Extranet Identity Management and Authentication for SharePoint On Premise, Office 365 and Beyond

Similar documents
Extranets in SharePoint and SSO for Claims Apps. January 18, 2017

Extranets in SharePoint 2010 and 2013

External Collaboration with Office 365 Project Sites. September 16, 2015

Extranets in SharePoint 2010 and 2013

Extranets in SharePoint and Office 365 May 17, 2017

SharePoint 2019 and Extranet User Manager

Office 365 External Sharing Webinar November 7, 2017

Define Your Office 365 External Sharing Strategy

Running Effective Projects In Office 365. June 1, 2017

CLB379 SharePoint 2010 Extranets and Authentication. Peter Carson President Envision IT

Thank You Sponsors! GOLD SILVER BRONZE / PRIZES

Office 365 and Azure Active Directory Identities In-depth

Web Content Management in SharePoint 2013

DATACENTER MANAGEMENT Goodbye ADFS, Hello Modern Authentication! Osman Akagunduz

2010 Publishing Site Upgrade to SharePoint 2013

Search in SharePoint 2013

Envision IT Office 365 Productivity Series Experience, Branding and Navigation. June 24, 2015

Tech Dive: Microsoft Azure Identity Management and Office 365

Extranet User Manager

Coveo Platform 7.0. Microsoft SharePoint Legacy Connector Guide

Use EMS to protect your mobile data and mobile app

Identity as the Entrée to the Microsoft Cloud

Vendor: Microsoft. Exam Code: Exam Name: Administering Office 365. Version: DEMO

SharePoint 2013 Web Sites

Azure Active Directory from Zero to Hero

Object of this document

SAP Security in a Hybrid World. Kiran Kola

Qualys SAML & Microsoft Active Directory Federation Services Integration

SharePoint 2013 Web Sites

Udemy for Business SSO. Single Sign-On (SSO) capability for the UFB portal

Single Sign-On Showdown

Coveo Platform 7.0. Microsoft SharePoint Connector Guide

Copyright

Microsoft SharePoint Server 2013 Plan, Configure & Manage

Use Microsoft EMS. to Protect your Mobile Data and Mobile Apps. Chris Nackers Nackers Consulting

SAML-Based SSO Solution

How to Use ADFS to Implement Single Sign-On for an ASP.NET MVC Application

SAML-Based SSO Solution

Ramnish Singh IT Advisor Microsoft Corporation Session Code:

Cloud Access Manager Overview

Application Lifecycle Management for SharePoint in the Enterprise. February 23, 2012

Microsoft ADFS Configuration

ArcGIS Server and Portal for ArcGIS An Introduction to Security

Connect Authenticate

Total Cost of Ownership Overview ADFS vs OneLogin WHITEPAPER

Tracking changes in Hybrid Identity environments with both Active Directory and Azure Active Directory

VIEVU Solution AD Sync and ADFS Guide

O365 Solutions. Three Phase Approach. Page 1 34

Advanced Solutions of Microsoft SharePoint Server 2013

Advanced Solutions of Microsoft SharePoint Server 2013 Course Contact Hours

20331B: Core Solutions of Microsoft SharePoint Server 2013

Advanced Solutions of Microsoft SharePoint 2013

Course 20533B: Implementing Microsoft Azure Infrastructure Solutions

Access Management Handbook

Microsoft Core Solutions of Microsoft SharePoint Server 2013

ArcGIS Online A Security, Privacy, and Compliance Overview. Andrea Rosso Michael Young

Overview What is Azure Multi-Factor Authentication? How it Works Get started Choose where to deploy MFA in the cloud MFA on-premises MFA for O365

Centrify Identity Services for AWS

How Microsoft s Enterprise Mobility Suite Provides helps with those challenges

ArcGIS Enterprise Security: Advanced. Gregory Ponto & Jeff Smith

Microsoft Managing Office 365 Identities and Requirements. Download Full version :

SHAREPOINT 2016 ADMINISTRATOR BOOTCAMP 5 DAYS

Configuring Claims-based Authentication for Microsoft Dynamics CRM Server. Last updated: May 2015

Liferay Security Features Overview. How Liferay Approaches Security

Colligo Console. Administrator Guide

Configuring Claims-based Authentication for Microsoft Dynamics CRM Server. Last updated: June 2014

ArcGIS Enterprise Security: An Introduction. Gregory Ponto & Jeff Smith

Exam Code: Exam Code: Exam Name:Managing Office 365 Identities and Requirements.

Office : Enabling and Managing Office 365. Upcoming Dates. Course Description. Course Outline

SafeNet Authentication Service

[MS20347]: Enabling and Managing Office 365

Dell One Identity Cloud Access Manager 8.0. Overview

Hybrid Identity de paraplu in de cloud

with Access Manager 51.1 What is Supported in This Release?

Advanced On-Prem SSRS 2017 for Non-AD Users. Dr. Subramani Paramasivam MVP & Microsoft Certified Trainer DAGEOP, UK

Extranet User Manager User Guide

20347: Enabling and Managing Office hours

User Directories. Overview, Pros and Cons

Integration Guide. SafeNet Authentication Manager. Using SAM as an Identity Provider for SonicWALL Secure Remote Access

Planning for and Managing Devices in the Enterprise: Enterprise Mobility Suite (EMS) & On-Premises Tools

ArcGIS Enterprise Security: An Introduction. Randall Williams Esri PSIRT

Course Outline 20742B

Partner Center: Secure application model

Ten most common Mistakes with AD FS and Hybrid Identity. Sander Berkouwer MVP, DirTeam.com

SafeNet Authentication Client

Vendor: Microsoft. Exam Code: MB Exam Name: Microsoft Dynamics CRM Online Deployment. Version: Demo

Planning for and Managing Devices in the Enterprise: Enterprise Management Suite (EMS) & On-Premises Tools

Google Identity Services for work

NETOP PORTAL ADFS & AZURE AD INTEGRATION

ArcGIS for Server: Security

13241 Woodland Park Road, Suite 400 Herndon, VA USA A U T H O R : E X O S T A R D ATE: M A R C H V E R S I O N : 3.

Planning for and Managing Devices in the Enterprise: Enterprise Mobility Suite (EMS) & On- Premises Tools

Q&As Managing Office 365 Identities and Requirements

All about SAML End-to-end Tableau and OKTA integration

MOC 20417C: Upgrading Your Skills to MCSA Windows Server 2012

Active Directory Services with Windows Server

ENABLING AND MANAGING OFFICE 365

At Course Completion After completing this course, students will be able to:

About This Document 3. Overview 3. System Requirements 3. Installation & Setup 4

Centrify for Dropbox Deployment Guide

Transcription:

Extranet Identity Management and Authentication for SharePoint On Premise, Office 365 and Beyond Presented by Peter Carson President, Envision IT October 22, 2014

Peter Carson President, Envision IT SharePoint MVP Virtual Technical Specialist, Microsoft Canada peter@envisionit.com http://blog.petercarson.ca www.envisionit.com Twitter @carsonpeter VP Toronto SharePoint User Group

Hugh Davidson Business Development Manager, Product Sales e: hdavidson@envisionit.com p: (905) 812-3009 x222

Denesh Sohan Director of Products e: dsohan@envisionit.com p: (905) 812-3009 x298

Corey Thokle Project Manager e: cthokle@envisionit.com p: (905) 812 3009 ext.248

Agenda Envision IT Overview Extranet Scenarios Extranet User Manager Overview SharePoint On Premises Demo Federation Office 365 Demo Wrap-Up and Q&A

Envision IT Services Overview Focused on complex SharePoint solutions, Envision IT is the go-to partner for Microsoft SharePoint, building integrated public web sites, Intranets, Extranets, and web applications that leverage your existing systems anywhere over the Internet.

Public Web Sites We create interactive, content-rich customer-facing web sites that are able to grow and transform with changing needs

Collaboration Portals Our Collaboration Portals provide a secure space for teams to share knowledge and resources

Intranets Our Intranet Sites connect people to information, expertise and key business applications, and SharePoint provides a broad set of Enterprise Content Management features

Extranets Envision IT has a wealth of experience building Corporate Extranets that allow you to securely connect with customers and partners

What is an Extranet An Extranet is a web site that is accessible to users outside of the corporate network, which allows organizations to share information and collaborate with their customers, partners, and/or vendors in a secure and easy-to-use environment The Extranet may be added as a module into the Intranet site to only allow external users into specific sub-sites of the Intranet

Poll 1 Which Version of SharePoint are you currently using? SharePoint Server 2013 Office 365 SharePoint Server 2010 SharePoint Foundation (2010 or 2013) MOSS 2007 or WSS 3.0

Poll 2 How do you use SharePoint today? Internal collaboration Internal web publishing (Intranet) Extranets Public facing website

Extranet Scenarios

SharePoint On Premise Authentication Options Windows Authentication Forms-Based Authentication Federated Identity.NET Providers Relying Party Active Directory AD SQL Trusted Identity Provider Windows Claims Or Classic Mode Claims AD Claims User Store

Office 365 Authentication Options Cloud Identity Directory and Password Synchronization Federated Identity Windows Azure Active Directory Windows Azure Active Directory Windows Azure Active Directory DirSync and Password Sync Federation User Sync No Integration On Premise Identity Integration with no federation On Premise Identity Single federated identity and credentials

SharePoint Extranets - OOTB On premises SharePoint can be published externally through SSL Unless an additional reverse proxy is used, the login experience is very basic No forgotten password, change password, or self-registration IT needs to setup and manage external users No mechanism for getting credentials to users

SharePoint Extranets Office 365 Up to 10,000 free external users in your Office 365 subscription through External Sharing Must use the Microsoft login form External users must have a Microsoft account, or be an Office 365 subscriber themselves No control over what account is used to accept the invitation

SharePoint Extranets Forms Based Authentication Branded and friendly login form is possible Requires custom development Users can be stored outside of the corporate Active Directory Installation is manual and requires re-configuring numerous config files on the SharePoint servers Previous releases of Extranet User Manger (Version 2.6 and prior) addressed the login form, branding, installation, selfregistration, forgotten password, and user management delegation issues

SharePoint Extranets - Federation Supports SharePoint 2010 and 2013 on premises, and Office 365 Fully branded user experience Friendly customizable login form Login with email address Automatic login for internal users Customizable self-registration with approvals Welcome email to set credentials Forgotten password reset Delegation of user management to business or externally Delegated group management simplifies permissions Supports single sign-on to other claims-aware applications Improved governance over your Extranet

Extranet User Manager Easy delegation of user management to business Self-registration, approvals, forgotten password reset Simplified login for both internal and external users

Main Components Administration console Used by IT to configure EUM Used by the business to manage users and groups End User Components that the Extranet users see Login, disclaimer, change password, forgotten password Registration Allow users to self-register Support approval workflows

Pricing Full pricing details available at www.envisionit.com/eum Standard edition $8,000 USD per production farm No limits on the number of SharePoint web front ends Four hours of Premium Software Support Enterprise Edition $13,000 USD Unlimited SSO authentication to claims aware applications Eight hours of Premium Software Support 20% annual Software Assurance provides all product updates Dev and QA farm licenses provided with up to date Software Assurance Additional support packages available Azure hosted monthly subscription plans coming next month

Registration

Registration Form Customizations

Approval Email

Approve the User

Welcome Email

Set Your Password

Login

Forgotten Password

Demo One On Premises Registration through to Login

Demo Scenario Sample site at https://productdemo13.envisionit.com SharePoint 2013 on premises AD FS for internal users External users In a separate AD Authenticating through Thinktecture Identity Server Managed with the Envision IT Extranet User Manager

Single Sign-On https://productdemo13eum.envisionit.com Extranet User Manager Installed in its own IIS site outside of SharePoint https://productdemo13sample.envisionit.com Sample ASP.NET 4.5 Visual Studio application Displays the claim information for the logged in user

Managing Your External Users with EUM Supports SharePoint 2010 and 2013 on premises, and Office 365 Fully branded user experience Friendly customizable login form Login with email address Automatic login for internal users Customizable self-registration with approvals Welcome email to set credentials Forgotten password reset Delegation of user management to business or externally Delegated group management simplifies permissions Supports single sign-on to other claims-aware applications Improved governance over your Extranet

Technical Advantages Fully supported by Microsoft with minimal changes to the SharePoint farm PowerShell script installs the required certificates into SharePoint No open firewall ports from DMZ to internal required If internal users should be able to login externally without VPN, then ADFS needs to be published externally on port 443 External users can be stored in a separate DMZ AD, or in a SQL database IT no longer needs to manage the external users, or reset their passwords

Poll 3 When would you like us to follow up? Right away November / December January

Single Sign-On and Federated Identities Trusted Identity Provider does the authentication Can be any SAML compliant provider Active Directory Federation Services Thinktecture Identity Server o www.thinktecture.com Social identities Can be AD, SQL, or other user repository under the hood Relying parties (such as SharePoint) trust the SAML token and provide the authorization based off that identity Provides Single Sign-On to multiple systems Can be any SAML claims compliant system, not just SharePoint

AD FS Servers Internal AD FS/DC Servers DMZ AD FS Proxies Web Application Proxy

AD FS Login Form Internal users shouldn t see this inside the network Can be branded, within limits

Federation

Authentication Process User Relying Party Identity Provider Active Directory Browse app RP trusts IP Not authenticated Redirected to IP Return SAML Security Token Send Token ST ST Authenticate Query for user attributes Return page and cookie

Certificates Relying party Identity Provider Root for B A Communication B Root for A Public key of C Signing ST C D Encryption ST Public key of D PKI SSL encryption is used for communication Token can be self-signed by the Identity Provider Token can also be encrypted with a self-signed certificate from the Identity Provider

Why Thinktecture over ADFS? Thinktecture Identity Server is embedded in Extranet User Manager www.thinktecture.com/identityandaccesscontrol Open source allows any customization Fully brandable (ADFS allows branding within very particular parameters) Login with email address instead of AD username Use SQL instead of AD as the underlying user repository Ability to incorporate the home realm discovery into the login form

ezrealm Home Realm Discovery Internal IP Address? No Internal email domain? No Yes Yes

Demo Two Office 365 Registration through to Login

Demo Scenario Sample site at https://eumdev.sharepoint.com EUM installed at https://eum.eitdev.org SharePoint Online in Office 365 AD FS for internal users External users In a separate AD Authenticating through Thinktecture Identity Server Managed with the Envision IT Extranet User Manager

Next Steps Reach out to Hugh Davidson, Sales e: hdavidson@envisionit.com p: (905) 812-3009 x222 Installation Support on Premise Minimum 30 day evaluation with all features enabled

Pricing Full pricing details available at www.envisionit.com/eum Standard edition $8,000 USD per production farm No limits on the number of SharePoint web front ends Four hours of Premium Software Support Enterprise Edition $13,000 USD Unlimited SSO authentication to claims aware applications Eight hours of Premium Software Support 20% annual Software Assurance provides all product updates Dev and QA farm licenses provided with up to date Software Assurance Additional support packages available

Product Roadmap SQL User Store Office 365 Support Azure Support Responsive design Quick spin-up demo environment** Multifactor Authentication Social Identity Integration

Upcoming Events ESPC Webinar Oct 30 th 9am EST http://www.envisionit.com/products/events/ CollabCon Toronto November 24 th 25 th www.collabcon.org Use the discount code ENVISIONIT for a 10% discount

Links www.envisionit.com blog.petercarson.ca www.envisionit.com/eum Video and presentation deck will be at www.envisionit.com/events Customer sites www.publichealthontario.ca www.bgccan.com www.g2gmarket.com www.redcrest.com.au www.transamerica.ca suppliers.kinross.com www.problemgambling.ca

Questions?

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback