migrating office 365 from adfs to ping federate
play

Migrating Office 365 From ADFS to Ping Federate NLIT 2019 Kevin - PowerPoint PPT Presentation

Sep 02, 2023 •312 likes •615 views

FERMILAB-SLIDES-19-033-CD Migrating Office 365 From ADFS to Ping Federate NLIT 2019 Kevin Conway May 31, 2019 This manuscript has been authored by Fermi Research Alliance, LLC under Contract No. DE-AC02-07CH11359 with the U.S. Department of

  1. FERMILAB-SLIDES-19-033-CD Migrating Office 365 From ADFS to Ping Federate NLIT 2019 Kevin Conway May 31, 2019 This manuscript has been authored by Fermi Research Alliance, LLC under Contract No. DE-AC02-07CH11359 with the U.S. Department of Energy, Office of Science, Office of High Energy Physics.

  2. Agenda • Why migrate? • Pre-Requisites for Migration • Create the O365 Connection • Federated Trust Maintenance • Testing • Lessons Learned • Questions 2 5/31/2019 Kevin Conway | Migrating Office 365 to Ping Federate

  3. Why migrate? ADFS Deployment Load Balancer Proxy Server #1 Proxy Server #2 Load Balancer ADFS Server #1 ADFS Server #2 ADFS SQL Server 3 5/31/2019 Kevin Conway | Migrating Office 365 to Ping Federate

  4. Why migrate? Ping Federate Deployment Load Balancer Ping Federate Ping Federate SRV #1 SRV #2 P Ping Federate Management Server • Simple • Easier to scale • Cost-effective 4 5/31/2019 Kevin Conway | Migrating Office 365 to Ping Federate

  5. Why migrate? 176 Added Service Providers! The last remaining SP… Recently added… teshdhdhdh 5 5/31/2019 Kevin Conway | Migrating Office 365 to Ping Federate

  6. Pre-Requisites for Migration Office 365 Tenant (Test Tenant makes life easier!) • Global Admin Account Ping Federate version 8.4 (Recommend version 9.X) • Admin Account – Full Rights to Management Console Azure Ad Connect version 1.1.880.0 08 https://docs.pingidentity.com 6 5/31/2019 Kevin Conway | Migrating Office 365 to Ping Federate

  7. Create the O365 Connection High Level Steps • Preparing your Ping Federate Environment • Create an O365 Connection in Ping Federate Development • Copy the Connection Settings into Ping Federate Production – API Interface • Break the ADFS Trust -PowerShell • Federate Domain with Ping Federate – Use Azure Ad Connect • Test your O365 Connection – Browsers, Mobile, & Client Applications Existing Settings Used Items needed to Add/Configure Adapter WS-Trust Protocol Data Stores Token Processor Signing Certificate Create Credential Validator for upn Enable objectGUID as binary attribute in datastore 7 5/31/2019 Kevin Conway | Migrating Office 365 to Ping Federate

  8. LDAP Identity Attribute Mapping 8 5/31/2019 Kevin Conway | Migrating Office 365 to Ping Federate

  9. Enable the WS-Trust Protocol Enable the WS-Trust Protocol in Server Settings on The Ping Management Server Interface Enable for Identity Providers 9 5/31/2019 Kevin Conway | Migrating Office 365 to Ping Federate

  10. Enable the WS-Trust Protocol Enable WS-Trust Protocol in Server Settings  Connection Type for the Office 365 Connection Note! You may receive an error when running through The Azure AD Connect Wizard that it requires WS-TRUST Protocol and will not proceed until its selected In the Management Console. Ping Documentation seemed incorrect here. WS-Trust Protocol was required to complete the Federated Trust with Ping Federate . 10 5/31/2019 Kevin Conway | Migrating Office 365 to Ping Federate

  11. Create Token Processor instance for WS-TRUST From the Identity Provider Page select Token Processors Type - Username Credential Validators Are configured here 11 5/31/2019 Kevin Conway | Migrating Office 365 to Ping Federate

  12. Create the Credential Validator for UPN Configure a Password Credential Validator that uses UPN • Used to verify username/password pairs in various contexts • We had one instance created for sAMAccountName=${username} • We needed to add an instance for UserPrincipalName=${username} 12 5/31/2019 Kevin Conway | Migrating Office 365 to Ping Federate

  13. Enable objectGUID as binary attribute From Server Configuration navigate to your Data Store Configurations, choose your Data Store and choose the Advanced LDAP Options  LDAP Binary Types Add objectGUID in the Binary Attribute Name filed and select update 13 5/31/2019 Kevin Conway | Migrating Office 365 to Ping Federate

  14. Create the O365 Connection using API Interface Select /idp/spConnections  Get Search by entityid found in Ping Management Interface Selecting Try it Out will return only that connection and not all sp connections in the Management Console 14 5/31/2019 Kevin Conway | Migrating Office 365 to Ping Federate

  15. Create the O365 Connection using the API Interface Connection ID and Name ID Values Certificate and Data Store Values In Text Editor you can Edit/Replace values In a Text Editor you can Find/Replace All • “ id ” value gets generated when connection is • “id” refers to Signing Certificate value created • “location” refers to Ping Management Server • “name” value must be unique among SP’s • “id” LDAP –xxxxxxx refers to Data Store • “virtualEntityID” values refers to Federated Domain 15 5/31/2019 Kevin Conway | Migrating Office 365 to Ping Federate

  16. Create the O365 Connection using the API Interface Back to the API Interface to paste updated values into the body of new connection field Select  POST Once Connection is Created, you will find A value for SP “id” The Connection should now appear in the Ping Management Interface 16 5/31/2019 Kevin Conway | Migrating Office 365 to Ping Federate

  17. Check current Federated Domain Settings from LDAP Maintenance Server containing Azure AD Connect Software $msolcred = Get-Credential #provide credentials cloud service account@domain.onmicrosoft.com Connect-msolservice -credential $msolcred #At this point, you are authenticated in the cloud tenant #Check the current state of the target domain “domain.fnal.gov” Get-MsolDomain #Check Federated Domain settings to determine identity Provider Get-MsolDomainFederationSettings -DomainName ‘domain.fnal.gov' 17 5/31/2019 Kevin Conway | Migrating Office 365 to Ping Federate

  18. Break the Federated Trust with ADFS #Break the Federated Trust with current identity provider (ADFS) Set-MsolDomainAuthentication -DomainName domain.fnal.gov -Authentication Managed If successful, No output just prompt below. Trust Broken!! PS C:\Users\kconway-admin> Get-MsolDomain Verify Settings after change #verify Federated Domain Status is now "managed" and NOT federated Get-MsolDomain #check status that there is no listed provider Get-MsolDomainFederationSettings -DomainName ‘domain.fnal.gov’ #No output means no listed provider – This is expected Proceed to LDAP Server and run Azure Ad Connect to federate with Ping Federate 18 5/31/2019 Kevin Conway | Migrating Office 365 to Ping Federate

  19. Federate Domain with Ping Federate Log into LDAP Management Server containing Azure AD Connect Software and run Azure AD Connect.exe Next  Select your Target domain (domain.gov) displays message indicating domain is managed and will be converted to a federated domain 19 5/31/2019 Kevin Conway | Migrating Office 365 to Ping Federate

  20. Federate the Domain with Ping Federate & export Settings for Ping Management Console Ping Federate Settings Screen 20 5/31/2019 Kevin Conway | Migrating Office 365 to Ping Federate

  21. File contents containing Federated Domain Settings for Ping Federate Management Console Configuration Parameters from exported Configuration file Connection types: WS-Federation and WS-Trust EntityID (Connection ID): "urn:federation:MicrosoftOnline“ Virtual Server ID: "http://domain.com/PingFederate" Attribute Contract: ImmutableID - http://schemas.microsoft.com/LiveID/Federation/2008/05 UPN - http://schemas.xmlsoap.org/claims Directory attribute source for ImmutableID: "objectGUID" (Binary, Base64) Directory attribute source for UPN: "userPrincipalName" (String) Endpoint URL: https://login.microsoftonline.com/login.srf WS-Trust default token type (PingFederate 8.4 and above): SAML 1.1 for Office 365 WS-Trust token processor type: Username Token Processor 21 5/31/2019 Kevin Conway | Migrating Office 365 to Ping Federate

  22. Populate values from exported File into Ping Federate Management Console Informational items here EntityID (Connection ID): • Contact info "urn:federation:MicrosoftOnline“ • Application Name • Application ICON URL Endpoint URL: • Logging https://login.microsoftonline.com/login.srf 22 5/31/2019 Kevin Conway | Migrating Office 365 to Ping Federate

  23. Federate Domain with Ping Federate Verify Connectivity Next  Configure Screen just tells what domain you will configure the trust with 23 5/31/2019 Kevin Conway | Migrating Office 365 to Ping Federate

  24. Federate Domain with Ping Federate Configuration Complete! You have now Federated with Ping Time to test sign-in! 24 5/31/2019 Kevin Conway | Migrating Office 365 to Ping Federate

  25. Testing Operating Systems Browsers on Windows Browsers on MAC Browsers on Linux 25 5/31/2019 Kevin Conway | Migrating Office 365 to Ping Federate

  26. Testing Operating Systems Mail Clients Mail Clients Mail Clients 26 5/31/2019 Kevin Conway | Migrating Office 365 to Ping Federate

  27. Testing Sign into Office Applications Android & IOS Mobile Don’t forget Outlook App on both platforms 27 5/31/2019 Kevin Conway | Migrating Office 365 to Ping Federate

Recommend

Some Ping Examples ping -c4 www.linuxjournal.com ping -c2 -b 149.153.100.255 ping -c2 224.0.0.2

Some Ping Examples ping -c4 www.linuxjournal.com ping -c2 -b 149.153.100.255 ping -c2 224.0.0.2

Some Ping Examples ping -c4 www.linuxjournal.com ping -c2 -b 149.153.100.255 ping -c2 224.0.0.2 1 Doing the Net::Ping Thing, 1 of 2 #! /usr/bin/perl -w use strict; use Net::Ping; my $host = shift || localhost; my @protos = qw( icmp

541 views • 14 slides
Migrating Legacy.com Migrating a top 50 most visited site in the U.S. onto Drupal - Legacy.com

Migrating Legacy.com Migrating a top 50 most visited site in the U.S. onto Drupal - Legacy.com

Migrating Legacy.com Migrating a top 50 most visited site in the U.S. onto Drupal - Legacy.com Case Study Migrating Legacy.com Jordan Ryan Product Owner Ankur Gupta Lead Developer Bassam Ismail Front-end Lakshmi Narasimhan RESTful

458 views • 45 slides
Migrating from Grid to Cloud: Migrating from Grid to Cloud: Migrating from Grid to Cloud:

Migrating from Grid to Cloud: Migrating from Grid to Cloud: Migrating from Grid to Cloud:

Migrating from Grid to Cloud: Migrating from Grid to Cloud: Migrating from Grid to Cloud: Migrating from Grid to Cloud: Case Study from GEO Grid Case Study from GEO Grid Kyoung-Sook Kim Data Science Research Group Information Technology

541 views • 18 slides
Federation Connecting Livespaces Federation Two levels to federate at Elvin level:

Federation Connecting Livespaces Federation Two levels to federate at Elvin level:

Federation Connecting Livespaces Federation Two levels to federate at Elvin level: federate messages between routers Livespace level: federate entities between rooms Elvin Federation Needed to allow Livespace messages to

663 views • 13 slides
Introduction Ping Yu School of Economics and Finance The University of Hong Kong Ping Yu (HKU)

Introduction Ping Yu School of Economics and Finance The University of Hong Kong Ping Yu (HKU)

Introduction Ping Yu School of Economics and Finance The University of Hong Kong Ping Yu (HKU) Introduction 1 / 31 Course Information Time: 9:30-10:45am and 11:00-12:15pm on Saturday. Location: KKLG103 Office Hour: 2:00-3:00pm on Friday ,

533 views • 31 slides
How can different campuses inter-operate? From ora et labora to collaborate and federate

How can different campuses inter-operate? From ora et labora to collaborate and federate

How can different campuses inter-operate? From ora et labora to collaborate and federate EuroCAMP, Ljubljana, 2006-04-03 Ingrid Melve, FEIDE manager From S S O to a federated solution Campus Identity Management Collaborations

678 views • 33 slides
MISSOURI WESTERN FINANCIAL AID AND BUSINESS OFFICE Helpi ping you A Achieve you our G Goa

MISSOURI WESTERN FINANCIAL AID AND BUSINESS OFFICE Helpi ping you A Achieve you our G Goa

MISSOURI WESTERN FINANCIAL AID AND BUSINESS OFFICE Helpi ping you A Achieve you our G Goa oals Not h t having y g your Finan nanci cial al A Aid i id in place ace WEL ELL B BEF EFOR ORE th the e first d t day o y of

562 views • 38 slides
Migrating to Java 9 Modules @Sander_Mak By Sander Mak Migrating to Java 9 Java 8 java -cp ..

Migrating to Java 9 Modules @Sander_Mak By Sander Mak Migrating to Java 9 Java 8 java -cp ..

Migrating to Java 9 Modules @Sander_Mak By Sander Mak Migrating to Java 9 Java 8 java -cp .. -jar myapp.jar Java 9 java -cp .. -jar myapp.jar Today's journey Running on Java 9 Java 9 modules Migrating to modules Modularising code

851 views • 45 slides
Ping Ans AI + Financial Service Mei Han Director of Ping An Technology, US Research Labs Talk

Ping Ans AI + Financial Service Mei Han Director of Ping An Technology, US Research Labs Talk

Ping Ans AI + Financial Service Mei Han Director of Ping An Technology, US Research Labs Talk S9863 1 Ping Ans Development and Strategy Corporate Introduction Domestic and Foreign Rising on Fortunes List

635 views • 32 slides
Ping Once Use Many Times Enhancing the Utility of Office of Coast Survey Mapping Products for

Ping Once Use Many Times Enhancing the Utility of Office of Coast Survey Mapping Products for

Ping Once Use Many Times Enhancing the Utility of Office of Coast Survey Mapping Products for Coastal Science and Management GISP Sta rla Ro b inso n a nd Dr. Chris T a ylo r 1/ 13/ 12 Wilmington 2016: For the Chart Updated Chart 900 Square

554 views • 41 slides
Migrating GNOME to Git Migrating GNOME to Git (a human & technical perspective) Frdric

Migrating GNOME to Git Migrating GNOME to Git (a human & technical perspective) Frdric

Migrating GNOME to Git Migrating GNOME to Git (a human & technical perspective) Frdric Pters Frdric Pters <fpeters@gnome.org> <fpeters@gnome.org> Rencontres Mondiales du Logiciel Libre Nantes - 10 juillet 2009

991 views • 49 slides
Session 2 Dum um ping and Ant nt idum um ping Measures Prepared by Wenguo Cai Director, I

Session 2 Dum um ping and Ant nt idum um ping Measures Prepared by Wenguo Cai Director, I

I ntroductory Workshop on Trade Remedies Session 2 Dum um ping and Ant nt idum um ping Measures Prepared by Wenguo Cai Director, I nternational Programs The Conference Board of Canada Jakarta, Indonesia 20-22 March 2017 Outline of

429 views • 31 slides
Lands ndscapi ping f ng for or L Learne ners Holly Hovis, Botanist, Bruneau Field Office

Lands ndscapi ping f ng for or L Learne ners Holly Hovis, Botanist, Bruneau Field Office

Lands ndscapi ping f ng for or L Learne ners Holly Hovis, Botanist, Bruneau Field Office Supporting Text The front ont l line nes of of the he ba battle for n natur ure a are not not i in n the A Amazon on rain n for

321 views • 29 slides
PING-ing AS A STRATEGY jane hamill 1 What is PING-ing? 2 Lets assuming youve done your

PING-ing AS A STRATEGY jane hamill 1 What is PING-ing? 2 Lets assuming youve done your

PING-ing AS A STRATEGY jane hamill 1 What is PING-ing? 2 Lets assuming youve done your research Strategy: Ping-ing 10 minutes a day Reach out and add value Comment (not just LIKE) Be yourself Dont ask for anything

232 views • 21 slides
The Ping An story Joe Ye TIAN, Deputy Managing Director, Ping An International Financial Leasing

The Ping An story Joe Ye TIAN, Deputy Managing Director, Ping An International Financial Leasing

The Ping An story Joe Ye TIAN, Deputy Managing Director, Ping An International Financial Leasing Ping An I nternational Financial Leasing Aviation Business Joe Ye TI AN Deputy Head of Aviation 19 th January 2016 2 CONTENTS 1. Ping An Group

326 views • 17 slides
Migrating Terrible Content to Drupal 8

Migrating Terrible Content to Drupal 8

Migrating Terrible Content to Drupal 8 https://events.drupal.org/seattle2019/sessions/migrating-terrible-static-content-drupal-8 Kristian Ducharme About Me Kristian Ducharme - Technical Lead / Product Manager / DevOps Engineer @ CivicActions

659 views • 35 slides
Migrating your messaging strategy onto RCS Dave Attenborough Head of Product Introduction to

Migrating your messaging strategy onto RCS Dave Attenborough Head of Product Introduction to

Migrating your messaging strategy onto RCS Dave Attenborough Head of Product Introduction to Commify Our brands Were number 1 in Europes largest countries: UK, Italy, France, Spain and Germany 2 Introduction to Commify Commify office

451 views • 15 slides
Session 3 Dum um ping and Ant nt i-du dum pi ping g Measures Prepared by Peter Clark

Session 3 Dum um ping and Ant nt i-du dum pi ping g Measures Prepared by Peter Clark

I ntroductory Workshop on WTO Trade Remedies Session 3 Dum um ping and Ant nt i-du dum pi ping g Measures Prepared by Peter Clark President Grey, Clark, Shih and Associates, Limited Jakarta, Indonesia 20-22 March 2017 Trade Remedy /

1.1k views • 53 slides
Federating OpenStack Powered Supercomputers John Garbutt @johnthetubaguy Why Federate a

Federating OpenStack Powered Supercomputers John Garbutt @johnthetubaguy Why Federate a

Federating OpenStack Powered Supercomputers John Garbutt @johnthetubaguy Why Federate a Supercomputer? IRIS: e-Infrastructure for STFC Science STFC: UK Science and Technology Facilities Council Understand requirements for a UK-wide

742 views • 35 slides
Creating and optimizing the digital technology in tourism business Alex Lee Yun Ping (CEO) Ping

Creating and optimizing the digital technology in tourism business Alex Lee Yun Ping (CEO) Ping

Malaysian workshop on ASEAN academic partnerships for small business and ICT knowledge transfer April 20, 2017 Creating and optimizing the digital technology in tourism business Alex Lee Yun Ping (CEO) Ping Anchorage.Terrapuri.Terradala

475 views • 24 slides
Time-to-Live TLV for LSP-Ping draft-ietf-mpls-lsp-ping-ttl-tlv-01 Sami Boutros

Time-to-Live TLV for LSP-Ping draft-ietf-mpls-lsp-ping-ttl-tlv-01 Sami Boutros

Time-to-Live TLV for LSP-Ping draft-ietf-mpls-lsp-ping-ttl-tlv-01 Sami Boutros Siva Sivabalan George Swallow Vishwas Manral Shaleen Saxena Sam Aldrin Michael Wildt Background The draft

329 views • 5 slides
Ping An International Financial Leasing Aviation Business Unit 20 February 2017 1 CONTENTS 1.

Ping An International Financial Leasing Aviation Business Unit 20 February 2017 1 CONTENTS 1.

Ping An International Financial Leasing Aviation Business Unit 20 February 2017 1 CONTENTS 1. Ping An Group 2. Ping An Leasing 3. Aviation Business 2 1. Ping An Group - Background Founded in 1988, listed USD768 billion balance on Hong

220 views • 19 slides
Best Practices for Migrating MySQL to the Cloud Juan Pablo Arruti Percona Agenda IaaS vs

Best Practices for Migrating MySQL to the Cloud Juan Pablo Arruti Percona Agenda IaaS vs

Best Practices for Migrating MySQL to the Cloud Juan Pablo Arruti Percona Agenda IaaS vs DBaaS Migrating Data Replication between On-Premises and Cloud Testing Cloud Environments High Availability Monitoring

885 views • 59 slides
Peer-to-Peer Networks 15 Self-Organization Christian Schindelhauer Technical Faculty

Peer-to-Peer Networks 15 Self-Organization Christian Schindelhauer Technical Faculty

Peer-to-Peer Networks 15 Self-Organization Christian Schindelhauer Technical Faculty Computer-Networks and Telematics University of Freiburg Gnutella Connecting Protokoll - Ping Ping participants query for Ping neighbors Ping

293 views • 16 slides

More recommend