View
2
Download
0
Category
Preview:
Citation preview
(#)SharePoint Fest Denver 2017
Extranets in SharePoint and Office 365May 31, 2017
SharePoint Fest Denver
(#)SharePoint Fest Denver 2017
Introductions
(#)SharePoint Fest Denver 2017
Peter Carson
• President, Envision IT
• SharePoint MVP
• Partner Seller, Microsoft Canada
• peter.carson@extranetusermanager.com
• http://blog.petercarson.ca
• www.envisionit.com
• Twitter @carsonpeter
• VP Toronto SharePoint User Group
(#)SharePoint Fest Denver 2017
Logan Guest
Sales
• e: logan.guest@extranetusermanager.com
• p: (647) 265-8256
(#)SharePoint Fest Denver 201717
Envision IT built custom Extranet solution
• Built the Sick Kids Hospital Extranet as a
custom built solution
• 2008 Cdn Channel Elite Awards Winner
Clients
• Envision IT Wins Two Impact Awards
with One Solution for Custom
Development and Security
• Canadian Information Security Awards
Runner Up
• CAMH Problem Gambling site
• Citi Bank
• Cadillac Fairview web sites for 30
retails properties across Canada, with
tenant Extranet access to post store
promotions and job openings
Boys and Girls Clubs of Canada
Members Portal
• 2011 Impact Award for
Community Leadership for BGCC
Productization of code
base begins
• PHO - Public Health Ontario
• 2012 Impact Finalist - IAMCP
Canada Partnership Award
• AEGON Canada ULC
• 2011 Impact Finalist - IAMCP
Canada Partnership Award Category
• Flynn Canada Ltd.
• Stikeman Elliott
• Redland City Council
• Heart & Stroke Foundation
• YMCA of GTA
• OPG
Extranet User Manager (EUM)
Installer created
• 10 Clients
Renewed focus on EUM
sales and marketing
• 11 Clients
13 Clients
15 Clients
LAUNCHED new ‘Extranet User
Manager’ brand
• Office 365 support
• First client was Ontario Association for
Children’s Aid Societies
• Metalogix Best Implementation of a
Governance or Security Solution for
SharePoint
• IAMCP Apps Development Partner for Canada
• CDN Channel Elite Awards Bronze Winner for
Best Cloud Computing Solution
• 7 licenses
8 licenses YTD
• 74 Clients
2008
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
-
(#)SharePoint Fest Denver 2017
Customers around the Globe
21
Global Customer Base
(#)SharePoint Fest Denver 20177
Agenda
Introduction to Extranets
On Premise SharePoint Extranets
Office 365 SharePoint Extranets
Hybrid Scenarios
Wrap-Up and Q&A
(#)SharePoint Fest Denver 2017
Introduction to Extranets
(#)SharePoint Fest Denver 20172
Do you have “Version Out-of-Control”
Email document sharing
Group of internal and external users sharing a set
of documents, making edits, no “Single version of
the truth”
Your Inbox is NOT a document management
system
Share through Office 365
• Works for small groups
• How do we manage larger groups? Governance,
permissions management
Shadow IT
• Box, DropBox, Slack
• No control over corporate resources
Collaboration wasn’t meant to be this hard.
• Technology can facilitate human interaction and
document sharing
(#)SharePoint Fest Denver 20174
Secure Publishing
Protects Your Business
• Portals for customers, partners, donors, etc.
• Pushing content out to a broader audience,
but still securing it
• Often involves LOB integration as well
• Order history, CRM, etc.
• Self-registration, onboarding, delegation of
external user management
(#)SharePoint Fest Denver 2017
What is an Extranet
• An Extranet is a web site that is accessible to
users outside of the corporate network,
which allows organizations to share
information and collaborate with their
customers, partners, and/or vendors in a
secure and easy-to-use environment
• It may be delivered in a number of ways
• As an extension of the public web site
• As a secure portion of the corporate
Intranet
• As a standalone Extranet
5
(#)SharePoint Fest Denver 20176
• Make it easy for IT to delegate management
of external users to the business, or even to
the external organizations themselves
• Simplicity for on boarding of new external
users, including self-registration
• Business become owners of groups, and
manage the membership themselves
• IT can still control permissions
Extranets Done Right!
(#)SharePoint Fest Denver 20177
Scenario #1
(#)SharePoint Fest Denver 20178
Scenario #1
(#)SharePoint Fest Denver 20179
Scenario #1
(#)SharePoint Fest Denver 201710
Scenario #2
Third Party
(#)SharePoint Fest Denver 201711
Scenario #2
Third Party
(#)SharePoint Fest Denver 201712
Scenario #2
Third Party
(#)SharePoint Fest Denver 201719
Examples of Extranet Users
• Members
• Customers
• Vendors
• Suppliers
• Volunteers
• Board of Directors
• Citizens
• Researchers
• Tenants
• Partners
(#)SharePoint Fest Denver 2017
Considerations
• Who is coming into the Extranet?
• Does everyone see the same information?
• Is there a member database to interface with?
• Is it invitation only, or can people self-register
• Who approves new registrations?
• Is it just the Extranet they will be accessing, or are there other systems?
(#)SharePoint Fest Denver 2017
Microsoft’s collaboration platform that provides portals, document management, web content management, and much more
Microsoft’s cloud hosted versions of Exchange(email), Lync (instant messaging), and SharePoint
Microsoft’s infrastructure and platform hosted services
Envision IT’s tool for managing users outside your organization
Technologies
(#)SharePoint Fest Denver 2017
On Premise
SharePoint Extranets
(#)SharePoint Fest Denver 201723
SharePoint On Premise Authentication Options
Windows Authentication
Active Directory
Windows ClaimsOr
Classic Mode
.NET Providers
Forms-Based Authentication
AD SQL
Claims
Relying Party
Federated Identity
Trusted Identity Provider
AD User Store
Claims
Windows Authentication
Active Directory
Windows ClaimsOr
Classic Mode
Azure Application Proxy
Azure AD B2B
(#)SharePoint Fest Denver 2017
Extranet Scenarios
• Create AD accounts for External Users
• Forms Based Authentication (FBA)
• Federation
(#)SharePoint Fest Denver 2017
Create AD Accounts
• Not ideal from a security perspective
• How do you get users their passwords?
• Forgotten passwords?
• Friendly login
• Anonymous landing page
• Reverse proxy appliance
• Windows Server Web Application Proxy
(#)SharePoint Fest Denver 2017
Forms Based Authentication (FBA)
• Configuration of FBA is complex
• Can break with farm changes
• Still need to deal with creating accounts, communicating passwords, forgotten password, etc.
(#)SharePoint Fest Denver 2017
Federation
• Low touch installation – doesn’t install on the SharePoint farm
• AD FS can be used for this – can be branded and customized to a certain degree
• Social identity federation like Facebook, Google, etc.
• Use your own Identity Provider, or a third party product like Extranet User Manager
(#)SharePoint Fest Denver 2017
Boys and Girls Clubs of Canada
Mission:To provide a safe, supportive place where children and youth can experience new opportunities, overcome barriers, build positive relationships and develop confidence and skills for life.
(#)SharePoint Fest Denver 2017
Boys and Girls Clubs of Canada
• 104 clubs across the country
• Serving 200,000 children and youth
• Over 700 service locations
• Federated model of governance, not franchise
• Grass roots – response to local needs is key
• Public web site and members Extranet
• Thousands of staff and volunteers
• www.bgccan.com
(#)SharePoint Fest Denver 2017
Business Objectives
• Increase public awareness
• Increase donations
• Leverage investment in MS Dynamics CRM
• Increase engagement of staff and volunteers
• Integrated portal for the “business” of the association
• One CMS for all levels of service – public, members, staff, volunteers, supporters
(#)SharePoint Fest Denver 2017
Office 365
SharePoint Extranets
(#)SharePoint Fest Denver 201732
Office 365 Authentication Options
Windows Azure Active Directory
No Integration
Cloud Identity
Windows Azure Active Directory
Integration with no federation
Directory and Password Synchronization
DirSync and Password Sync
On Premise Identity
Windows Azure Active Directory
Single federated identity and credentials
Federated Identity
On Premise Identity
Federation User Sync
Windows Azure Active Directory
Federated Azure AD
Azure AD B2B
(#)SharePoint Fest Denver 2017
Azure AD B2B• Simple
• Partners are invited into your Azure AD
• Each partner user uses an existing Azure AD account or one that is easily created during invitation acceptance
• Permissions can be managed through Azure AD groups
• Secure
• All access is controlled through your Azure AD directory
• Partner users can be removed from your Azure AD and their access is immediately revoked
• When the partner user leaves the partner organization, access is lost automatically
• Seamless
• Partner companies who need access do not need to have Azure AD
• Azure AD B2B collaboration provides a simple user sign-up experience for these partners
(#)SharePoint Fest Denver 2017
Azure AD B2B and Office 365
• Partner users can be granted access to any part of your SharePoint Online
• Considered external users by Microsoft
• No Office 365 subscription is required for the partner users
• Permissions in SharePoint Online can be applied to Azure AD groups
• Site owners can manage the Azure AD group membership through EUM
(#)SharePoint Fest Denver 2017
B2B Experiences
User Type Experience
Existing Office 365 or Azure AD user Logs in with their Azure AD credentials to accept the invitation
Business email not in Azure AD Azure AD tenant is created behind the scenesUser creates a passwordCan provide their name and countryAzure AD manages the password reset requirementsTenant can be converted to a fully managed Azure AD tenant later
Consumer email (Gmail, Hotmail, etc.) Account is converted to a Microsoft account in the background
(#)SharePoint Fest Denver 2017
Azure B2B Current Limitations
• Delegation of user management is supported, but it is all or nothing• No way to restrict access to users in a group
• Managed through the Azure portal• Can be overwhelming for business users
• No self-registration or approval process
• No integration to other line of business systems • Profile management, CRM integration, account verification
• No integration to on premises AD• This can be used with Azure Application Proxy to provide access to on premise systems
through B2B single sign on
(#)SharePoint Fest Denver 2017
Customer Case Study: Associated Engineering now has
Peace-of-Mind Regulatory Compliance
24
The Problem:
A 70 year old company with over 1000 staff in 21
offices across Canada, was on the path to build an
expensive high-availability on premises data farm
to meet data governance regulations. They were
being mandated to provide shared online
workspace and contractually obligated to ensure
the site is always up otherwise result in financial
penalties could be levied.
www….......
(#)SharePoint Fest Denver 2017
Customer Case Study: Associated Engineering now has Peace-of-Mind Regulatory Compliance
25
Solution:
With Microsoft Canadian data centres in place, AE
moved their infrastructure to the cloud using
Office 365 and SharePoint Online, saving
significant capital expenditure while meeting
governance regulations.
Ability to invite and manage numerous external
parties to access project sites leveraging Extranet
User Manager
150 people across 15 unique organizations with a
stable online shared workspace for the next 7
years – the life of just one strategic project.
(#)SharePoint Fest Denver 2017
Ontario Association of Children’s Aids Societies• Since 1912, Ontario Association of Children’s Aid Societies (OACAS) has represented Children’s Aid
Societies in Ontario
• Provides service for government relations, communications, information management, education and training
• Advocates for the protection and well-being of children
• Voice of child welfare in Ontario
(#)SharePoint Fest Denver 2017
The Challenge
• Current site users experienced challenges locating suitable content
• No search engine functionality
• Ever-growing archive of documents
• Maintaining an on premises SharePoint portal was complex and expensive
• Static web sites lack the dynamic functionality and features OACAS was looking for
(#)SharePoint Fest Denver 2017
The Solution
(#)SharePoint Fest Denver 2017
The Solution
• Self-service registration
• Approvals managed by the OACAS
• Everything is hosted in the cloud with minimal IT requirements
• Single Sign On to Desire to Learn (D2L)
• Dynamic pages now automatically displaying “tagged” content
• Content authors can now simply upload content and “tag” it to appear within a desired section of the site
• Site navigation and search make it much easier to find information
(#)SharePoint Fest Denver 2017
Hybrid Scenarios
(#)SharePoint Fest Denver 2017
Azure AD B2B and Application Proxy
• Invite your external users in through Azure AD B2B
• Create a “shadow” account in on premises AD
• Link the two accounts
• Publish on premise applications through the Azure Application Proxy
• Users authenticate through B2B, but appear like local Windows users to the published applications
(#)SharePoint Fest Denver 2017
Customer Case Study: OntarioMD goes to the cloud with Extranet User Manager
22
The Problem:
OntarioMD supports over 13,000 physicians with
the adoption and usage of EMRs. Their on
premise infrastructure was becoming increasingly
expensive to maintain and even more expensive to
expand as they broaden their membership in the
portal. They required improved features and
usability at a lower operating cost.
(#)SharePoint Fest Denver 201723
Solution:
Leveraging OntarioMD’s Microsoft online
productivity suite, Envision IT extended their public
web site and extranet portal allowing them to
publish directly to the cloud.
Azure Web Sites were 80% less expensive than all
other solutions.
Simplifies the ongoing management and provides
a highly available public site at a fraction of the
cost.
Customer Case Study: OntarioMD goes to the cloud with Extranet User Manager
www.ontariomd.ca
(#)SharePoint Fest Denver 201747
(#)SharePoint Fest Denver 201748
(#)SharePoint Fest Denver 2017
Wrap Up and Q&A
(#)SharePoint Fest Denver 2017
Upcoming Events
• SPT 204 - Running Effective Projects in Office 365
• Thursday 2:10 – 3:20 PM
• Webinar: Running Effective Projects in Office 365 - The Associated Engineering Story
• Wednesday, June 21 1:00 PM - 2:00 PM EDT
www.extranetusermanager.com/events
Recommended