Embed Size (px)
Citation preview
Making your Cloud Initiatives Successful
A Look into Active Directory - ADFS - Office365
S P E A K E R S
C H I P E P P SSr Director, Product Marketing
@onelogin
R O B C A P O Z Z I Solutions Engineer
@onelogin
I want to move to cloud apps, but I’ve got all this
Active Directory baggage.
My end users will find workarounds, aka Shadow IT,
if I can’t get them the online services they need.
I spend too much time integrating new apps into our
Active Directory infrastructure, especially cloud apps.
W H Y I D A A S ?
6
Security:
● 47% experienced data breaches caused by internal incidents
● Avg cost of data breach increased 15% YoY
Productivity:
● $10 per Help Desk call to address access issues
● COTS provides 40% savings over BYO
/ / / Extending Directory Services to Office 365
/ / / OneLogin for Office 365
/ / / Product Demo
/ / / Q & A
A G E N D A
Word
Powerpoint
Excel
Outlook
OneNote
Publisher
Access
Lync
OneDrive
Project
Yammer
Skype
O F F I C E 3 6 5
Exchange
Sharepoint
DynamicsCRM
Ent. Mobility
ABOUT MICROSOFT AZURE AD
● One Component of Microsoft’s Cloud
Services Platform
● Core directory behind most of Microsoft’s
cloud services
● A free Azure AD tenant is
included/required with Office 365
● OneLogin eliminates the need for
customers to interact directly with Azure
AD (we use the Graph API)
M I C R O S O F T A Z U R E A C T I V E D I R E C T O R Y
G E T T I N G F R O M A D TO O 3 6 5
● Synchronized Identity
● Federated Identity
Azure AD
R E V I E W O F I D E N T I T Y M O D E L S
SYNCHRONIZED IDENTITY
FEDERATEDIDENTITY
Same Password to Access Resources On-Premises & in the Cloud
Can Control Password Policies On-Premises
Real-Time Authentication Based on Active Directory
Desktop SSO (Integrated Windows Authentication)
Support for Multiple Forests or Mixed Directory Types
Sign-in Compliance Reporting
Restrict Access by IP Address
S Y N C H R O N I Z E D I D E N T I T Y
● One-way Sync between AD and O365
● Users have same username and password, but have to re-enter them
DirSync
Azure AD
USER ACCOUNTS
F E D E R A T E D I D E N T I T Y
● Leverages Desktop SSO (IWA)
● Users Don’t have to re-authenticate if they are on the Network
● Addresses complex directory infrastructures
● Supports more advanced compliance Reporting
DirSync
ADFS
Azure AD
AUTHENTICATION
USER ACCOUNTS
O N E L O G I N F E D E R A T E D I D E N T I T Y
● Provides powerful Active Directory integration with real-time sync, and supports Desktop SSO
● Powerful mapping engine accommodates multi-forest structures, and organizational
relationships
● Supports automated Provisioning & De-Provisioning, with entitlement mapping
● Cloud-based and highly available, with certified Data Centers (e.g. ISO 27001)
Azure ADAD Connector
USER ACCOUNTS
AUTHENTICATION
R E Q U I R E M E N T S
Microsoft OneLogin
User Management DirSync/AAD Sync
Authentication/Federation ADFS/AAD Connect
Multi-Factor Authentication MFA
Directory Services Integration FIM
Provisioning Services integration PowerShell
High Availability Infrastructure- LB, etc
Professional Services
Hardware
Hardware
Hardware
Hardware
Hardware
OneLogin for Office 365
1. No More DirSync, ADFS, FIM and Servers to Maintain
2. Enable a High Availability Service, with Minimal Work on Your Part
3. Fast Precise Provisioning of Office 365 Users & License Pairing
4. Stronger Security & Compliance
Firewall
C O M P L E T E I D E N T I T Y S O L U T I O N
ACTIVE DIRECTORY
“With OneLogin, I rolled out Office 365
to 4,000+ users across 35 offices in half
an hour.”C O L L I N H A C H W I
IT Infrastructure Manager, Disys
20
Product Demo
AD Integration
● Desktop SSO
App Setup- Office 365
● OneClick Configuration
Mapping Attributes, Groups, & Licenses
Provisioning
De-Provisioning
S E T T I N G T H E S T A G E
A D C O N N E C T O R
C L O U DA P P S
Q & A
THANK YOUC H I P E P P SSr. Director, Product Marketing
R O B C A P O Z Z I Solutions Engineer
