8/13/2019 Windows 2012 - Active Directory Federation Services

1/22

Christopher Chapman | MCT

Content PM, Microsoft Learning, PDG Planning , Microsoft

8/13/2019 Windows 2012 - Active Directory Federation Services

2/22

MVAActive Directory Federation Services

(AD FS)

8/13/2019 Windows 2012 - Active Directory Federation Services

3/22

Module Overview

AD FS Overview

AD FS Deployment Scenarios

Configuring AD FS Components

8/13/2019 Windows 2012 - Active Directory Federation Services

4/22

Lesson 1: AD FS Overview

What Is Identity Federation?

What Are the Identity Federation Scenarios?

Benefits of Deploying AD FS

8/13/2019 Windows 2012 - Active Directory Federation Services

5/22

What is Identity Federation?

An identity federation:

Identity federation is a process that enables distributedidentification, authentication, and authorization across

organizational and platform boundaries

Requires a trust relationship between two organizations or entities

Allows organizations to retain control of:

Resource access

Their own user and group accounts

8/13/2019 Windows 2012 - Active Directory Federation Services

6/22

What Are the Identity Federation Scenar

Federation for business-

to-consumer or business-to-employee in a Websingle sign-on scenario

Federation for

business-to-business (B2B)

Federation with

an organizationacross multipleWeb applicatio

8/13/2019 Windows 2012 - Active Directory Federation Services

7/22

Benefits of Deploying AD FS

AD FS provides the following benefits:

Works with Active Directory Domain Services (AD DS) or Active DirectoryLightweight Directory Services (AD LDS)

Extends AD DS to the Internet

Enables improved:

Security and control over authentication

Regulatory compliance

Interoperability with heterogeneous systems

8/13/2019 Windows 2012 - Active Directory Federation Services

8/22

Demonstration: Installing AD FS

In this demonstration, you will see how to install the A

Directory Federation Services Server Role

8/13/2019 Windows 2012 - Active Directory Federation Services

9/22

Lesson 2: AD FS Deployment Scenarios

What Is a Federation Trust?

What Are the AD FS Components?

How AD FS Provides Identity Federation in a B2B Sce

How AD FS Traffic Flows in a B2B Federation Scenario

How AD FS Provides Web Single Sign-On

Integrating AD FS and AD RMS

8/13/2019 Windows 2012 - Active Directory Federation Services

10/22

What Is a Federation Trust?

WebServer

Account PartnerOrganization

Resource PartnerOrganization

Resource

FederationServer

AccountFederationServer

AD DS

Federation Trust

8/13/2019 Windows 2012 - Active Directory Federation Services

11/22

What Are the AD FS Components?

AD FS Components:

AD FS Web Agent

Resource Federation Server Proxy

Account federation server

AD DS domain controllers

Account Federation Service Proxy

Resource Federation Server

8/13/2019 Windows 2012 - Active Directory Federation Services

12/22

How AD FS Provides Identity Federation in aScenario

Contoso Online Retaile

Account

FederationServer

AD DSAccountFederationServerProxy

AD FS-enabledWeb Server

ResourceFederationServerProxy

PERIMETERNETWORK

INTRANETFOREST

Federation Trust

8/13/2019 Windows 2012 - Active Directory Federation Services

13/22

How AD FS Traffic Flows in a Business to BusFederation Scenario

WebServer

ResourceFederationServer

Account

FederationServer

AD DS

Federation Trust

123

5

4

Contoso Online Retaile

8/13/2019 Windows 2012 - Active Directory Federation Services

14/22

Lesson 3: Configuring AD FS Componen

Federation Service Configuration Options

What Are AD FS Trust Policies?

Demonstration: Configuring the Federation Services fAccount Partner

AD FS Web Proxy Agent Configuration Options What Are AD FS Claims?

d f

8/13/2019 Windows 2012 - Active Directory Federation Services

15/22

Federation Service Configuration Option

To implement the federation service:

Create and configure applications

Create a trust policy for both the resource and account partners

Create organizational claims

Create account stores

8/13/2019 Windows 2012 - Active Directory Federation Services

16/22

D i AD FS I i i l C fi i

8/13/2019 Windows 2012 - Active Directory Federation Services

17/22

Demonstration: AD FS Initial Configurati

In this demonstration, you will see how run the AD FS

Management Snap-In and run through the initial consteps.

8/13/2019 Windows 2012 - Active Directory Federation Services

18/22

What Are AD FS Claims?

8/13/2019 Windows 2012 - Active Directory Federation Services

19/22

What Are AD FS Claims?

Claim Type Description

Identity

UPN: indicates a Kerberos version 5 protocol-style userprincipal name (UPN), for example: user@realm

E-mail: indicates Request for Comments (RFC) 2822stylemail names of the form user@domain

Common name: indicates an arbitrary string that is used personalization

Group Indicates membership in a group or role

Custom Indicates a claim that contains custom information about

user, for example, an employee ID number

M d l R i d T k

8/13/2019 Windows 2012 - Active Directory Federation Services

20/22

Module Review and Takeaways

Review Questions

Summary of AD FS

8/13/2019 Windows 2012 - Active Directory Federation Services

21/22

Thanks for Watching

8/13/2019 Windows 2012 - Active Directory Federation Services

22/22

2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, Office, Azure, System Center, Dynamics and other produc t names are or may be registered trade

U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this pre

must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of

the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.