Beruflich Dokumente
Kultur Dokumente
Many organizations have begun their push to the cloud with a handful of
applications. Microsofts Office 365 offering is the driving force for many,
but getting to the point where Office 365 is seamlessly integrated and
ready for use is not a small project.
Ask yourself and/or your vendors the questions below, and understand
the impact on your organization. By doing so, youll be in a good position
to choose the best way for your organization to integrate Office 365 with
Active Directory and enable secure single sign-on across web, Outlook
and mobile mail clients.
onelogin
onelogin.com
PART 1
As you may know, the service level agreements (SLAs) that cloud hosted
onelogin
onelogin.com
services like Office 365 offer are a moot point if the AD FS infrastructure
that brokers logins to these applications and services isnt running at the
same service level (or higher).
Highly available AD FS is primarily predicated on load balancing multiple
sets of servers. For organizations with advanced requirements, SQL
Server or a SQL Server cluster may be required to take advantage of
advanced AD FS features like token replay detection and SAML artifact
resolution. When AD FS is deployed in geographically dispersed data
centers, then a global traffic management solution will be needed to
manage requests across data centers.
onelogin
onelogin.com
(as of the time of this writing $6 per user per month) and includes all of
the premium features for each user. The premium feature set of Azure
Active Directory is focused around branding and customization, groupbased access control, self-service password management, multi-factor
authentication, and advanced reporting.
For a more detailed explanation of the Microsoft solution set, please refer
to Choosing the Right Directory Integration Framework for Your Cloud
Application Portfolio, written by Brian Desmond (a Microsoft MVP for
Directory Services ten times over, author of Active Directory 5th edition,
published by OReilly Media, and a world-renowned expert in Microsofts
SSO solutions).
PART 2
onelogin
onelogin.com
onelogin
onelogin.com
the identity provider and out to cloud apps like Office 365. Beyond that,
will you need to install a separate tool to enable Desktop SSO (integrated
windows authentication)? Will you still need to use additional tools like
DirSync to enable synchronization with Active Directory? Will you need
to install and run PowerShell? Will you need to setup or configure any
other services outside of the vendors solution to make it work with
Office 365?
onelogin
onelogin.com
6. How easy is it to define a logical structure for Office 365 access that doesnt correlate exactly with
Active Directory Groups?
Will you ever need to manage Office 365 access outside of your onpremises Active Directory model? Today, many businesses are hiring
temporary workers and external consultants. For example, lets say you
have an external graphic designer. If he was an internal employee he
would belong to the marketing group in Active Directory. However,
you only want the contractor to have access to a subset of the internal
marketing teams applications, including Office 365. Furthermore, you
want to impose stricter security policies for outside consultants then
you would for regular employees. Rather than having to modify Active
Directory and create a whole new permission structure that supports this
requirement, you might find it helpful to be able to do this in the identity
management solution-- outside of AD.
onelogin
onelogin.com
onelogin
onelogin.com
onelogin
onelogin.com
ABOUT ONELOGIN
OneLogin is the innovator in enterprise identity management and
provides the industrys fastest, easiest and most secure solution for
managing internal and external users across all devices and applications.
Considered a Major Player in IAM by IDC, and Ranked #1 in Network
World Magazines review of SSO tools, OneLogins cloud identity
management platform provides secure single sign-on, multi-factor
authentication, integration with common directory infrastructures such
as Active Directory and LDAP, user provisioning and more. OneLogin
is SAML-enabled and pre-integrated with more than 3,600 applications
commonly used by todays enterprises.
onelogin
onelogin.com
onelogin
onelogin.com