SPC14 – Day 4 – Simple Identity management solutions for Office365

So, this really is a session for me: Simple 🙂

Office365 Identity Management contains a couple of components. One of these components is the Windows Azure Active Directory. Users from the internal directory are provisioned to the Windows Azure AD, in order to login, share user properties, et cetera. If the enterprise has an existing AD. If not, you can use the Windows Azure AD.

If hou do have an internal AD, you can synch your internal accounts with Windows Azure AD using DirSync (or Forefront IM). Because of Active Directory Federated Services, you get a federated sign-in (aka single sign-in). No need to sign-in multiple times. In order to enable this with third party federation providers you can use WS-Federation, WS-Trust (which are standard) or SAML 2.0.

During this session, Microsoft announced DirSync LDAP v3. This is used to enable the provisioning of users to Windows Azure AD. This new version will be previewed in mid-2014. Also announced: the Office desktop browser authentication upgrades. This enables the Office applications to use tokens for authentication. In fact: the Office apps Will no have the same authentication functionality as the browser based clients.

A video was shown signing into Outlook using a sign-in form to Azure Active Directory and two-factor authentication.

Support levels by Microsoft

Basically Microsoft has two types of support. The identity provider can be in the “Works with Office365” program, or not. If not, then the support from Microsoft will be a bit less. Microsoft does not support the Shibboleth (SAML 1.1) open source providers.

Two-factor authentication for Office365

• Phone App
• Phone call
• Text message

This is very cool. You can configure how you want to authenticate. For example “call my office phone” or “use the mobile app”. For using two-factors with Office applications, you can have Office365 generate “app passwords”. These passwords are random and contain 16 characters. The password is copied into the Office app (so you don’t have the remember the password).

Licensing

Ok, here we go again….. Two (or multi) factor authentication is included in the Office365 SKU. Next to these Microsoft offers multi-factor authentication for Azure Administrators (secures the Azure resources for admins) and Windows Azure Mutli-factor Authentication (includes more complex options, including hybrid). The amount of options is enormous. Please see the Microsoft site for more information.