Extranets in SharePoint 2010 and 2013

Similar documents
Extranets in SharePoint 2010 and 2013

Extranet Identity Management and Authentication for SharePoint On Premise, Office 365 and Beyond

Extranets in SharePoint and SSO for Claims Apps. January 18, 2017

Extranets in SharePoint and Office 365 May 17, 2017

SharePoint 2019 and Extranet User Manager

External Collaboration with Office 365 Project Sites. September 16, 2015

Define Your Office 365 External Sharing Strategy

Office 365 External Sharing Webinar November 7, 2017

CLB379 SharePoint 2010 Extranets and Authentication. Peter Carson President Envision IT

Thank You Sponsors! GOLD SILVER BRONZE / PRIZES

Running Effective Projects In Office 365. June 1, 2017

Extranet User Manager

Envision IT Office 365 Productivity Series Experience, Branding and Navigation. June 24, 2015

Web Content Management in SharePoint 2013

2010 Publishing Site Upgrade to SharePoint 2013

Search in SharePoint 2013

Application Lifecycle Management for SharePoint in the Enterprise. February 23, 2012

Use EMS to protect your mobile data and mobile app

SAP Security in a Hybrid World. Kiran Kola

1 Copyright 2011, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 7

Office 365 and Azure Active Directory Identities In-depth

Dell One Identity Cloud Access Manager 8.0. Overview

Cloud Access Manager Overview

Technical Overview. Access control lists define the users, groups, and roles that can access content as well as the operations that can be performed.

Microsoft SharePoint Server 2013 Plan, Configure & Manage

ArcGIS Online A Security, Privacy, and Compliance Overview. Andrea Rosso Michael Young

ArcGIS Server and Portal for ArcGIS An Introduction to Security

Coveo Platform 7.0. Microsoft SharePoint Legacy Connector Guide

Single Sign-On Showdown

Advanced Solutions of Microsoft SharePoint Server 2013 Course Contact Hours

Advanced Solutions of Microsoft SharePoint 2013

DELTA ADFS. As Built for Delta. PlanBcp SharePoint. 13-Oct-15. Information Architecture for Delta ADFS

Enhancing cloud applications by using external authentication services. 2015, 2016 IBM Corporation

Advanced Solutions of Microsoft SharePoint Server 2013

SharePoint 2013 Web Sites

SafeNet Authentication Service

Salesforce External Identity Implementation Guide

The 3 Pillars of SharePoint Security

Salesforce External Identity Implementation Guide

Microsoft Core Solutions of Microsoft SharePoint Server 2013

Getting Started with the Aloha Community Template for Salesforce Identity

Qualys SAML & Microsoft Active Directory Federation Services Integration

Salesforce External Identity Implementation Guide

Ramnish Singh IT Advisor Microsoft Corporation Session Code:

DATACENTER MANAGEMENT Goodbye ADFS, Hello Modern Authentication! Osman Akagunduz

MB Microsoft Dynamics CRM 2016 Online Deployment.

Extranet User Manager User Guide

Liferay Security Features Overview. How Liferay Approaches Security

Crash course in Azure Active Directory

Providing an Enterprise File Share and Sync Solution for

Use Microsoft EMS. to Protect your Mobile Data and Mobile Apps. Chris Nackers Nackers Consulting

20331B: Core Solutions of Microsoft SharePoint Server 2013

ArcGIS Enterprise Security: An Introduction. Gregory Ponto & Jeff Smith

Sentinet for Microsoft Azure SENTINET

How Microsoft s Enterprise Mobility Suite Provides helps with those challenges

SharePoint 2013 Web Sites

Authlogics for Azure and Office 365

Oracle WebCenter Interaction: Roadmap for BEA AquaLogic User Interaction. Ajay Gandhi Sr. Director of Product Management Enterprise 2.

Architecture and Governance with SharePoint for Internet Sites. Ashish Bahuguna Kartik Shah

NETOP PORTAL ADFS & AZURE AD INTEGRATION

April Understanding Federated Single Sign-On (SSO) Process

One of the fundamental kinds of websites that SharePoint 2010 allows

with Access Manager 51.1 What is Supported in This Release?

ShareFile Technical Presentation

Identity as the Entrée to the Microsoft Cloud

SAML-Based SSO Solution

Integration Guide. SafeNet Authentication Manager. Using SAM as an Identity Provider for SonicWALL Secure Remote Access

Load Balancing Microsoft AD FS. Deployment Guide v Copyright Loadbalancer.org

Five Reasons It s Time For Secure Single Sign-On

Novell Access Manager 3.1

Coveo Platform 7.0. Microsoft SharePoint Connector Guide

Virtual Machine Encryption Security & Compliance in the Cloud

Copyright

CIAM: Need for Identity Governance & Assurance. Yash Prakash VP of Products

User Management. Juan J. Doval DEIMOS SPACE S.L.U. NextGEOSS, September 25 th 2017

DreamFactory Security Guide

Cloud Access Manager Configuration Guide

Dell One Identity Cloud Access Manager 7.1.0

Exam Code: Exam Code: Exam Name:Managing Office 365 Identities and Requirements.

Certification Exam Guide SALESFORCE CERTIFIED IDENTITY AND ACCESS MANAGEMENT DESIGNER. Winter Salesforce.com, inc. All rights reserved.

hidglobal.com HID ActivOne USER FRIENDLY STRONG AUTHENTICATION

Tech Dive: Microsoft Azure Identity Management and Office 365

Enterprise Access Gateway Management for Exostar s IAM Platform June 2018

Securing ArcGIS Services

Udemy for Business SSO. Single Sign-On (SSO) capability for the UFB portal

TECHNOLOGY LEADER IN GLOBAL REAL-TIME TWO-FACTOR AUTHENTICATION

Configuring and Administering Microsoft SharePoint 2010

Securing SharePoint TASSCC TEC 2009 Web 2.0 Conference

Datazen. Bent On-premise mobile BI. November 28, #sqlsatparma #sqlsat462

ManageEngine ADSelfService Plus

Tracking changes in Hybrid Identity environments with both Active Directory and Azure Active Directory

VMware AirWatch Tizen Guide

The Device Has Left the Building

System Administrator s Guide Login. Updated: May 2018 Version: 2.4

Certification Exam Guide SALESFORCE CERTIFIED IDENTITY AND ACCESS MANAGEMENT DESIGNER. Summer Salesforce.com, inc. All rights reserved.

Cracking the Access Management Code for Your Business

Using Flow in your On Premise Environment. SharePoint Saturday Baltimore #SPSBMORE May 20, 2017

App Gateway Deployment Guide

ArcGIS Enterprise Administration

Configuring and Administering Microsoft SharePoint 2010

Transcription:

Extranets in SharePoint 2010 and 2013 Presented by Peter Carson President, Envision IT February 25, 2014

Peter Carson President, Envision IT SharePoint MVP Virtual Technical Specialist, Microsoft Canada peter@envisionit.com http://blog.petercarson.ca www.envisionit.com Twitter @carsonpeter VP Toronto SharePoint User Group

Peter Mackenzie VP Sales & Marketing e: pmackenzie@envisionit.com p: (905) 812-3009 x244 President, International Association of Microsoft Certified Partners (IAMCP) Canada

Product Support Corey Thokle, EUM Support Manager e: cthokle@envisionit.com p: (905) 812 3009 ext.248 http://www.linkedin.com/company/e nvision-it-inc Amanda Da Costa, Sales & Marketing Support e: adacosta@envisionit.com p: (905) 812 3009 ext.250 http://ca.linkedin.com/in/amandadac osta/

Agenda Envision IT Overview Microsoft SharePoint Extranet Scenarios Authentication Options Extranet User Manager Case Studies Wrap-Up and Q&A

Envision IT Services Overview Focused on complex SharePoint solutions, Envision IT is the go-to partner for Microsoft SharePoint, building integrated public web sites, Intranets, Extranets, and web applications that leverage your existing systems anywhere over the Internet.

Public Web Sites We create interactive, content-rich customer-facing web sites that are able to grow and transform with changing needs

Collaboration Portals Our Collaboration Portals provide a secure space for teams to share knowledge and resources

Extranets Envision IT has a wealth of experience building Corporate Extranets that allow you to securely connect with customers and partners

Intranets Our Intranet Sites connect people to information, expertise and key business applications, and SharePoint provides a broad set of Enterprise Content Management features

Products

Easy delegation of user management to business Self-registration, approvals, forgotten password reset Single URL and sign-on for AD

Pricing $8,000 per production SharePoint farm No limits on the number of web front ends 20% annual Software Assurance provides all product updates Dev and QA farm licenses provided with up to date Software Assurance

Extranet Clients

Microsoft SharePoint

Poll 1 Which Version of SharePoint are you currently using? SharePoint Server 2013 Office 365 SharePoint Server 2010 SharePoint Foundation (2010 or 2013) MOSS 2007 or WSS 3.0

SharePoint 2013 Licensing Changes The SharePoint For Internet sites (FIS) license is no longer needed for public web sites or Extranets This can save significant licensing dollars This applies to on-premise, Azure, or thirdparty hosting options

SharePoint Licensing 2010 vs 2013 2010 Intranet Extranet Internet Sites SharePoint Server + CAL Internal Users External Users* N/A SharePoint Server + CAL Or SharePoint for Internet Sites (FIS) SharePoint for Internet Sites (FIS) 2013 Intranet Extranet Internet Sites Internal SharePoint SharePoint Server + CAL Users Server + CAL SharePoint Server External N/A SharePoint Server Users* Note*: External users means users that are not either your or your affiliates employees, or your or your affiliates onsite contractors or onsite agents

Office 2013 On Premise Web Apps I have internal users who want to access Office documents via Office Web Apps, what licenses do I need to be compliant? Scenario Read Office documents via Office Web Apps Edit Office documents via Office Web Apps Internal User Free, no Office client required Requires Office 2013 Standard or Professional Plus Our company users (who are licensed for Office Client) are working with external users on projects, what licensing do those external users need to access Office documents via Office Web Apps? Scenario Read Office documents via Office Web Apps Edit Office documents via Office Web Apps External User* Free, no Office client required Free, no Office client required *External Users: defined as users that are not either your or your affiliates employees, or your or your affiliates onsite contractors or onsite agents.

Hosting Options Site Type On-Premise Office 365 Azure Third-Party Public Web Site Yes Very simple Yes Yes Extranet Yes Yes Yes Yes Combined Yes No Yes Yes Office 365 Notes Only very simple public web sites can be hosted in Office 365 Microsoft currently provides up to 10,000 external clients with Windows Live ID access to an Extranet with no additional subscription costs A combined public web site and Extranet in a single site cannot be delivered in Office 365

Public Web Sites and Extranets on SharePoint Public web sites are pure anonymous sites Extranets are sites that allow external users to authenticate to consume or contribute content securely These can be combined in a single site SharePoint is ideal for all of the above

Extranet Business Goals Reduce supply chain inefficiencies Interact with your loyal customer base Extend customer self service strategies Share business resources with partners Extend remote employee access

Extranet Scenarios Collaboration or Publishing Portal Internet Web Site Members Only Area Board of Directors Portal

Collaboration or Publishing Portal Team sites for collaboration Publishing sites for private web content publishing

Internet Web Site Members Only Area Public web site with a private members area Forms-based authentication typically used to provide a rich login experience Self-registration with approvals typically provided

Board of Directors Portal Corporate or public sector board of directors portal Small set of users that are typically already part of the internal corporate domain SSL publishing of portal externally

Poll 2 How do you use SharePoint today? Internal collaboration Internal web publishing (Intranet) Extranets Public facing website

Identity Management, Authentication, and Authorization Identity Management Process for managing the entire life cycle of digital identities, including the profiles of people, systems, and services For our purposes we are focused just on people Who creates and manages identities? The Extranet owner or the external users themselves? Are identities part of the Extranet or external to it? Authentication and Authorization Authentication is the mechanism whereby systems may securely identify their users Authentication systems provide an answers to the questions: Who is the user? Is the user really who he/she represents himself to be? Authorization is the mechanism by which a system determines what level of access a particular authenticated user should have Is user X authorized to access resource R?

Identity Options Site Owned Active Directory Corporate DMZ AD LDS SQL External Social Identities Microsoft account Google Yahoo Facebook LinkedIn Active Directory Federation Services Azure Directory Services

Active Directory versus SQL Active Directory Generally recommended that a separate AD forest is setup for the Extranet users May already exist in the DMZ to support the SharePoint farm Richer account policy control and audit capabilities SQL No additional AD is required Standard Microsoft ASPNETDB database stores the credentials Encrypted passwords

Authentication Options Windows Authentication Forms Based Authentication SAML Federation Microsoft Account

Windows Authentication Supports Classic mode sites An advanced web gateway is recommended Friendly web form is still presented Can be customized Single sign on can happen across multiple systems Gateway options Microsoft Forefront UAG and TMG are now discontinued Windows Server 2012 R2 Web Application Proxy

Forms Based Authentication Users can be stored in either SQL or AD Friendly, customizable web form for login Login with email address, even for AD users Requires a Claims mode site

SAML Federation Trusted Identity Provider does the authentication Can be any SAML compliant provider Active Directory Federation Services Thinktecture Identity Server Social identities Can be AD or SQL user repository under the hood Relying parties (such as SharePoint) trust the SAML token and provide the authorization based off that identity Provides Single Sign-On to multiple systems Can be any SAML claims compliant system, not just SharePoint

Microsoft Account Supported by default by Office 365 Up to 10,000 external users can access a SharePoint Online site for free using Microsoft accounts Can also be federated to an on premise SharePoint Extranet

Claims Limitations Claims to Windows Token Service (C2WTS) Can be mitigated through code Power Pivot SQL Server Reporting Services Excel Services PerformancePoint InfoPath Forms Services Browser based forms not supported Product is no longer part of Microsoft s form strategy

On Premise Authentication Options Windows Authentication Forms Based Authentication (FBA) Default setup requires a one-way trust. ~12 ports to open from internal to DMZ networks EUM allows an LDAP call. Three ports to open SAML Federation No open ports needed Can combine multiple options

Sample Architecture

Network Architecture

Four Categories of Users Internal Users Managed AD Users Managed SQL Users Federated Users

Site URLs Ensure that everyone is going to the same URL Don t extend the site or use AAM Having different URLs for internal and external users causes confusion, particularly with email links Breaks features such as alerts and workflow tasks SharePoint doesn t know where to link people to

/ /_layouts/15/authenticate.aspx /_login/default.aspx - Home Realm Discovery /_trust/default.aspx

/issue/wsfed /account/signin - Customized Login page /account/signin /issue/wsfed - Posts the SAML in wresult hidden field

Why Thinktecture over ADFS? Open source allows any customization Fully brandable (ADFS allows branding within very particular parameters) Login with email address instead of AD username Use SQL instead of AD as the underlying user repository Ability to incorporate the home realm discovery into the login form

/_trust/ /_layouts/15/authenticate.aspx / /Pages/Default.aspx

Office 365 Authentication Options Microsoft Account SAML Federation ADFS Thinktecture

Home Realm Discovery

Smart Links Can bypass the home realm discovery and point users directly to your login form https://login.eitdev.org/issue/wsfed?wa=wsignin1.0&wtrealm= urn:federation:microsoftonline&wctx=wa%3dwsignin1%252e0 %26rpsnv%3D3%26ct%3D1393300075%26rver%3D6%252E1%2 52E6206%252E0%26wp%3DMBI%26wreply%3Dhttps%253A%25 2F%252Fthinktecturedev%252Esharepoint%252Ecom%252F%25 5Fforms%252Fdefault%252Easpx%26lc%3D1033%26id%3D5000 46%26%26bk%3D1393300076%26LoginOptions%3D3

/issue/wsfed /account/signin - Customized Login page /account/signin /issue/wsfed - Posts the SAML in wresult hidden field

Poll 3 How do you see your users authenticating? Windows authentication Forms-based authentication SAML using ADFS or Thinktecture

Poll 4 What styles of future sessions would you like to see? Current one hour webinar Two hour webinar Full-day online hands-on workshop Full-day in-person workshop

Easy delegation of user management to business Self-registration, approvals, forgotten password reset Single URL and sign-on

Main Components Administration console Used by IT to configure EUM Used by the business to manage users and groups End User Components that the Extranet users see Login, disclaimer, change password, forgotten password Registration Allow users to self-register Support approval workflows

Case Studies

Collaboration or Publishing Portal

Internet Web Site Members Only Area

Board of Directors Portal

Pricing $8,000 per production SharePoint farm No limits on the number of web front ends 20% annual Software Assurance provides all product updates Dev and QA farm licenses provided with up to date Software Assurance

Next Steps Review technical documentation on our website Download a trial Schedule a demonstration

Poll 5 When would you like us to follow up? Right away March April

Links www.envisionit.com blog.petercarson.ca www.envisionit.com/eum www.envisionit.com/extranet Boys and Girls Clubs of Canada Microsoft Case Study http://www.bgccan.com http://www.transamerica.ca http://www.problemgambling.ca http://knowledgex.camh.net http://www.torontoeatoncentre.com Video and presentation deck will be at www.envisionit.com/events

Questions?

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback