Connecting Active Directory To Microsoft Services

Lynn AyresProgram ManagerIdentity Services

Tore SundelinProgram ManagerIdentity Services

BB29

Microsoft Identity Software + ServicesOne identity model that puts users in control of their identities

“Geneva” Framework

Live Framework

Windows CardSpace “Geneva”

Active Directory

“Geneva” Server

Microsoft Services

Connector

Soft

war

eSe

rvic

es Claims-Based Access

Standards BasedEnhances Developer ProductivityFlexibility via Choice

Live IDMicrosoft

Federation Gateway

.Net Access Control Service

Microsoft Identity Software + Services One identity model that puts users in control of their identities

Live Framework

Standards BasedEnhances Developer Productivity

Live ID.Net Access

Control Service

“Geneva” Framework

Windows CardSpace “Geneva”

“Geneva” Server

Microsoft Federation Gateway

Microsoft Services

Connector

Active DirectorySoft

war

eSe

rvic

es Claims-Based Access

Flexibility via Choice

Why Are We Here?

Services Revolution

Identity can be a barrier enabler

Different security zones

Multiple islands

Identity Challenges

Identity can be a barrier

1. Switch from a server (Exchange) to a cloud service

2. Adopt a new service3. Move an on-premises app to a

cloud service

Scenarios

How does a business use services without changing their on-premises identity infrastructure? (ex: Active Directory)

Enterprise Software And Service Topology

DesktopExchange

Azure Services Platform

ISV Apps Microsoft Online

Microsoft Dynamics

CRM Online

Windows Live

Browser

Office

Apps ISV Apps SharePoint

EnterpriseApps

LiveMesh

Cloud

Live Identity Service

Active Directory

Enterprise On-Premises

IT admin

Employees

Developers

Solution Must Satisfy:

Federation is the solution, but we need to do more

Microsoft will offer a free tool that greatly simplifies on-boarding to cloud services

Federation Is Industry Endorsed Solution

Federation hub brokers access for Cloud services: Microsoft cloud applications Developers using Azure Services Platform Other businesses using the Gateway

Manage one relationship to connect to any service

Solution: Microsoft Federation Gateway

Free download for quick and easy setup

Connects Active Directory to the Gateway and cloud services and applications

Protects corporate account security

Solution: Microsoft Services Connector

Enterprise Software And Service Topology

Desktop

Azure Services Platform

ISV Apps

Browser

Office

Apps

EnterpriseApps

Microsoft Federation Gateway

Live Identity Service

Exchange ISV Apps SharePoint

ActiveDirectory

Enterprise On-PremisesMicrosoft Services

Connector

Microsoft Online

Microsoft Dynamics

CRM Online

Windows Live

LiveMesh

Cloud

Microsoft Services Connector Gurbinder Microsoft Partner

demo

Registers the enterprise’s domain, sign-in endpoint, and a token signing key

Enterprise asserts domain ownership via an SSL cert issued by a trusted CA

Ongoing management is automatic

What Happened: Setup

Enterprise

Server Apps

Microsoft Services

Connector

ActiveDirectory

Microsoft Federation Gateway

Microsoft CloudApplications

Developer Services

What Happened: Accessing Services User clicks link for service

Desktop

Browser

Office

Apps

Enterprise

Server Apps

Microsoft Services

Connector

ActiveDirectory

Microsoft Federation Gateway

Microsoft Cloud

Connector validates credentials with Active Directory Connector issues a login token and redirects to Microsoft Federation Gateway

Federation Gateway validates token and transforms claims

Federation Gateway issues service token and redirects to requested service

User accesses service User taken to Microsoft Services Connector for authentication

Applications

Developer Services

Businesses federate once to connect to any service

Services federate once to connect to any business

Hub and spoke model abstracts complexity: Endpoint changes, key rollovers, protocol

changes, etc.

Drill Down: Microsoft Federation Gateway

For businesses: Microsoft Services Connector, “Geneva” Works for businesses without AD Protocols: WS-*, SAML Tokens: SAML

Drill Down: Microsoft Federation Gateway

For relying services: Frameworks: .NET, “Geneva”, Live Messaging: WS-*, SAML , Live Tokens: SAML, Live

Supports range of network infrastructures:

Single server, server farm, proxy server

Active Directory: single domain, single forest, multiple forests

Automates Complex Management Tasks

Drill Down: Microsoft Services Connector

Flexible and customizable end user experience

Architecture consistent with “Geneva”

Microsoft has an internal deployment

Drill Down: Microsoft Services Connector

Businesses adding services to their existing IT infrastructure

Identity must be an enabler

Solution is available today

Why Are We Here?

Microsoft Services Connector Preview available today:

www.microsoft.com/servicesconnector Beta in early 2009

Microsoft Federation Gateway Released, available today Whitepaper On-boarding documentation

We want your feedback! Forum

How You Get It

© 2008 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market

conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.