Identity Active Roles 7.2. Azure AD and Office 365 Management Administrator Guide

Guide to Deploying VMware Workspace ONE with VMware Identity Manager. SEP 2018 VMware Workspace ONE

VMware Identity Manager Administration

CONFIGURING AD FS AS A THIRD-PARTY IDP IN VMWARE IDENTITY MANAGER: VMWARE WORKSPACE ONE OPERATIONAL TUTORIAL VMware Workspace ONE

Office 365 for IT Pros

Configuring User VPN For Azure

10997: Office 365 Administration and Troubleshooting

Vendor: Microsoft. Exam Code: Exam Name: Administering Office 365. Version: DEMO

At Course Completion: Course Outline: Course 20742: Identity with Windows Server Learning Method: Instructor-led Classroom Learning

271 Waverley Oaks Rd. Telephone: Suite 206 Waltham, MA USA

Contents. Multi-Factor Authentication Overview. Available MFA Factors

Overview. Audience profile. At course completion. Module Title : 20334A:Core Solutions of Skype for Business Course Outline :: 20334A::

D9.2.2 AD FS via SAML2

Guide to Deploying VMware Workspace ONE. DEC 2017 VMware AirWatch 9.2 VMware Identity Manager 3.1

10997A: Office 365 Administration and Troubleshooting

Directory Integration with VMware Identity Manager

AppScaler SSO Active Directory Guide

Transcription:

DigitalPersona SSO for Office 365 On Premise DigitalPersona SSO for Office 365 Solution Deployment Guide

Copyright 2017 Crossmatch. All rights reserved. Specifications are subject to change without prior notice. The Crossmatch logo and Crossmatch are trademarks or registered trademarks of Cross Match Technologies, Inc. in the United States and other countries. DigitalPersona is a registered trademark of DigitalPersona, Inc., which is owned by the parent company of Cross Match Technologies, Inc. All other brand and product names are trademarks or registered trademarks of their respective owners. Published: June 15, 2017 (v2.2)

Table of Contents Scope... 4 Prerequisites... 4 Configure Federation for Office 365 tenant... 4 Turn off Federation... 5 Troubleshooting... 6 DPCA SSO for Office 365 - On Premise - AD Solution Deployment Guide 3

Scope This document covers deployment and configuration of DigitalPersona STS with an Office 365 Federated Domain, and connection to an on-premise DigitalPersona AD Server. Active Directory users will be synchronized to Azure AD via Azure AD Connect, and users will gain access to the enterprise s SaaS applications. Prerequisites The following prerequisites should be satisfied prior to continuing with deployment. Public domain name This must be the same domain name registered with Office 365 tenant. SSL certificate Either a wildcard certificate for the public domain name, or one for the specific host name that will be used for STS. Office 365 Tenant An Office 365 subscription with at least the Pro Plus plan. Administrator Account An Office 365 Global Administrator account is required in order to change the tenant from Manage mode to Federation mode. Azure Active Directory Sync tool The AAD Sync tool must be configured to use UPN as the On premise attribute to Azure AD username, and the source Anchor should be objectguid. DigitalPersona Server A DigitalPersona AD Server must be installed and licensed. Users Users need to be enrolled with the DigitalPersona Server. STS Preconfigured DigitalPersona STS and all required components for STS. Ensure that you are able to open the STS Metadata page by navigating to the following URL: https://<external_host_name>/dpsts/wsfed/metadata Configure Federation for Office 365 tenant WARNING: Federation generally takes between 15 and 90 minutes. During this time access to all Office 365 apps will be unavailable. On the system which has AAD Sync installed, install the Azure AD PowerShell Module. You can download the Azure Active Directory Module for Windows PowerShell (64-bit) from (http://go.microsoft.com/fwlink/p/?linkid=236297), and click Run to launch the installer package. In a PowerShell session, perform the following steps to configure your Azure AD domain as a Federated domain: 1. Start a Windows PowerShell session. 2. Import the MSOnline mode by entering the following cmdlet. Import-Module MSOnline 3. Connect to the online service by executing the following cmdlet. DPCA SSO for Office 365 - On Premise - AD Solution Deployment Guide 4

Connect-MSolService 4. Enter the Office 365 administrator username and password. 5. Verify that the domain name is listed by executing the following cmdlet. Get-MsolDomain -domain <domainname> You should be able to see the name of the domain that you will be federating. 6. Convert the domain to a federated domain by executing the Set-MsolDomainAuthentication cmdlet with the parameters shown below, replacing the highlighted elements with your domain name and STS FQDN. Also specify the signing certificate value, which you can find by navigating to your STS metadata page and copying the string representation of the signing certificate. The STS Medata data URL is https://sts.<domainname>/dppassivests/wsfed/metadata Set-MsolDomainAuthentication -DomainName <domainname>.com -Authentication Federated -ActiveLogOnUri https://sts.mydomain.com/dpactivests/activesecuritytokenservice.svc/mixed/username/ -IssuerUri https://sts.<domainname>/dpsts -LogOffUri https://sts.<domainname>/dpsts/wsfed -MetadataExchangeUri https://sts.<domainname>/dpactivests/activesecuritytokenservice.svc/mex -PassiveLogOnUri https://sts.<domainname>/dpsts/wsfed -PreferredAuthenticationProtocol WSFED -SigningCertificate CertficateValue " Example Set-MsolDomainAuthentication -DomainName <domainname> -Authentication Federated -ActiveLogOnUri https://sts. DPCA SSO for Office 365 - On Premise - AD Solution Deployment Guide 5

<domainname>/dpactivests/activesecuritytokenservice.svc/mixed/username/ - IssuerUri https://sts.<domainname>/dpsts -LogOffUri https://sts.<domainname>/dpsts/wsfed -MetadataExchangeUri https://sts.<domainname>/dpactivests/activesecuritytokenservice.svc/mex - PassiveLogOnUri https://sts.<domainname>/dpsts/wsfed - PreferredAuthenticationProtocol WSFED -SigningCertificate MIIDADCCAeigAwIBAgIQQCbMQ9s9YYRHa3UFMY/1CDANBgkqhkiG9w0BAQ0F ADAYMRYwFAYDVQQDDA1zdHMucWFtZmEuY29tMB4XDTE3MDMwNjIyMjAz MVoXDTE4MDMwNjIyMjAzMVowGDEWMBQGA1UEAwwNc3RzLnFhbWZhLmNv btccasiwdqyjkozihvcnaqebbqadggepadccaqocggebaocegdysstdtyaw 26oGfWXB1sapJ0xi1OTnHIZiwtzgpgRu9vwpTxRE/SI5NqE53T+txba+bS2tsy80mCnPF MUqnAZ70CFrqkFgaxDid1Sx4APXNFwCyUgKBQ8aGIPz79WVzwCEvnIofXbS6GC6 YJm3tj0F7RBU3P0Q5MCdHe6FNn9XtKq9vHbA3Oq+jW+xdoAn/kbBxbBBXOpiNuDs 1dW932Rk3KP1wvz1Uz46UZ0w5tT6dPYclstaLdaikdhqNY35/Bz6bA9xUFIju5HKv75n/ 5jlTaOcHfMybb7D4rSHUVaCk6a7FnCOAfycNQ5XqPeentcCYYxm+LLgGGoWbhscC AwEAAaNGMEQwEwYDVR0lBAwwCgYIKwYBBQUHAwEwHQYDVR0OBBYEFJ ytugnlhjsmwcdnq4hkbrwq5qulma4ga1uddweb/wqeawifidanbgkqhkig9w 0BAQ0FAAOCAQEA47qrxXZIIfyufs1aTEAQeMXVeGGnDUv22b5TpXl4aUsjP8D4fIg uxqrzw3zz7ucs+tvt+k0nkpkotaindc33ljucthv11wkzwrb0y5wz/1txw4qntywpv saixeb/peqhsx02nhgvopbxinh10rnzg5hxclbqgiwl4wkmv+hdb/7ltwqdgpfm RS7LeeuDkrVmWqzWDaHlmlpnM2N7ZK7SnScVgppxtEsjyxFryimf9kyzeJrYggOvbJC Gvf/IkFg35IS2F+mgqKEvsQO4+F1kIqOspZZgWBHNDdQv0iSRLn2EXp4Oi0NWdAd7 J8Mp7KtBibID5To0vhRj+F8YARGZOQ== To Turn off Federation If at some point, it is necessary to turn off the federation and switch back to a Managed domain, you can run the following cmdlet with the option Managed. Set-MsolDomainAuthentication -DomainName <domainname> -Authentication Managed Troubleshooting 1. If the STS login page displays on the server hosting STS, but not externally, the bindings need to be verified on IIS to make sure they contain the correct certificate. The STS certificate needs to be selected. 2. Logging can be enabled on the DPActiveSTS website by including the following in its web.config file <sharedlisteners> <add initializedata="c:\dptrace\tracingandlogging-server.svclog" type="system.diagnostics.xmlwritertracelistener" name="xml" /> </sharedlisteners> 3. For troubleshooting any application connectivity issues after federation, you can use the Remote Connectivity Analyzer at https://testconnectivity.microsoft.com/. DPCA SSO for Office 365 - On Premise - AD Solution Deployment Guide 6

4. You should clear out any previous tokens or sessions and start fresh after Federation. For example, sign out of any MS-Office applications and delete user sign-in information from Skype. DPCA SSO for Office 365 - On Premise - AD Solution Deployment Guide 7

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback