I've encountered various information on the topic of Azure and SSO and am trying to find out what I'd need for my specific scenario:
I deploy SQL Server and SSRS 2016 on an Azure VM (native mode)
I also have O365 including SharePoint Online
I need users to be able to transition seamlessly between SharePoint Online and other O365 apps and the SSRS reports.
SSO with on-premise AD is a plus but not necessary. What is the bare minimum that I'd need for the scenario above?
Azure AD
Azure AD with Seamless Single Sign-On enabled (requires rolling out
Microsoft Workplace Join to client computers)
Azure AD + ADFS
Related
Using the ADFS activity report to migrate our applications to AAD. Everything shows as Ready.
But how do you import the ADFS configuration into a new enterprise application?
Or do you need to create everything from scratch?
You can find the image below for your reference, it shows the ‘Dropbox’ application as ready for migration from ADFS to Azure AD: -
Dropbox
• You don’t need to import ADFS configuration into a new Enterprise application for ‘Dropbox’ as its application federation configuration is already imported and made available for Azure AD users for smooth SSO authentication purposes in Enterprise application gallery. The image as posted by you regarding Dropbox application import into Azure from ADFS confirms that Dropbox is available for migration in Azure AD and its relative setup is a matter of few clicks and configurations.
• Also, the message in the image posted by you is only displayed for those applications that are readily available in Azure AD Enterprise applications and not legacy applications (applications that are not SaaS apps and need to be setup manually in Azure AD enterprise applications as a non-gallery app). When ADFS Health Connect communicates with Azure AD and syncs the relying party trust information from ADFS on-premises server, Azure AD compares it with the ready, available and Integrated SaaS applications in its gallery to be provisioned in the respective Azure AD tenant through the ‘create’ option. Similarly, when you do this provision/create ‘Dropbox’ SaaS application from Enterprise application gallery, it detects automatically through the ADFS Health Connect activity report that ‘Dropbox’ is configured as a federated RPT in the synced on-premises ADFS server and asks the user to migrate it to Azure AD.
For more detailed information on migrating Dropbox application from ADFS to Azure AD, please refer to the link below which discusses setting up of SSO authentication through SAML in Azure AD.
https://www.youtube.com/watch?v=OThlTA239lU
We're in the process of upgrading our TFS 2010 instance to Azure DevOps Services, using the recommended upgrade path of [TFS 2010 => TFS 2013.5 => TFS 2019 => Azure DevOps Services] using the Data Migration Tool.
There is however a major concern within the organisation regarding the requirement to sync our On-Premises Active Directory with Azure Active Directory and this is mainly due to security reasons.
What I'd therefore like to understand are the following:
Having synchronized the On-Prem AD with Azure AD during the high-fidelity migration using the Data Migration Tool, how will future changes to our On-Prem AD be synched across to Azure AD and will it be an automated process?
Will Azure AD maintain persistent connectivity with our On-Prem Active Directory for as long as the organisation leverages Azure DevOps Services?
Is it possible to implement Azure DevOps Services using only an On-Prem AD for authentication and sign-on, in other words without the need to sync to Azure AD? And just for clarity, I'm not considering Azure DevOps Server on-prem as an option.
I’m currently testing the Microsoft Azure and SharePoint 2013 ability.
In our office, we have an Office 365 account, and I have created a Azure 30-days trial subscription. I have connected those two, so our Office 365 users are visible in Azure AD.
We need to install a virtual server with SharePoint installed on it, with access to a SQL server in Azure as well.
Is it possible to use the Azure AD as authentication for SharePoint users?
If possible, we would like to avoid installing an On-premises AD in Azure. We simply need the authentication for our SharePoint users, so we can keep everything in the cloud, without Site to site VPN to our in house AD.
I am aware, that the virtual machine in Azure with Sharepoint on it, will run in a Workgroup, but I have a hard time figuring out, how I can access the Azure AD to lookup users. I don’t know if this is possible.
Best regards
Christian
I have a new Office 365 Small Business subscription and am wondering how best to synchronize contacts with a custom in-house database application.
I have found material explaining how to access the underlying technology, Azure Active Directory with the a library called the Azure Active Directory Graph Client Library.
However, to my knowledge I don't have an Azure Management Portal for the Azure technologies underlying Office 365, and that's where I would normally register my application for API access according to those tutorials.
So, if I want to access the Azure Active Directory in my Office365 account with the Azure Active Directory Graph Client Library, where do I register the application, get my key - and to which host do I connect to?
Office 365 uses Azure Active Directory as identity management, so it is already there. To access Windows Azure portal for your existing Office 365 subscriptions all you need is to activate a free Windows Azure subscription on your existing account .
This blog Using your Office 365 Azure AD tenant with application access enhancements for Windows Azure AD gives a very detailed steps on how to do it.
we have a vm in azure with AD + a SharePoint 2013 that joined that domain.
We have also an Office 365 account with a domain. This domain is added to the Active Directory in Azure.
Now we can see all of our 30 office 365 users in Azure.
Now we need to sync this office 365 users to the VM in azure that runs the AD.
We need a single sign on solution that our office 365 users can log on with there office 365 credentials to the SharePoint 2013 Server.
Is this possible? When Yes, how?
Regards!
You can accomplish this using the Directory Integration feature of Windows Azure AD. From the Azure Portal, enable Directory Integration for your directory and then download the Directory Sync tool. This will enable you to sync between your Azure AD Tenant and your Server AD running in your Virtual Machine.
It's recommended you configure a separate Directory Sync Server to install the tool on. But, it's also possible to just run it on your Server AD Virtual Machine. I've done it both ways successfully.
When you're installing the tool, select the option for Hybrid Deployment. This will enable Azure AD to write objects back to your Server AD.