Microsoft Office Tutorials and References
In Depth Information
Single sign-on requirements
and the corporate network. This is known as a tunnel within the public network. Because it
is encrypted, the communication is deemed secure.
In this scenario, a user presents his logon credentials during the VPN session initialization.
The credentials are passed to the corporate network. After authenticated, the user
possesses a claims token, as in Scenario 2. At this point, if the user opens his email or accesses
the corporate intranet that is hosted in Office 365, the situation will be the same as it is for
the worker in Scenario 2. That is, the user will not be prompted for his logon credentials
again.
Scenario 4: Remote worker is not logged on to the corporate network
In this scenario, a remote worker has access to the Internet through a non-corporate
network, such as her home office or the public Internet provided by a hotel. She can choose
to log on through VPN, but for the sake of discussion let us assume this user does not do
so because she does not need to access any corporate resources on the corporate network.
Instead, she only wants to read email or access the corporate intranet that is hosted in
Office 365. So she opens a browser and enters the uniform resource locator (URL) of the
corporate intranet. Because she is not authenticated by AD, either locally or through VPN,
she does not possess a valid token.
Office 365 presents the user with the Office 365 logon window, as shown in Figure 3-1.
The user attempts to log on using her User Principal Name (UPN) user name. Office 365
recognizes that the user is trying to log on with a UPN suffix belonging to a domain that
is federated and thus redirects the user to the AD FS server, as shown in Figure 3-13. The
federation server presents a logon window to obtain the user’s credentials. The user
successfully enters her credentials and is issued a valid claim token. She then is redirected back
to Office 365, where she is now granted access to Office 365 services.
In light of the different scenarios, it is a good idea to have a communication plan so you
can communicate to your users what they will see when AD FS and SSO are in place.
Single sign-on requirements
The minimum requirements for setting up SSO with AD FS for Office 365 are divided into
AD requirements and AD FS server requirements.
The server requirements to install the AD FS role are straightforward:
AD FS must be installed on a server that is joined to a domain and running either
Windows Server 2008 or Windows Server 2008 R2.
AD FS 2.0 or above must be installed on a domain controller (DC).
Search JabSto ::




Custom Search