ADFS – Page 6 – Kloud Blog

Office 365: To Federate or Not to Federate… that is the Question

5th of June, 2013 / Michael Pearn / 8 Comments

Yesterday, Microsoft released a new version of their ‘DirSync’ utility (http://technet.microsoft.com/en-us/library/dn246918.aspx) which up until yesterday provided a basic ‘copy’ of your local Active Directory accounts (Active Directory Domain Service or ‘AD DS’) from your premises to the MS Cloud directory (referred to as ‘Azure Active Directory’) for Office 365 (and other Cloud apps such as Team Foundation Service (TFS Online).

This blog is written for those considering moving to Office 365 (or have moved to Office 365) but haven’t identified any other application in the organisation apart from Office 365 that requires Active Directory Federation Services and SAML/WS.Federation… [Keep reading] “Office 365: To Federate or Not to Federate… that is the Question”

Azure AD and the Progression of Microsoft Identity and Access Management

16th of April, 2013 / Michael Pearn / 1 Comment

Defining Microsoft IDAM

The words ‘Identity and Access Management’ (IDAM) mean different things to different people – and a lot of confusion still reigns about what this area represents to an IT department. However, it’s generally agreed that a good corporate IDAM policy can drive down cost, increase security and provide significant user experience benefits to approved applications as they are introduced to an IT environment.

These improvements can broadly be categorised into the following areas:

• Single Sign On (usually abbreviated to ‘SSO’) – a user provides a single factor (99% of the time a password) and gets access to not just one application but a suite of applications after authenticating once without being prompted again for credentials.… [Keep reading] “Azure AD and the Progression of Microsoft Identity and Access Management”

Office 365 Smart Links

12th of October, 2012 / David Ross / 8 Comments

So you’re using Federated Identities with SharePoint Online…

You may have noticed that every 1-2 days you have to re-authenticate to SharePoint Online. This is the result of an Office 365 security feature that defines a 10 hour SharePoint cookie expiration. This authentication behavior is different to BPOS SharePoint Online, where users would be prompted to authenticate one time only. If you have come from BPOS, this change in SharePoint authentication behavior is probably undesirable. If you were excited about a transparent ‘single sign-on’ experience with AD FS 2.0 and Office 365, you might even be a little disappointed.… [Keep reading] “Office 365 Smart Links”

Office 365 – AD FS 2.0 with multiple domains and subdomains

26th of August, 2012 / David Ross / 11 Comments

AD FS 2.0 Update Rollup 1 allows a single ADFS farm to support multiple top level domains for Office 365 federated authentication. Unfortunately, the default claim rules generated with RU1 do not support multiple top levels domains with subdomains.

“If however, you have multiple top level domains (@contoso.com and @fabrikam.com) and these domains also have sub domains (@sales.contoso.com and @sales.fabrikam.com) the “SupportMultipleDomain” switch will not work for the sub domains and these users will not be able to login.”

… [Keep reading]