ADFS v 3.0 (2012 R2) Migration to ADFS 4.0 (2016) – Part 3 – Azure MFA Integration

24th of January, 2017 / / No Comments

In Part 1 and Part 2 of this series we have covered the migration from ADFS v3 to ADFS 2016. In this series we will continue our venture in configuring Azure MFA in ADFS 2016.
Azure MFA – What is it about?
It is a bit confusing when we mention that we need to enable Azure MFA on ADFS. Technically, this method is actually integrating Azure MFA with ADFS. MFA itself is authenticating on Azure AD, however, ADFS is prompting you enter an MFA code which will be verified with the Azure AD to sign you in.… [Keep reading] “ADFS v 3.0 (2012 R2) Migration to ADFS 4.0 (2016) – Part 3 – Azure MFA Integration”

ADFS v 3.0 (2012 R2) Migration to ADFS 4.0 (2016) – Part 2

23rd of January, 2017 / / 17 Comments

In Part 1 of this series we have been getting ready for our ADFS v3.0 migration to ADFS v4.0 (ADFS 2016).
In part 2 we will cover the migration process, step-by-step. However, a friendly reminder that this series does not cover installation of ADFS and federation from scratch. This post assumes you already have a federated domain and Single Sign On (SSO) for your applications.

You may notice domain change and federation service name change from swayit.com.au

[Keep reading] “ADFS v 3.0 (2012 R2) Migration to ADFS 4.0 (2016) – Part 2”

ADFS v 3.0 (2012 R2) Migration to ADFS 4.0 (2016) – Part 1

20th of January, 2017 / / 2 Comments

Introduction
With the release of Windows Server 2016, Microsoft has introduced new and improved features. One of those features is ADFS 4.0, better known as ADFS 2016.
Organisations have already started leveraging ADFS 2016 as it covers most of their requirement, specially in terms of security.
In this series of blog posts, I will demonstrate how you can upgrade from ADFS v 3.0 (Running Windows Server 2012 R2) to ADFS 2016 (Running Windows Server 2016 Datacenter).… [Keep reading] “ADFS v 3.0 (2012 R2) Migration to ADFS 4.0 (2016) – Part 1”

Azure AD Connect pass-through authentication. Yes, no more AD FS required.

8th of December, 2016 / / 18 Comments

Originally posted on Lucian.Blog. Follow Lucian on Twitter: @LucianFrango.

***

Yesterday I received a notification email from Alex Simons (Director of PM, Microsoft Identity Division) which started like this:

Todays news might well be our biggest news of the year. Azure AD Pass-Through Authentication and Seamless Single Sign-on are now both in public preview!

So I thought I’d put together a streamlined overview of what this means for authentication with regards to the Microsoft Cloud and my thoughts on if I’d use it.… [Keep reading] “Azure AD Connect pass-through authentication. Yes, no more AD FS required.”

Auto-Acceleration for SharePoint Online

22nd of November, 2016 / / No Comments

Working with one of my colleagues recently, we were tasked with implementing Smart Links to speed up the login processes for a client’s SharePoint Online implementation.
The client was working towards replacing their on-premises implementation of SharePoint and OpenSpaces with SharePoint Online. The issue they faced was that when when a user tries to access a SharePoint Online site collection and is not already authenticated with Office 365, the user will be directed to the default Microsoft Online login page.… [Keep reading] “Auto-Acceleration for SharePoint Online”

Automate Secondary ADFS Node Installation and Configuration

1st of November, 2016 / / No Comments

Originally posted on Nivlesh’s blog @ nivleshc.wordpress.com

Introduction

Additional nodes in an ADFS farm are required to provide redundancy incase your primary ADFS node goes offline. This ensures your ADFS service is still up and servicing all incoming requests. Additional nodes also help in load balancing the incoming traffic, which provides a better user experience in cases of high authentication traffic.

Overview

Once an ADFS farm has been created, adding additional nodes is quite simple and mostly relies on the same concepts for creating the ADFS farm.… [Keep reading] “Automate Secondary ADFS Node Installation and Configuration”

Automate ADFS Farm Installation and Configuration

27th of September, 2016 / / No Comments

Originally posted on Nivlesh’s blog @ nivleshc.wordpress.com

Introduction

In this multi-part blog, I will be showing how to automatically install and configure a new ADFS Farm. We will accomplish this using Azure Resource Manager templates, Desired State Configuration scripts and Custom Script Extensions.

Overview

We will use Azure Resource Manager to create a virtual machine that will become our first ADFS Server. We will then use a desired state configuration script to join the virtual machine to our Active Directory domain and to install the ADFS role.… [Keep reading] “Automate ADFS Farm Installation and Configuration”

Connecting to and Using the Azure MFA Web Service SDK Server SOAP API with Powershell

16th of August, 2016 / / 10 Comments

Background

A colleague and I are validating a number of scenarios for a customer who is looking to deploy Azure MFA Server. One of the requirements from an Identity Management perspective is the ability to interact with the MFA Server for user information. That led us on the exploration of what was possible and how best to approach it.

The title of this post has pretty much given it away as to how. But why ?… [Keep reading] “Connecting to and Using the Azure MFA Web Service SDK Server SOAP API with Powershell”

Debugging an Office 365 ADFS/SSO issue when accessing Office Store in browser

1st of August, 2016 / / 2 Comments

We recently came across an issue with a customer where they had configured a standard SSO experience with Office 365 using ADFS and it was working perfectly except for a specific use case.   When a user accesses the office store via the Office 365 portal (e.g. portal.office.com/store) they got into an endless SSO login loop.  Specfically, they would see the following:

  1. Connection to Portal.Office.com
  2. Redirection to login.microsoftonline.com
  3. Redirection to adfs.customerdomain.com (automatically signed in because of WIA SSO)
  4. Redirection to login.microsftonline.com
[Keep reading] “Debugging an Office 365 ADFS/SSO issue when accessing Office Store in browser”

Modern Authentication and MAPI-HTTP

27th of July, 2016 / / No Comments

If you haven’t heard, Modern Authentication (aka ADAL), has now officially gone GA (https://blogs.office.com/2015/11/19/updated-office-365-modern-authentication-public-preview/) – which means that if you are utilising Office 365 services, particularly Exchange Online, and Office 2013/2016 as your client, you should really be looking at enabling this functionality for your end users.

For those unfamiliar with Modern Auth, there are numerous benefits, but one of the most obvious for end users is it removes the need for the use of ‘save my credentials’ when signing into Exchange Online and provides a true SSO experience when combined with ADFS Federation.… [Keep reading] “Modern Authentication and MAPI-HTTP”