SlideShare une entreprise Scribd logo

How Claims is Changing the Way We Authenticate and Authorize in SharePoint

A
AntonioMaio2

How Claims is Changing the Way We Authenticate and Authorize in SharePoint

LogicielsTechnologieÉconomie & finance
1  sur  32
Télécharger pour lire hors ligne
Antonio Maio Protiviti, Senior SharePoint Architect & Senior Manager Microsoft SharePoint Server MVP How Claims is Changing the Way We Authenticate and Authorize in SharePoint Email: Antonio.maio@protiviti.com Blog: www.trustsharepoint.com Slide share: http://www.slideshare.net/AntonioMaio2 Twitter: @AntonioMaio2
© 2014 Protiviti Consulting Private Ltd. An Equal Opportunity Employer. About Protiviti INDIA (3) Protiviti (www.protiviti.com) is a global consulting firm that helps companies solve problems in finance, technology, operations, governance, risk and internal audit. Through our network of more than 70 offices in over 20 countries, we have served more than 35 percent of FORTUNE® 1000 and Global 500 companies. We also work with smaller, growing companies, including those looking to go public, as well as with government agencies. Protiviti is a wholly owned subsidiary of Robert Half International Inc. (NYSE: RHI). Founded in 1948, Robert Half International is a member of the S&P 500 index. • 2,500+ professionals • 1,000+ clients • 70+ offices • Over 20 countries in the Americas, Europe and Asia-Pacific Protiviti is one of the fastest growing consulting firms worldwide. Our revenues have increased from US $15 million in 2002, to US $423.8 million in 2011.
© 2014 Protiviti Consulting Private Ltd. An Equal Opportunity Employer. • Introduction to the Concept of Claims – Types of Claims Retrieved – How do I know which ones? • Authentication vs Authorization – Claims Based Authentication – Using Claims for Authorization – Permissions – People Picker • Architecture and Trusted Identity Providers – Enabling Claims Based Authorization with Trusted Identity Providers – Customizing Claims Authentication Process – Augmenting Claims with Custom Claim Providers • Common Customer Needs and Scenarios Agenda
© 2014 Protiviti Consulting Private Ltd. An Equal Opportunity Employer. • User attributes • Metadata about a user • AD attributes/LDAP attributes What is a Claim? What’s Missing?
© 2014 Protiviti Consulting Private Ltd. An Equal Opportunity Employer. Trust!
© 2014 Protiviti Consulting Private Ltd. An Equal Opportunity Employer. What is a Claim? Claims are trusted assertions I make about myself – Identity attributes retrieved from a trusted identity provider – Digitally signed so that I can verify the identity provider – Packaged and signed in a standards-based way (ex. SAML) (SAML = Security Assertion Markup Language) Allow me to take my identity across network boundaries in a trusted and secure way!
© 2014 Protiviti Consulting Private Ltd. An Equal Opportunity Employer. • Name Antonio Maio • Email antonio.maio@protiviti.com • Company, Department Protiviti, SharePoint Practice • Security Clearance Secret (Canada) • Military Rank <none> • Employment Status FTE • Over 18 Years Old Yes • Valid Driver’s License Yes • Country of Birth Canada • Citizenship Canadian, Italian • Residence Dallas, Texas, USA Consider, why do you trust them? Claims About Me
© 2014 Protiviti Consulting Private Ltd. An Equal Opportunity Employer. Authentication The process of determining that someone is who they say they are • Typically done today through username/password SharePoint 2013 – Claims Based Authentication is the default Auth’n method • New Web Applications are Claims Enabled • Classic Mode authentication has been deprecated - Only thru PowerShell How do Claims all us to go beyond classic authentication?  Single Sign-On across systems in different domains  Federate between SharePoint On Premise and O365  Verify additional info about a user during the authentication process  Required for new SharePoint 2013 features like Server-server Auth, App Authentication
© 2014 Protiviti Consulting Private Ltd. An Equal Opportunity Employer. Configuring Claims Based Authentication • Central Admin > Manage Web Applications > New Web Application • By default claims enabled • SSL is required for most scenarios • Trusted identity providers • Server to Server Authentication • App Authentication • Select your Authentication Protocol • Windows Auth: NTLM or Kerberos • Forms Based • Trusted Identity Provider (SAML) or some combination…
© 2014 Protiviti Consulting Private Ltd. An Equal Opportunity Employer. Configuring Claims Based Authentication PowerShell • Ensure you have the correct permissions (securityadmin and dbowner on DB, part of administrators group on server) • Sample: $ap = New-SPAuthenticationProvider New-SPWebApplication -Name "Contoso Internet Site" -Port 443 -HostHeader sharepoint.contoso.com - URL "https://www.contoso.com" -ApplicationPool "ContosoAppPool" -ApplicationPoolAccount (Get- SPManagedAccount "DOMAINjdoe") -AuthenticationProvider $ap -SecureSocketsLayer New-SPWebApplication -Name <Name> -ApplicationPool <ApplicationPool> -ApplicationPoolAccount <ApplicationPoolAccount> -URL <URL> -Port <Port> -AuthenticationProvider $ap Where: <Name> is the name of the new web application that uses claims-based authentication. <ApplicationPool> is the name of the application pool. <ApplicationPoolAccount> is the user account that this application pool will run as. <URL> is the public URL for this web application. <Port> is the port on which the web application will be created in IIS.
© 2014 Protiviti Consulting Private Ltd. An Equal Opportunity Employer. Types of Claims Retrieved • Standard Claims – Only claims retrieved when using NTLM/Kerberos – Only claims supported through Office 365/SharePoint Online • Custom Claims – Trusted Identity Provider required: ADFS, Ping Federate, Thinktecture, etc. Name identifier Primary SID Primary Group SID UPN User Logon Name User ID Name Identity Provider Name Issuer Is Authenticated Farm ID Role Group SID
© 2014 Protiviti Consulting Private Ltd. An Equal Opportunity Employer. How do I know which claims were retrieved? • Use the SharePoint Claims Web Part developed by Steve Peschka Download and Configuration instructions available here: http://www.trustsharepoint.com/2013/04/how-do-i-know-which-claims-were.html
© 2014 Protiviti Consulting Private Ltd. An Equal Opportunity Employer. Authorization Determining what resources users are permitted to access and what actions they’re permitted to perform • Typically through permissions in SharePoint • How do claims allow us to go beyond simple Permissions?  Be specific to the user  Be done without knowing who the user is  Be dynamic – ex. changes in a user’s security clearance are reflected  Include environmental attributes (current time, GEO location, connection type, etc.)  Be an alternative to security groups – Groups do not scale  Example: user must be part of GroupA and GroupB and GroupC to access a resources
© 2014 Protiviti Consulting Private Ltd. An Equal Opportunity Employer. Simple Permission Examples Users and Groups • Finance AD Group has Full Control on Library A • ProjectXContractor SP Group has Read access on site B • Antonio.Maio AD user has Contribute access on Document C Principle (user or group) Permission Level (collection of permissions) Information Object (item or container)
© 2014 Protiviti Consulting Private Ltd. An Equal Opportunity Employer. Permission Examples: Claims • Remember: Claims are trusted attributes about a user • May assign a Claim as part of a permission to an object or container (just like a user or group) • ‘SecurityClearance=Secret’ has Full Control access on Document X • ‘ITARCleared=True’ has Read access on Library Y • ‘EmploymentStatus=FTE’ has Contribute access on Site Z Principle (a claim in this case) Permission Level (collection of permissions) Information Object (item or container)
© 2014 Protiviti Consulting Private Ltd. An Equal Opportunity Employer. People Picker 1. Type the value of the claim in the Find field (Top Secret in our example) Note: people picker cannot resolve values. Typos will appear here as if they are valid values. It will display multiple valid selections for your value, one for each claim type available. 2. Next, you select the attribute type in the All Search Results list on the left side – in our case we select Clearance. 3. The list on the right side will then reduce the view to one selection for the attribute type selected. Select that attribute type in the right list now. 4. Click the Add button, and then click OK
© 2014 Protiviti Consulting Private Ltd. An Equal Opportunity Employer. People Picker and Assigning Permission • Once the claim is selected it can be assigned as a permission with a permission level to some securable object
© 2014 Protiviti Consulting Private Ltd. An Equal Opportunity Employer. Enabling Claims Based Authorization  Planning Required  Driven by a need to secure information at more granular level  Standard Claims Typically are Not Sufficient  Determining policies, claims, getting stakeholders to agree, etc.  Which trusted identity provider? Which attribute store?  Infrastructure Required  Storing, managing, retrieving, transforming, trusting claims  Configuration Required  Deploying Identity Provider, Connecting it to SharePoint, Configuring Trust, Sign-in, Claims Rules
© 2014 Protiviti Consulting Private Ltd. An Equal Opportunity Employer. Enabling Claims Based Authorization  High Level Steps 1. Create the SharePoint 2013 Web Application 2. Install and Configure an STS Server (Secure Token Server) • Ex. Deploy ADFS, Domain Joined Server (possibly a farm) 3. Configure STS with the SharePoint web application as a Relying Party • Configuration within ADFS 4. Configure SharePoint 2013 to trust STS as an Identity Provider • Import ADFS Token Signing Certificate into IIS on SharePoint • Use PowerShell to configure ADFS as Trusted Provider 5. Configure SharePoint Web Application to use Claims Based Authentication and STS as the Trusted Identity Provider • Within Central Admin
© 2014 Protiviti Consulting Private Ltd. An Equal Opportunity Employer. Relying Party (RP) Trusted Identity Provider (IP) SharePoint 2013 Client System Ex. web browser Secure Token Server (STS) EX. Active Directory Federation Services (ADFS) Identity Store, Attribute Store, (AD, Database or Directory) 3. Authenticate User, Get info (claims) about user Token with Claims Format: SAML/WS-Fed 4. Authenticated user, attributes retrieved & STS creates token 1. Sign In Page 5. User is authenticated and SharePoint 2010 now has user’s claims & knows it can trust them Claims Based Auth’n/Auth’r Architecture 2. Requests authentication (thru username/password) and a token Browser Redirect
© 2014 Protiviti Consulting Private Ltd. An Equal Opportunity Employer. Relying Party (RP) Trusted Identity Provider (IP) SharePoint 2013 Client System Ex. web browser Secure Token Server (STS) EX. Active Directory Federation Services (ADFS) Identity Store, Attribute Store, (AD, Database or Directory) 3. Authenticate User, Get info (claims) about user Token with Claims Format: SAML/WS-Fed 4. Authenticated user, attributes retrieved & STS creates token 1. Sign In Page 5. User is authenticated and SharePoint 2010 now has user’s claims & knows it can trust them Customizing Claims Authentication Process 2. Requests authentication (thru username/password) and a token Browser Redirect Custom Claim Provider Custom Claim Provider … Claim Rule Claim Rule … SQL DB, LDAP, PKI etc… iAttributeStore …
© 2014 Protiviti Consulting Private Ltd. An Equal Opportunity Employer. • Select a Standards-based Identity Provider (SAML) – Active Directory Federation Services 2.0 or later • Supports full SAML 1.1 and 2.0 Tokens and Protocol • Supports WS-Federation Tokens and Protocol • SharePoint 2010/2013 use SAML 1.1 tokens and SAML 2.0 protocol • Must authenticate against Active Directory – Ping Federate (Commercial) – Thinktecture (Open Source) Trusted Identity Providers Trusted Identity Provider (IP) Secure Token Server (STS) EX. Active Directory Federation Services (ADFS) Identity Store, Attribute Store, (AD, Database or Directory) 3. Authenticate User, Get info (claims) about user Token with Claims Format: SAML/WS-Fed 4. Authenticated user, attributes retrieved & STS creates token
© 2014 Protiviti Consulting Private Ltd. An Equal Opportunity Employer. Augmenting Claims - Custom Claim Providers • Used to Augment User Claims and Customize People Picker • SharePoint farm level feature • Can deploy more than one • Called after user is authenticated …and after Trusted Identity Provider has already returned claims – Built on top of WIF (Windows Identity Framework) – Used to augment claims or transform claims – Used to customize the People Picker (ex. resolving claims through user search)
© 2014 Protiviti Consulting Private Ltd. An Equal Opportunity Employer. Custom Claim Provider Deployment • Deployed as a Farm Level Feature Receiver – requires more code – Must inherit from SPClaimProviderFeatureReceiver (lots of examples) • Can deploy multiple claim providers – Called in order of deployment • Once deployed - Available in every web app, in very zone – Can cause performance issues – When user logs in, all Custom Claim Providers deployed get called • Set IsUsedByDefault property in Feature Receiver Def'n to False • Turn it on manually for required web apps
© 2014 Protiviti Consulting Private Ltd. An Equal Opportunity Employer. Common Customer Needs • How do I secure access to sensitive information just to certain people and only under certain conditions? – (More) Fine Grained Access Control – Sensitive content sitting beside non-sensitive content • I have compliance requirements about who can access certain types of data and when – How do I enforce that without stopping business?
© 2014 Protiviti Consulting Private Ltd. An Equal Opportunity Employer. What Types of Claims are Useful? • Military, Intelligence, Government Defense – Security Clearance, Caveats, Communities of Interest – Need to Know • Commercial – Department, Team or Role – Current Date/Time, Current Device (BYOD) – Group Membership with multiple groups – Partner ID or Business ID (in partner extranet scenarios) • Aerospace/Defense Contracting – Nationality + Current Location • Homeland Security – Agency (law enforcement, emergency response, public health…) – Scope or Level (local, state, federal), Current Threat Level
© 2014 Protiviti Consulting Private Ltd. An Equal Opportunity Employer. Intelligence Military Examples Classification Caveats Need to Know Security Clearance Caveats Groups Has All Has All Has Minimum Classification Topics Restrictions Communities Security Clearance Topics Restrictions Communities Has Minimum Has Any Not Have Any Has All
© 2014 Protiviti Consulting Private Ltd. An Equal Opportunity Employer. Commercial Example • Claim: Employee Status • Document Metadata: Classification (HBI, MBI, LBI) If employee.status = FTE and document.classification = HBI Then permit access to document If employee.status = Contract and document.classification = HBI Then deny access to document
© 2014 Protiviti Consulting Private Ltd. An Equal Opportunity Employer. Government Example • Claim: Client Case Numbers • Document Metadata: Document Case Number If document.case=X AND client.casenumbers includes X Then permit access to document If document.case=X AND client.casenumbers DOES NOT includes X Then deny access to document
© 2014 Protiviti Consulting Private Ltd. An Equal Opportunity Employer. Summary • Claims Based Authentication/Authorization still a new topic for many people – Allows us to take our identities across network boundaries in a trusted and secure – Enabling our move to the cloud – required for Identity Federation • Claims Based Authentication is Default in SharePoint 2013 – Classic Mode is Deprecated (Still there in 2013 but will likely go away next version) • Claims are great tool for Enterprise-Grade Authentication and Authorization – Infrastructure and Planning Required to take advantage of it – Leading SharePoint deployments in businesses, government and military to more fine grained authorization
© 2014 Protiviti Consulting Private Ltd. An Equal Opportunity Employer. • 7th Annual Conference • 6 SharePoint MVPs presenting • Full-Day Training Workshops pre and post conference • Separate tracks for Business Users, Technical Users & UX Professionals • Government, Association, Nonprofit & Group Discounts Available Get 15% off! Use: PRO15 when registering Learn More & Register at SharePointConference.org Dallas, TX October 20, 2014
Antonio Maio Protiviti, Senior SharePoint Architect & Senior Manager Microsoft SharePoint Server MVP Thank You! Email: Antonio.maio@protiviti.com Blog: www.trustsharepoint.com Slide share: http://www.slideshare.net/AntonioMaio2 Twitter: @AntonioMaio2

Recommandé

SharePoint Access Control and Claims Based Authentication
SharePoint Access Control and Claims Based AuthenticationSharePoint Access Control and Claims Based Authentication
SharePoint Access Control and Claims Based AuthenticationJonathan Schultz
 
Developing custom claim providers to enable authorization in share point an...
Developing custom claim providers to enable authorization in share point an...Developing custom claim providers to enable authorization in share point an...
Developing custom claim providers to enable authorization in share point an...AntonioMaio2
 
Understanding Claim based Authentication
Understanding Claim based AuthenticationUnderstanding Claim based Authentication
Understanding Claim based AuthenticationMohammad Yousri
 
Claims Based Authentication A Beginners Guide
Claims Based Authentication A Beginners GuideClaims Based Authentication A Beginners Guide
Claims Based Authentication A Beginners GuidePhuong Nguyen
 
SharePoint Saturday Toronto July 2012 - Antonio Maio
SharePoint Saturday Toronto July 2012 - Antonio MaioSharePoint Saturday Toronto July 2012 - Antonio Maio
SharePoint Saturday Toronto July 2012 - Antonio MaioAntonioMaio2
 
Unlock your Big Data with Analytics and BI on Office 365 - OFF103
Unlock your Big Data with Analytics and BI on Office 365 - OFF103Unlock your Big Data with Analytics and BI on Office 365 - OFF103
Unlock your Big Data with Analytics and BI on Office 365 - OFF103Brian Culver
 
Claim based authentaication
Claim based authentaicationClaim based authentaication
Claim based authentaicationSean Xiong
 
SharePointFest 2013 Washington DC - SPT 103 - SharePoint 2013 Extranets: How ...
SharePointFest 2013 Washington DC - SPT 103 - SharePoint 2013 Extranets: How ...SharePointFest 2013 Washington DC - SPT 103 - SharePoint 2013 Extranets: How ...
SharePointFest 2013 Washington DC - SPT 103 - SharePoint 2013 Extranets: How ...Brian Culver
 

Recommandé

SharePoint Access Control and Claims Based Authentication
SharePoint Access Control and Claims Based AuthenticationSharePoint Access Control and Claims Based Authentication
SharePoint Access Control and Claims Based AuthenticationJonathan Schultz
 
Developing custom claim providers to enable authorization in share point an...
Developing custom claim providers to enable authorization in share point an...Developing custom claim providers to enable authorization in share point an...
Developing custom claim providers to enable authorization in share point an...AntonioMaio2
 
Understanding Claim based Authentication
Understanding Claim based AuthenticationUnderstanding Claim based Authentication
Understanding Claim based AuthenticationMohammad Yousri
 
Claims Based Authentication A Beginners Guide
Claims Based Authentication A Beginners GuideClaims Based Authentication A Beginners Guide
Claims Based Authentication A Beginners GuidePhuong Nguyen
 
SharePoint Saturday Toronto July 2012 - Antonio Maio
SharePoint Saturday Toronto July 2012 - Antonio MaioSharePoint Saturday Toronto July 2012 - Antonio Maio
SharePoint Saturday Toronto July 2012 - Antonio MaioAntonioMaio2
 
Unlock your Big Data with Analytics and BI on Office 365 - OFF103
Unlock your Big Data with Analytics and BI on Office 365 - OFF103Unlock your Big Data with Analytics and BI on Office 365 - OFF103
Unlock your Big Data with Analytics and BI on Office 365 - OFF103Brian Culver
 
Claim based authentaication
Claim based authentaicationClaim based authentaication
Claim based authentaicationSean Xiong
 
SharePointFest 2013 Washington DC - SPT 103 - SharePoint 2013 Extranets: How ...
SharePointFest 2013 Washington DC - SPT 103 - SharePoint 2013 Extranets: How ...SharePointFest 2013 Washington DC - SPT 103 - SharePoint 2013 Extranets: How ...
SharePointFest 2013 Washington DC - SPT 103 - SharePoint 2013 Extranets: How ...Brian Culver
 
Leveraging SharePoint for Extranets
Leveraging SharePoint for ExtranetsLeveraging SharePoint for Extranets
Leveraging SharePoint for ExtranetsAvtex
 
T28 implementing adfs and hybrid share point
T28 implementing adfs and hybrid share point T28 implementing adfs and hybrid share point
T28 implementing adfs and hybrid share point Thorbjørn Værp
 
SharePoint Saturday The Conference DC - Are you who you say you are share poi...
SharePoint Saturday The Conference DC - Are you who you say you are share poi...SharePoint Saturday The Conference DC - Are you who you say you are share poi...
SharePoint Saturday The Conference DC - Are you who you say you are share poi...Liam Cleary [MVP]
 
SharePoint, ADFS and Claims Auth
SharePoint, ADFS and Claims AuthSharePoint, ADFS and Claims Auth
SharePoint, ADFS and Claims AuthKashif Imran
 
Hybrid Identity Management with SharePoint and Office 365 - Antonio Maio
Hybrid Identity Management with SharePoint and Office 365 - Antonio MaioHybrid Identity Management with SharePoint and Office 365 - Antonio Maio
Hybrid Identity Management with SharePoint and Office 365 - Antonio MaioAntonioMaio2
 
SharePoint 2010 Extranets and Authentication: How will SharePoint 2010 connec...
SharePoint 2010 Extranets and Authentication: How will SharePoint 2010 connec...SharePoint 2010 Extranets and Authentication: How will SharePoint 2010 connec...
SharePoint 2010 Extranets and Authentication: How will SharePoint 2010 connec...Brian Culver
 
Cloud Native Journey in Synchrony Financial
Cloud Native Journey in Synchrony FinancialCloud Native Journey in Synchrony Financial
Cloud Native Journey in Synchrony FinancialVMware Tanzu
 
WSO2Con USA 2017: Identity and Access Management in the Era of Digital Transf...
WSO2Con USA 2017: Identity and Access Management in the Era of Digital Transf...WSO2Con USA 2017: Identity and Access Management in the Era of Digital Transf...
WSO2Con USA 2017: Identity and Access Management in the Era of Digital Transf...WSO2
 
How to deploy SharePoint 2010 to external users?
How to deploy SharePoint 2010 to external users?How to deploy SharePoint 2010 to external users?
How to deploy SharePoint 2010 to external users?rlsoft
 
Deciphering 'Claims-based Identity'
Deciphering 'Claims-based Identity'Deciphering 'Claims-based Identity'
Deciphering 'Claims-based Identity'Oliver Pfaff
 
Auth experience - vol 1.0
Auth experience - vol 1.0Auth experience - vol 1.0
Auth experience - vol 1.0Haggai Philip Zagury
 
Stateless Auth using OAUTH2 & JWT
Stateless Auth using OAUTH2 & JWTStateless Auth using OAUTH2 & JWT
Stateless Auth using OAUTH2 & JWTMobiliya
 
Extending SharePoint 2010 to your customers and partners
Extending SharePoint 2010 to your customers and partnersExtending SharePoint 2010 to your customers and partners
Extending SharePoint 2010 to your customers and partnersCorey Roth
 
Building Secure Extranets with Claims-Based Authentication #SPEvo13
Building Secure Extranets with Claims-Based Authentication #SPEvo13Building Secure Extranets with Claims-Based Authentication #SPEvo13
Building Secure Extranets with Claims-Based Authentication #SPEvo13Gus Fraser
 
Create a Uniform Login Experience with a Centralized Cloud Authentication Sys...
Create a Uniform Login Experience with a Centralized Cloud Authentication Sys...Create a Uniform Login Experience with a Centralized Cloud Authentication Sys...
Create a Uniform Login Experience with a Centralized Cloud Authentication Sys...Xamarin
 
A Developer's Introduction to Azure Active Directory B2C
A Developer's Introduction to Azure Active Directory B2CA Developer's Introduction to Azure Active Directory B2C
A Developer's Introduction to Azure Active Directory B2CJohn Garland
 
AD FS Workshop | Part 2 | Deep Dive
AD FS Workshop | Part 2 | Deep DiveAD FS Workshop | Part 2 | Deep Dive
AD FS Workshop | Part 2 | Deep DiveGranikos GmbH & Co. KG
 
The Who, What, Why and How of Active Directory Federation Services (AD FS)
The Who, What, Why and How of Active Directory Federation Services (AD FS)The Who, What, Why and How of Active Directory Federation Services (AD FS)
The Who, What, Why and How of Active Directory Federation Services (AD FS)Jay Simcox
 
Authentication through Claims-Based Authentication
Authentication through Claims-Based AuthenticationAuthentication through Claims-Based Authentication
Authentication through Claims-Based Authenticationijtsrd
 
Presentation
PresentationPresentation
PresentationLaxman Kumar
 
SharePoint Saturday Ottawa - How secure is my data in office 365?
SharePoint Saturday Ottawa - How secure is my data in office 365?SharePoint Saturday Ottawa - How secure is my data in office 365?
SharePoint Saturday Ottawa - How secure is my data in office 365?AntonioMaio2
 
Exam 70-489 Developing Microsoft SharePoint Server 2013 Advanced Solutions Le...
Exam 70-489 Developing Microsoft SharePoint Server 2013 Advanced Solutions Le...Exam 70-489 Developing Microsoft SharePoint Server 2013 Advanced Solutions Le...
Exam 70-489 Developing Microsoft SharePoint Server 2013 Advanced Solutions Le...Mahmoud Hamed Mahmoud
 

Contenu connexe

Tendances

Leveraging SharePoint for Extranets
Leveraging SharePoint for ExtranetsLeveraging SharePoint for Extranets
Leveraging SharePoint for ExtranetsAvtex
 
T28 implementing adfs and hybrid share point
T28 implementing adfs and hybrid share point T28 implementing adfs and hybrid share point
T28 implementing adfs and hybrid share point Thorbjørn Værp
 
SharePoint Saturday The Conference DC - Are you who you say you are share poi...
SharePoint Saturday The Conference DC - Are you who you say you are share poi...SharePoint Saturday The Conference DC - Are you who you say you are share poi...
SharePoint Saturday The Conference DC - Are you who you say you are share poi...Liam Cleary [MVP]
 
SharePoint, ADFS and Claims Auth
SharePoint, ADFS and Claims AuthSharePoint, ADFS and Claims Auth
SharePoint, ADFS and Claims AuthKashif Imran
 
Hybrid Identity Management with SharePoint and Office 365 - Antonio Maio
Hybrid Identity Management with SharePoint and Office 365 - Antonio MaioHybrid Identity Management with SharePoint and Office 365 - Antonio Maio
Hybrid Identity Management with SharePoint and Office 365 - Antonio MaioAntonioMaio2
 
SharePoint 2010 Extranets and Authentication: How will SharePoint 2010 connec...
SharePoint 2010 Extranets and Authentication: How will SharePoint 2010 connec...SharePoint 2010 Extranets and Authentication: How will SharePoint 2010 connec...
SharePoint 2010 Extranets and Authentication: How will SharePoint 2010 connec...Brian Culver
 
Cloud Native Journey in Synchrony Financial
Cloud Native Journey in Synchrony FinancialCloud Native Journey in Synchrony Financial
Cloud Native Journey in Synchrony FinancialVMware Tanzu
 
WSO2Con USA 2017: Identity and Access Management in the Era of Digital Transf...
WSO2Con USA 2017: Identity and Access Management in the Era of Digital Transf...WSO2Con USA 2017: Identity and Access Management in the Era of Digital Transf...
WSO2Con USA 2017: Identity and Access Management in the Era of Digital Transf...WSO2
 
How to deploy SharePoint 2010 to external users?
How to deploy SharePoint 2010 to external users?How to deploy SharePoint 2010 to external users?
How to deploy SharePoint 2010 to external users?rlsoft
 
Deciphering 'Claims-based Identity'
Deciphering 'Claims-based Identity'Deciphering 'Claims-based Identity'
Deciphering 'Claims-based Identity'Oliver Pfaff
 
Stateless Auth using OAUTH2 & JWT
Stateless Auth using OAUTH2 & JWTStateless Auth using OAUTH2 & JWT
Stateless Auth using OAUTH2 & JWTMobiliya
 
Extending SharePoint 2010 to your customers and partners
Extending SharePoint 2010 to your customers and partnersExtending SharePoint 2010 to your customers and partners
Extending SharePoint 2010 to your customers and partnersCorey Roth
 
Building Secure Extranets with Claims-Based Authentication #SPEvo13
Building Secure Extranets with Claims-Based Authentication #SPEvo13Building Secure Extranets with Claims-Based Authentication #SPEvo13
Building Secure Extranets with Claims-Based Authentication #SPEvo13Gus Fraser
 
Create a Uniform Login Experience with a Centralized Cloud Authentication Sys...
Create a Uniform Login Experience with a Centralized Cloud Authentication Sys...Create a Uniform Login Experience with a Centralized Cloud Authentication Sys...
Create a Uniform Login Experience with a Centralized Cloud Authentication Sys...Xamarin
 
A Developer's Introduction to Azure Active Directory B2C
A Developer's Introduction to Azure Active Directory B2CA Developer's Introduction to Azure Active Directory B2C
A Developer's Introduction to Azure Active Directory B2CJohn Garland
 
The Who, What, Why and How of Active Directory Federation Services (AD FS)
The Who, What, Why and How of Active Directory Federation Services (AD FS)The Who, What, Why and How of Active Directory Federation Services (AD FS)
The Who, What, Why and How of Active Directory Federation Services (AD FS)Jay Simcox
 
Authentication through Claims-Based Authentication
Authentication through Claims-Based AuthenticationAuthentication through Claims-Based Authentication
Authentication through Claims-Based Authenticationijtsrd
 

Tendances (20)

Leveraging SharePoint for Extranets
Leveraging SharePoint for ExtranetsLeveraging SharePoint for Extranets
Leveraging SharePoint for Extranets
 
T28 implementing adfs and hybrid share point
T28 implementing adfs and hybrid share point T28 implementing adfs and hybrid share point
T28 implementing adfs and hybrid share point
 
SharePoint Saturday The Conference DC - Are you who you say you are share poi...
SharePoint Saturday The Conference DC - Are you who you say you are share poi...SharePoint Saturday The Conference DC - Are you who you say you are share poi...
SharePoint Saturday The Conference DC - Are you who you say you are share poi...
 
SharePoint, ADFS and Claims Auth
SharePoint, ADFS and Claims AuthSharePoint, ADFS and Claims Auth
SharePoint, ADFS and Claims Auth
 
Hybrid Identity Management with SharePoint and Office 365 - Antonio Maio
Hybrid Identity Management with SharePoint and Office 365 - Antonio MaioHybrid Identity Management with SharePoint and Office 365 - Antonio Maio
Hybrid Identity Management with SharePoint and Office 365 - Antonio Maio
 
SharePoint 2010 Extranets and Authentication: How will SharePoint 2010 connec...
SharePoint 2010 Extranets and Authentication: How will SharePoint 2010 connec...SharePoint 2010 Extranets and Authentication: How will SharePoint 2010 connec...
SharePoint 2010 Extranets and Authentication: How will SharePoint 2010 connec...
 
Cloud Native Journey in Synchrony Financial
Cloud Native Journey in Synchrony FinancialCloud Native Journey in Synchrony Financial
Cloud Native Journey in Synchrony Financial
 
WSO2Con USA 2017: Identity and Access Management in the Era of Digital Transf...
WSO2Con USA 2017: Identity and Access Management in the Era of Digital Transf...WSO2Con USA 2017: Identity and Access Management in the Era of Digital Transf...
WSO2Con USA 2017: Identity and Access Management in the Era of Digital Transf...
 
How to deploy SharePoint 2010 to external users?
How to deploy SharePoint 2010 to external users?How to deploy SharePoint 2010 to external users?
How to deploy SharePoint 2010 to external users?
 
Deciphering 'Claims-based Identity'
Deciphering 'Claims-based Identity'Deciphering 'Claims-based Identity'
Deciphering 'Claims-based Identity'
 
Auth experience - vol 1.0
Auth experience - vol 1.0Auth experience - vol 1.0
Auth experience - vol 1.0
 
Stateless Auth using OAUTH2 & JWT
Stateless Auth using OAUTH2 & JWTStateless Auth using OAUTH2 & JWT
Stateless Auth using OAUTH2 & JWT
 
Extending SharePoint 2010 to your customers and partners
Extending SharePoint 2010 to your customers and partnersExtending SharePoint 2010 to your customers and partners
Extending SharePoint 2010 to your customers and partners
 
Building Secure Extranets with Claims-Based Authentication #SPEvo13
Building Secure Extranets with Claims-Based Authentication #SPEvo13Building Secure Extranets with Claims-Based Authentication #SPEvo13
Building Secure Extranets with Claims-Based Authentication #SPEvo13
 
Create a Uniform Login Experience with a Centralized Cloud Authentication Sys...
Create a Uniform Login Experience with a Centralized Cloud Authentication Sys...Create a Uniform Login Experience with a Centralized Cloud Authentication Sys...
Create a Uniform Login Experience with a Centralized Cloud Authentication Sys...
 
A Developer's Introduction to Azure Active Directory B2C
A Developer's Introduction to Azure Active Directory B2CA Developer's Introduction to Azure Active Directory B2C
A Developer's Introduction to Azure Active Directory B2C
 
AD FS Workshop | Part 2 | Deep Dive
AD FS Workshop | Part 2 | Deep DiveAD FS Workshop | Part 2 | Deep Dive
AD FS Workshop | Part 2 | Deep Dive
 
The Who, What, Why and How of Active Directory Federation Services (AD FS)
The Who, What, Why and How of Active Directory Federation Services (AD FS)The Who, What, Why and How of Active Directory Federation Services (AD FS)
The Who, What, Why and How of Active Directory Federation Services (AD FS)
 
Authentication through Claims-Based Authentication
Authentication through Claims-Based AuthenticationAuthentication through Claims-Based Authentication
Authentication through Claims-Based Authentication
 
Presentation
PresentationPresentation
Presentation
 

En vedette

SharePoint Saturday Ottawa - How secure is my data in office 365?
SharePoint Saturday Ottawa - How secure is my data in office 365?SharePoint Saturday Ottawa - How secure is my data in office 365?
SharePoint Saturday Ottawa - How secure is my data in office 365?AntonioMaio2
 
Exam 70-489 Developing Microsoft SharePoint Server 2013 Advanced Solutions Le...
Exam 70-489 Developing Microsoft SharePoint Server 2013 Advanced Solutions Le...Exam 70-489 Developing Microsoft SharePoint Server 2013 Advanced Solutions Le...
Exam 70-489 Developing Microsoft SharePoint Server 2013 Advanced Solutions Le...Mahmoud Hamed Mahmoud
 
Exam 70-488 Developing Microsoft SharePoint Server 2013 Core Solutions Learni...
Exam 70-488 Developing Microsoft SharePoint Server 2013 Core Solutions Learni...Exam 70-488 Developing Microsoft SharePoint Server 2013 Core Solutions Learni...
Exam 70-488 Developing Microsoft SharePoint Server 2013 Core Solutions Learni...Mahmoud Hamed Mahmoud
 
Exam Cram for 70-488: Developing Microsoft SharePoint Server 2013 Core Solutions
Exam Cram for 70-488: Developing Microsoft SharePoint Server 2013 Core SolutionsExam Cram for 70-488: Developing Microsoft SharePoint Server 2013 Core Solutions
Exam Cram for 70-488: Developing Microsoft SharePoint Server 2013 Core SolutionsBecky Bertram
 
Henkel: IP Modularity
Henkel: IP ModularityHenkel: IP Modularity
Henkel: IP ModularityAlberto Minin
 
3 q13 arezzo_apresentacao_call eng
3 q13 arezzo_apresentacao_call eng3 q13 arezzo_apresentacao_call eng
3 q13 arezzo_apresentacao_call engArezzori
 
DHS Class of '73 Flashback
DHS Class of '73 FlashbackDHS Class of '73 Flashback
DHS Class of '73 FlashbackRick Mills
 
Information Technology and Firm Profitability - Team Topaz
Information Technology and Firm Profitability - Team Topaz Information Technology and Firm Profitability - Team Topaz
Information Technology and Firm Profitability - Team TopazTim Enalls
 
Institutional presentation v_final
Institutional presentation v_finalInstitutional presentation v_final
Institutional presentation v_finalArezzori
 
Lahden ketteryys ja kilpailukyky
Lahden ketteryys ja kilpailukykyLahden ketteryys ja kilpailukyky
Lahden ketteryys ja kilpailukykyTimoAro
 
GRRT Field Trip Slideshow
GRRT Field Trip SlideshowGRRT Field Trip Slideshow
GRRT Field Trip SlideshowUChicagoPGE
 
People & management
People & managementPeople & management
People & managementArezzori
 
'Between the Sheets' - The NAKED TRUTH about sex...
'Between the Sheets' - The NAKED TRUTH about sex...'Between the Sheets' - The NAKED TRUTH about sex...
'Between the Sheets' - The NAKED TRUTH about sex...onechurch
 
11 10-2011 - 3 q11 conference call presentation
11 10-2011 - 3 q11 conference call presentation11 10-2011 - 3 q11 conference call presentation
11 10-2011 - 3 q11 conference call presentationArezzori
 
เรื่อง ทรัพย์สินทางปัญญา
เรื่อง ทรัพย์สินทางปัญญาเรื่อง ทรัพย์สินทางปัญญา
เรื่อง ทรัพย์สินทางปัญญาFUEANG Far
 

En vedette (18)

SharePoint Saturday Ottawa - How secure is my data in office 365?
SharePoint Saturday Ottawa - How secure is my data in office 365?SharePoint Saturday Ottawa - How secure is my data in office 365?
SharePoint Saturday Ottawa - How secure is my data in office 365?
 
Exam 70-489 Developing Microsoft SharePoint Server 2013 Advanced Solutions Le...
Exam 70-489 Developing Microsoft SharePoint Server 2013 Advanced Solutions Le...Exam 70-489 Developing Microsoft SharePoint Server 2013 Advanced Solutions Le...
Exam 70-489 Developing Microsoft SharePoint Server 2013 Advanced Solutions Le...
 
Exam 70-488 Developing Microsoft SharePoint Server 2013 Core Solutions Learni...
Exam 70-488 Developing Microsoft SharePoint Server 2013 Core Solutions Learni...Exam 70-488 Developing Microsoft SharePoint Server 2013 Core Solutions Learni...
Exam 70-488 Developing Microsoft SharePoint Server 2013 Core Solutions Learni...
 
Exam Cram for 70-488: Developing Microsoft SharePoint Server 2013 Core Solutions
Exam Cram for 70-488: Developing Microsoft SharePoint Server 2013 Core SolutionsExam Cram for 70-488: Developing Microsoft SharePoint Server 2013 Core Solutions
Exam Cram for 70-488: Developing Microsoft SharePoint Server 2013 Core Solutions
 
Henkel: IP Modularity
Henkel: IP ModularityHenkel: IP Modularity
Henkel: IP Modularity
 
Chapter 01 csc
Chapter 01 cscChapter 01 csc
Chapter 01 csc
 
3 q13 arezzo_apresentacao_call eng
3 q13 arezzo_apresentacao_call eng3 q13 arezzo_apresentacao_call eng
3 q13 arezzo_apresentacao_call eng
 
DHS Class of '73 Flashback
DHS Class of '73 FlashbackDHS Class of '73 Flashback
DHS Class of '73 Flashback
 
About medical writing
About medical writingAbout medical writing
About medical writing
 
Information Technology and Firm Profitability - Team Topaz
Information Technology and Firm Profitability - Team Topaz Information Technology and Firm Profitability - Team Topaz
Information Technology and Firm Profitability - Team Topaz
 
Institutional presentation v_final
Institutional presentation v_finalInstitutional presentation v_final
Institutional presentation v_final
 
Lahden ketteryys ja kilpailukyky
Lahden ketteryys ja kilpailukykyLahden ketteryys ja kilpailukyky
Lahden ketteryys ja kilpailukyky
 
GRRT Field Trip Slideshow
GRRT Field Trip SlideshowGRRT Field Trip Slideshow
GRRT Field Trip Slideshow
 
People & management
People & managementPeople & management
People & management
 
'Between the Sheets' - The NAKED TRUTH about sex...
'Between the Sheets' - The NAKED TRUTH about sex...'Between the Sheets' - The NAKED TRUTH about sex...
'Between the Sheets' - The NAKED TRUTH about sex...
 
Kids bean bags
Kids bean bagsKids bean bags
Kids bean bags
 
11 10-2011 - 3 q11 conference call presentation
11 10-2011 - 3 q11 conference call presentation11 10-2011 - 3 q11 conference call presentation
11 10-2011 - 3 q11 conference call presentation
 
เรื่อง ทรัพย์สินทางปัญญา
เรื่อง ทรัพย์สินทางปัญญาเรื่อง ทรัพย์สินทางปัญญา
เรื่อง ทรัพย์สินทางปัญญา
 

Similaire à How Claims is Changing the Way We Authenticate and Authorize in SharePoint

Best Practices for Security and Governance in SharePoint 2013
Best Practices for Security and Governance in SharePoint 2013 Best Practices for Security and Governance in SharePoint 2013
Best Practices for Security and Governance in SharePoint 2013 InnoTech
 
Best practices for Security and Governance in SharePoint 2013
Best practices for Security and Governance in SharePoint 2013Best practices for Security and Governance in SharePoint 2013
Best practices for Security and Governance in SharePoint 2013AntonioMaio2
 
Overcoming Security Threats and Vulnerabilities in SharePoint
Overcoming Security Threats and Vulnerabilities in SharePointOvercoming Security Threats and Vulnerabilities in SharePoint
Overcoming Security Threats and Vulnerabilities in SharePointAntonioMaio2
 
Risk Aware IAM for an Insecure World
Risk Aware IAM for an Insecure WorldRisk Aware IAM for an Insecure World
Risk Aware IAM for an Insecure WorldForte Advisory, Inc.
 
Real world SharePoint information governance a case study - published
Real world SharePoint information governance a case study - publishedReal world SharePoint information governance a case study - published
Real world SharePoint information governance a case study - publishedAntonioMaio2
 
Leading Your Team Through a Cloud Transformation - AWS Online Tech Talks
Leading Your Team Through a Cloud Transformation - AWS Online Tech TalksLeading Your Team Through a Cloud Transformation - AWS Online Tech Talks
Leading Your Team Through a Cloud Transformation - AWS Online Tech TalksAmazon Web Services
 
Implementing Collaboration And Social Computing Into The Enterprise Microsoft
Implementing Collaboration And Social Computing Into The Enterprise MicrosoftImplementing Collaboration And Social Computing Into The Enterprise Microsoft
Implementing Collaboration And Social Computing Into The Enterprise MicrosoftScott Carruth
 
A Practical Guide Information Governance with Microsoft SharePoint 2013
A Practical Guide Information Governance with Microsoft SharePoint 2013A Practical Guide Information Governance with Microsoft SharePoint 2013
A Practical Guide Information Governance with Microsoft SharePoint 2013AntonioMaio2
 
Identity management challenges when moving share point to the cloud antonio...
Identity management challenges when moving share point to the cloud antonio...Identity management challenges when moving share point to the cloud antonio...
Identity management challenges when moving share point to the cloud antonio...AntonioMaio2
 
Social Sign-On with Authentication Providers Webinar
Social Sign-On with Authentication Providers WebinarSocial Sign-On with Authentication Providers Webinar
Social Sign-On with Authentication Providers WebinarSalesforce Developers
 
IdentityNorth Montreal - Furture Proof your Digital Identity strategy
IdentityNorth Montreal - Furture Proof your Digital Identity strategyIdentityNorth Montreal - Furture Proof your Digital Identity strategy
IdentityNorth Montreal - Furture Proof your Digital Identity strategyJean-François LOMBARDO
 
Leading Your Team Through a Cloud Transformation - Virtual Transformation Day...
Leading Your Team Through a Cloud Transformation - Virtual Transformation Day...Leading Your Team Through a Cloud Transformation - Virtual Transformation Day...
Leading Your Team Through a Cloud Transformation - Virtual Transformation Day...Amazon Web Services
 
Vendors, and Risk, and Tigers, and Bears, Oh My: How to Create a Vendor Revie...
Vendors, and Risk, and Tigers, and Bears, Oh My: How to Create a Vendor Revie...Vendors, and Risk, and Tigers, and Bears, Oh My: How to Create a Vendor Revie...
Vendors, and Risk, and Tigers, and Bears, Oh My: How to Create a Vendor Revie...Wendy Knox Everette
 
GDPR is coming in Hot. Top Burning Questions Answered to Help You Keep Your C...
GDPR is coming in Hot. Top Burning Questions Answered to Help You Keep Your C...GDPR is coming in Hot. Top Burning Questions Answered to Help You Keep Your C...
GDPR is coming in Hot. Top Burning Questions Answered to Help You Keep Your C...ForgeRock
 
Introduction to the Salesforce Security Model
Introduction to the Salesforce Security ModelIntroduction to the Salesforce Security Model
Introduction to the Salesforce Security ModelSalesforce Developers
 
Oauth and SharePoint 2013 Provider Hosted apps
Oauth and SharePoint 2013 Provider Hosted appsOauth and SharePoint 2013 Provider Hosted apps
Oauth and SharePoint 2013 Provider Hosted appsJames Tramel
 
IDM in telecom industry
IDM in telecom industryIDM in telecom industry
IDM in telecom industryAjit Dadresa
 

Similaire à How Claims is Changing the Way We Authenticate and Authorize in SharePoint (20)

Best Practices for Security and Governance in SharePoint 2013
Best Practices for Security and Governance in SharePoint 2013 Best Practices for Security and Governance in SharePoint 2013
Best Practices for Security and Governance in SharePoint 2013
 
Best practices for Security and Governance in SharePoint 2013
Best practices for Security and Governance in SharePoint 2013Best practices for Security and Governance in SharePoint 2013
Best practices for Security and Governance in SharePoint 2013
 
Overcoming Security Threats and Vulnerabilities in SharePoint
Overcoming Security Threats and Vulnerabilities in SharePointOvercoming Security Threats and Vulnerabilities in SharePoint
Overcoming Security Threats and Vulnerabilities in SharePoint
 
Risk Aware IAM for an Insecure World
Risk Aware IAM for an Insecure WorldRisk Aware IAM for an Insecure World
Risk Aware IAM for an Insecure World
 
Real world SharePoint information governance a case study - published
Real world SharePoint information governance a case study - publishedReal world SharePoint information governance a case study - published
Real world SharePoint information governance a case study - published
 
Leading Your Team Through a Cloud Transformation - AWS Online Tech Talks
Leading Your Team Through a Cloud Transformation - AWS Online Tech TalksLeading Your Team Through a Cloud Transformation - AWS Online Tech Talks
Leading Your Team Through a Cloud Transformation - AWS Online Tech Talks
 
Implementing Collaboration And Social Computing Into The Enterprise Microsoft
Implementing Collaboration And Social Computing Into The Enterprise MicrosoftImplementing Collaboration And Social Computing Into The Enterprise Microsoft
Implementing Collaboration And Social Computing Into The Enterprise Microsoft
 
A Practical Guide Information Governance with Microsoft SharePoint 2013
A Practical Guide Information Governance with Microsoft SharePoint 2013A Practical Guide Information Governance with Microsoft SharePoint 2013
A Practical Guide Information Governance with Microsoft SharePoint 2013
 
Identity management challenges when moving share point to the cloud antonio...
Identity management challenges when moving share point to the cloud antonio...Identity management challenges when moving share point to the cloud antonio...
Identity management challenges when moving share point to the cloud antonio...
 
Social Sign-On with Authentication Providers Webinar
Social Sign-On with Authentication Providers WebinarSocial Sign-On with Authentication Providers Webinar
Social Sign-On with Authentication Providers Webinar
 
Social Sign-On with Authentication Providers
Social Sign-On with Authentication ProvidersSocial Sign-On with Authentication Providers
Social Sign-On with Authentication Providers
 
IdentityNorth Montreal - Furture Proof your Digital Identity strategy
IdentityNorth Montreal - Furture Proof your Digital Identity strategyIdentityNorth Montreal - Furture Proof your Digital Identity strategy
IdentityNorth Montreal - Furture Proof your Digital Identity strategy
 
.NET MAUI + Azure AD B2C
.NET MAUI + Azure AD B2C.NET MAUI + Azure AD B2C
.NET MAUI + Azure AD B2C
 
Leading Your Team Through a Cloud Transformation - Virtual Transformation Day...
Leading Your Team Through a Cloud Transformation - Virtual Transformation Day...Leading Your Team Through a Cloud Transformation - Virtual Transformation Day...
Leading Your Team Through a Cloud Transformation - Virtual Transformation Day...
 
Vendors, and Risk, and Tigers, and Bears, Oh My: How to Create a Vendor Revie...
Vendors, and Risk, and Tigers, and Bears, Oh My: How to Create a Vendor Revie...Vendors, and Risk, and Tigers, and Bears, Oh My: How to Create a Vendor Revie...
Vendors, and Risk, and Tigers, and Bears, Oh My: How to Create a Vendor Revie...
 
GDPR is coming in Hot. Top Burning Questions Answered to Help You Keep Your C...
GDPR is coming in Hot. Top Burning Questions Answered to Help You Keep Your C...GDPR is coming in Hot. Top Burning Questions Answered to Help You Keep Your C...
GDPR is coming in Hot. Top Burning Questions Answered to Help You Keep Your C...
 
Introduction to the Salesforce Security Model
Introduction to the Salesforce Security ModelIntroduction to the Salesforce Security Model
Introduction to the Salesforce Security Model
 
Oauth and SharePoint 2013 Provider Hosted apps
Oauth and SharePoint 2013 Provider Hosted appsOauth and SharePoint 2013 Provider Hosted apps
Oauth and SharePoint 2013 Provider Hosted apps
 
Zero trust deck 2020
Zero trust deck 2020Zero trust deck 2020
Zero trust deck 2020
 
IDM in telecom industry
IDM in telecom industryIDM in telecom industry
IDM in telecom industry
 

Plus de AntonioMaio2

Introduction to Microsoft Enterprise Mobility + Security
Introduction to Microsoft Enterprise Mobility + SecurityIntroduction to Microsoft Enterprise Mobility + Security
Introduction to Microsoft Enterprise Mobility + SecurityAntonioMaio2
 
Learn how to protect against and recover from data breaches in Office 365
Learn how to protect against and recover from data breaches in Office 365Learn how to protect against and recover from data breaches in Office 365
Learn how to protect against and recover from data breaches in Office 365AntonioMaio2
 
A beginners guide to administering office 365 with power shell antonio maio
A beginners guide to administering office 365 with power shell antonio maioA beginners guide to administering office 365 with power shell antonio maio
A beginners guide to administering office 365 with power shell antonio maioAntonioMaio2
 
Office 365 Security - MacGyver, Ninja or Swat team
Office 365 Security - MacGyver, Ninja or Swat teamOffice 365 Security - MacGyver, Ninja or Swat team
Office 365 Security - MacGyver, Ninja or Swat teamAntonioMaio2
 
Information security in office 365 a shared responsibility - antonio maio
Information security in office 365 a shared responsibility - antonio maioInformation security in office 365 a shared responsibility - antonio maio
Information security in office 365 a shared responsibility - antonio maioAntonioMaio2
 
Office 365 security new innovations from microsoft ignite - antonio maio
Office 365 security new innovations from microsoft ignite - antonio maioOffice 365 security new innovations from microsoft ignite - antonio maio
Office 365 security new innovations from microsoft ignite - antonio maioAntonioMaio2
 
What’s new in SharePoint 2016!
What’s new in SharePoint 2016!What’s new in SharePoint 2016!
What’s new in SharePoint 2016!AntonioMaio2
 
Data Visualization in SharePoint and Office 365
Data Visualization in SharePoint and Office 365Data Visualization in SharePoint and Office 365
Data Visualization in SharePoint and Office 365AntonioMaio2
 
Best practices for security and governance in share point 2013 published
Best practices for security and governance in share point 2013 publishedBest practices for security and governance in share point 2013 published
Best practices for security and governance in share point 2013 publishedAntonioMaio2
 
Keeping SharePoint Always On
Keeping SharePoint Always OnKeeping SharePoint Always On
Keeping SharePoint Always OnAntonioMaio2
 
SPTechCon Boston 2013 - Introduction to Security in Microsoft Sharepoint 2013...
SPTechCon Boston 2013 - Introduction to Security in Microsoft Sharepoint 2013...SPTechCon Boston 2013 - Introduction to Security in Microsoft Sharepoint 2013...
SPTechCon Boston 2013 - Introduction to Security in Microsoft Sharepoint 2013...AntonioMaio2
 
Best Practices for Security in Microsoft SharePoint 2013
Best Practices for Security in Microsoft SharePoint 2013Best Practices for Security in Microsoft SharePoint 2013
Best Practices for Security in Microsoft SharePoint 2013AntonioMaio2
 
Intro to Develop and Deploy Apps for Microsoft SharePoint and Office 2013
Intro to Develop and Deploy Apps for Microsoft SharePoint and Office 2013Intro to Develop and Deploy Apps for Microsoft SharePoint and Office 2013
Intro to Develop and Deploy Apps for Microsoft SharePoint and Office 2013AntonioMaio2
 
SharePoint Governance: Impacts of Moving to the Cloud
SharePoint Governance: Impacts of Moving to the CloudSharePoint Governance: Impacts of Moving to the Cloud
SharePoint Governance: Impacts of Moving to the CloudAntonioMaio2
 
Share point security 101 sps-ottawa 2012 - antonio maio
Share point security 101 sps-ottawa 2012 - antonio maioShare point security 101 sps-ottawa 2012 - antonio maio
Share point security 101 sps-ottawa 2012 - antonio maioAntonioMaio2
 
Webinar: Take Control of SharePoint Security
Webinar: Take Control of SharePoint SecurityWebinar: Take Control of SharePoint Security
Webinar: Take Control of SharePoint SecurityAntonioMaio2
 

Plus de AntonioMaio2 (16)

Introduction to Microsoft Enterprise Mobility + Security
Introduction to Microsoft Enterprise Mobility + SecurityIntroduction to Microsoft Enterprise Mobility + Security
Introduction to Microsoft Enterprise Mobility + Security
 
Learn how to protect against and recover from data breaches in Office 365
Learn how to protect against and recover from data breaches in Office 365Learn how to protect against and recover from data breaches in Office 365
Learn how to protect against and recover from data breaches in Office 365
 
A beginners guide to administering office 365 with power shell antonio maio
A beginners guide to administering office 365 with power shell antonio maioA beginners guide to administering office 365 with power shell antonio maio
A beginners guide to administering office 365 with power shell antonio maio
 
Office 365 Security - MacGyver, Ninja or Swat team
Office 365 Security - MacGyver, Ninja or Swat teamOffice 365 Security - MacGyver, Ninja or Swat team
Office 365 Security - MacGyver, Ninja or Swat team
 
Information security in office 365 a shared responsibility - antonio maio
Information security in office 365 a shared responsibility - antonio maioInformation security in office 365 a shared responsibility - antonio maio
Information security in office 365 a shared responsibility - antonio maio
 
Office 365 security new innovations from microsoft ignite - antonio maio
Office 365 security new innovations from microsoft ignite - antonio maioOffice 365 security new innovations from microsoft ignite - antonio maio
Office 365 security new innovations from microsoft ignite - antonio maio
 
What’s new in SharePoint 2016!
What’s new in SharePoint 2016!What’s new in SharePoint 2016!
What’s new in SharePoint 2016!
 
Data Visualization in SharePoint and Office 365
Data Visualization in SharePoint and Office 365Data Visualization in SharePoint and Office 365
Data Visualization in SharePoint and Office 365
 
Best practices for security and governance in share point 2013 published
Best practices for security and governance in share point 2013 publishedBest practices for security and governance in share point 2013 published
Best practices for security and governance in share point 2013 published
 
Keeping SharePoint Always On
Keeping SharePoint Always OnKeeping SharePoint Always On
Keeping SharePoint Always On
 
SPTechCon Boston 2013 - Introduction to Security in Microsoft Sharepoint 2013...
SPTechCon Boston 2013 - Introduction to Security in Microsoft Sharepoint 2013...SPTechCon Boston 2013 - Introduction to Security in Microsoft Sharepoint 2013...
SPTechCon Boston 2013 - Introduction to Security in Microsoft Sharepoint 2013...
 
Best Practices for Security in Microsoft SharePoint 2013
Best Practices for Security in Microsoft SharePoint 2013Best Practices for Security in Microsoft SharePoint 2013
Best Practices for Security in Microsoft SharePoint 2013
 
Intro to Develop and Deploy Apps for Microsoft SharePoint and Office 2013
Intro to Develop and Deploy Apps for Microsoft SharePoint and Office 2013Intro to Develop and Deploy Apps for Microsoft SharePoint and Office 2013
Intro to Develop and Deploy Apps for Microsoft SharePoint and Office 2013
 
SharePoint Governance: Impacts of Moving to the Cloud
SharePoint Governance: Impacts of Moving to the CloudSharePoint Governance: Impacts of Moving to the Cloud
SharePoint Governance: Impacts of Moving to the Cloud
 
Share point security 101 sps-ottawa 2012 - antonio maio
Share point security 101 sps-ottawa 2012 - antonio maioShare point security 101 sps-ottawa 2012 - antonio maio
Share point security 101 sps-ottawa 2012 - antonio maio
 
Webinar: Take Control of SharePoint Security
Webinar: Take Control of SharePoint SecurityWebinar: Take Control of SharePoint Security
Webinar: Take Control of SharePoint Security
 

Dernier

How To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.jsHow To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.jsAndolasoft Inc
 
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...harshavardhanraghave
 
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...gurkirankumar98700
 
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsUnveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsAlberto González Trastoy
 
Salesforce Certified Field Service Consultant
Salesforce Certified Field Service ConsultantSalesforce Certified Field Service Consultant
Salesforce Certified Field Service ConsultantAxelRicardoTrocheRiq
 
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...kellynguyen01
 
TECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providerTECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providermohitmore19
 
5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdfWave PLM
 
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfLearn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfkalichargn70th171
 
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AISyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AIABDERRAOUF MEHENNI
 
HR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comHR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comFatema Valibhai
 
why an Opensea Clone Script might be your perfect match.pdf
why an Opensea Clone Script might be your perfect match.pdfwhy an Opensea Clone Script might be your perfect match.pdf
why an Opensea Clone Script might be your perfect match.pdfjoe51371421
 
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfThe Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfkalichargn70th171
 
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...panagenda
 
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...MyIntelliSource, Inc.
 
A Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxA Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxComplianceQuest1
 

Dernier (20)

How To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.jsHow To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.js
 
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
 
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
 
Microsoft AI Transformation Partner Playbook.pdf
Microsoft AI Transformation Partner Playbook.pdfMicrosoft AI Transformation Partner Playbook.pdf
Microsoft AI Transformation Partner Playbook.pdf
 
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsUnveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
 
Salesforce Certified Field Service Consultant
Salesforce Certified Field Service ConsultantSalesforce Certified Field Service Consultant
Salesforce Certified Field Service Consultant
 
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
 
Exploring iOS App Development: Simplifying the Process
Exploring iOS App Development: Simplifying the ProcessExploring iOS App Development: Simplifying the Process
Exploring iOS App Development: Simplifying the Process
 
Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS LiveVip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
 
TECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providerTECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service provider
 
Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...
Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...
Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...
 
5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf
 
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfLearn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
 
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AISyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
 
HR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comHR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.com
 
why an Opensea Clone Script might be your perfect match.pdf
why an Opensea Clone Script might be your perfect match.pdfwhy an Opensea Clone Script might be your perfect match.pdf
why an Opensea Clone Script might be your perfect match.pdf
 
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfThe Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
 
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
 
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
 
A Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxA Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docx
 

How Claims is Changing the Way We Authenticate and Authorize in SharePoint

  • 1. Antonio Maio Protiviti, Senior SharePoint Architect & Senior Manager Microsoft SharePoint Server MVP How Claims is Changing the Way We Authenticate and Authorize in SharePoint Email: Antonio.maio@protiviti.com Blog: www.trustsharepoint.com Slide share: http://www.slideshare.net/AntonioMaio2 Twitter: @AntonioMaio2
  • 2. © 2014 Protiviti Consulting Private Ltd. An Equal Opportunity Employer. About Protiviti INDIA (3) Protiviti (www.protiviti.com) is a global consulting firm that helps companies solve problems in finance, technology, operations, governance, risk and internal audit. Through our network of more than 70 offices in over 20 countries, we have served more than 35 percent of FORTUNE® 1000 and Global 500 companies. We also work with smaller, growing companies, including those looking to go public, as well as with government agencies. Protiviti is a wholly owned subsidiary of Robert Half International Inc. (NYSE: RHI). Founded in 1948, Robert Half International is a member of the S&P 500 index. • 2,500+ professionals • 1,000+ clients • 70+ offices • Over 20 countries in the Americas, Europe and Asia-Pacific Protiviti is one of the fastest growing consulting firms worldwide. Our revenues have increased from US $15 million in 2002, to US $423.8 million in 2011.
  • 3. © 2014 Protiviti Consulting Private Ltd. An Equal Opportunity Employer. • Introduction to the Concept of Claims – Types of Claims Retrieved – How do I know which ones? • Authentication vs Authorization – Claims Based Authentication – Using Claims for Authorization – Permissions – People Picker • Architecture and Trusted Identity Providers – Enabling Claims Based Authorization with Trusted Identity Providers – Customizing Claims Authentication Process – Augmenting Claims with Custom Claim Providers • Common Customer Needs and Scenarios Agenda
  • 4. © 2014 Protiviti Consulting Private Ltd. An Equal Opportunity Employer. • User attributes • Metadata about a user • AD attributes/LDAP attributes What is a Claim? What’s Missing?
  • 5. © 2014 Protiviti Consulting Private Ltd. An Equal Opportunity Employer. Trust!
  • 6. © 2014 Protiviti Consulting Private Ltd. An Equal Opportunity Employer. What is a Claim? Claims are trusted assertions I make about myself – Identity attributes retrieved from a trusted identity provider – Digitally signed so that I can verify the identity provider – Packaged and signed in a standards-based way (ex. SAML) (SAML = Security Assertion Markup Language) Allow me to take my identity across network boundaries in a trusted and secure way!
  • 7. © 2014 Protiviti Consulting Private Ltd. An Equal Opportunity Employer. • Name Antonio Maio • Email antonio.maio@protiviti.com • Company, Department Protiviti, SharePoint Practice • Security Clearance Secret (Canada) • Military Rank <none> • Employment Status FTE • Over 18 Years Old Yes • Valid Driver’s License Yes • Country of Birth Canada • Citizenship Canadian, Italian • Residence Dallas, Texas, USA Consider, why do you trust them? Claims About Me
  • 8. © 2014 Protiviti Consulting Private Ltd. An Equal Opportunity Employer. Authentication The process of determining that someone is who they say they are • Typically done today through username/password SharePoint 2013 – Claims Based Authentication is the default Auth’n method • New Web Applications are Claims Enabled • Classic Mode authentication has been deprecated - Only thru PowerShell How do Claims all us to go beyond classic authentication?  Single Sign-On across systems in different domains  Federate between SharePoint On Premise and O365  Verify additional info about a user during the authentication process  Required for new SharePoint 2013 features like Server-server Auth, App Authentication
  • 9. © 2014 Protiviti Consulting Private Ltd. An Equal Opportunity Employer. Configuring Claims Based Authentication • Central Admin > Manage Web Applications > New Web Application • By default claims enabled • SSL is required for most scenarios • Trusted identity providers • Server to Server Authentication • App Authentication • Select your Authentication Protocol • Windows Auth: NTLM or Kerberos • Forms Based • Trusted Identity Provider (SAML) or some combination…
  • 10. © 2014 Protiviti Consulting Private Ltd. An Equal Opportunity Employer. Configuring Claims Based Authentication PowerShell • Ensure you have the correct permissions (securityadmin and dbowner on DB, part of administrators group on server) • Sample: $ap = New-SPAuthenticationProvider New-SPWebApplication -Name "Contoso Internet Site" -Port 443 -HostHeader sharepoint.contoso.com - URL "https://www.contoso.com" -ApplicationPool "ContosoAppPool" -ApplicationPoolAccount (Get- SPManagedAccount "DOMAINjdoe") -AuthenticationProvider $ap -SecureSocketsLayer New-SPWebApplication -Name <Name> -ApplicationPool <ApplicationPool> -ApplicationPoolAccount <ApplicationPoolAccount> -URL <URL> -Port <Port> -AuthenticationProvider $ap Where: <Name> is the name of the new web application that uses claims-based authentication. <ApplicationPool> is the name of the application pool. <ApplicationPoolAccount> is the user account that this application pool will run as. <URL> is the public URL for this web application. <Port> is the port on which the web application will be created in IIS.
  • 11. © 2014 Protiviti Consulting Private Ltd. An Equal Opportunity Employer. Types of Claims Retrieved • Standard Claims – Only claims retrieved when using NTLM/Kerberos – Only claims supported through Office 365/SharePoint Online • Custom Claims – Trusted Identity Provider required: ADFS, Ping Federate, Thinktecture, etc. Name identifier Primary SID Primary Group SID UPN User Logon Name User ID Name Identity Provider Name Issuer Is Authenticated Farm ID Role Group SID
  • 12. © 2014 Protiviti Consulting Private Ltd. An Equal Opportunity Employer. How do I know which claims were retrieved? • Use the SharePoint Claims Web Part developed by Steve Peschka Download and Configuration instructions available here: http://www.trustsharepoint.com/2013/04/how-do-i-know-which-claims-were.html
  • 13. © 2014 Protiviti Consulting Private Ltd. An Equal Opportunity Employer. Authorization Determining what resources users are permitted to access and what actions they’re permitted to perform • Typically through permissions in SharePoint • How do claims allow us to go beyond simple Permissions?  Be specific to the user  Be done without knowing who the user is  Be dynamic – ex. changes in a user’s security clearance are reflected  Include environmental attributes (current time, GEO location, connection type, etc.)  Be an alternative to security groups – Groups do not scale  Example: user must be part of GroupA and GroupB and GroupC to access a resources
  • 14. © 2014 Protiviti Consulting Private Ltd. An Equal Opportunity Employer. Simple Permission Examples Users and Groups • Finance AD Group has Full Control on Library A • ProjectXContractor SP Group has Read access on site B • Antonio.Maio AD user has Contribute access on Document C Principle (user or group) Permission Level (collection of permissions) Information Object (item or container)
  • 15. © 2014 Protiviti Consulting Private Ltd. An Equal Opportunity Employer. Permission Examples: Claims • Remember: Claims are trusted attributes about a user • May assign a Claim as part of a permission to an object or container (just like a user or group) • ‘SecurityClearance=Secret’ has Full Control access on Document X • ‘ITARCleared=True’ has Read access on Library Y • ‘EmploymentStatus=FTE’ has Contribute access on Site Z Principle (a claim in this case) Permission Level (collection of permissions) Information Object (item or container)
  • 16. © 2014 Protiviti Consulting Private Ltd. An Equal Opportunity Employer. People Picker 1. Type the value of the claim in the Find field (Top Secret in our example) Note: people picker cannot resolve values. Typos will appear here as if they are valid values. It will display multiple valid selections for your value, one for each claim type available. 2. Next, you select the attribute type in the All Search Results list on the left side – in our case we select Clearance. 3. The list on the right side will then reduce the view to one selection for the attribute type selected. Select that attribute type in the right list now. 4. Click the Add button, and then click OK
  • 17. © 2014 Protiviti Consulting Private Ltd. An Equal Opportunity Employer. People Picker and Assigning Permission • Once the claim is selected it can be assigned as a permission with a permission level to some securable object
  • 18. © 2014 Protiviti Consulting Private Ltd. An Equal Opportunity Employer. Enabling Claims Based Authorization  Planning Required  Driven by a need to secure information at more granular level  Standard Claims Typically are Not Sufficient  Determining policies, claims, getting stakeholders to agree, etc.  Which trusted identity provider? Which attribute store?  Infrastructure Required  Storing, managing, retrieving, transforming, trusting claims  Configuration Required  Deploying Identity Provider, Connecting it to SharePoint, Configuring Trust, Sign-in, Claims Rules
  • 19. © 2014 Protiviti Consulting Private Ltd. An Equal Opportunity Employer. Enabling Claims Based Authorization  High Level Steps 1. Create the SharePoint 2013 Web Application 2. Install and Configure an STS Server (Secure Token Server) • Ex. Deploy ADFS, Domain Joined Server (possibly a farm) 3. Configure STS with the SharePoint web application as a Relying Party • Configuration within ADFS 4. Configure SharePoint 2013 to trust STS as an Identity Provider • Import ADFS Token Signing Certificate into IIS on SharePoint • Use PowerShell to configure ADFS as Trusted Provider 5. Configure SharePoint Web Application to use Claims Based Authentication and STS as the Trusted Identity Provider • Within Central Admin
  • 20. © 2014 Protiviti Consulting Private Ltd. An Equal Opportunity Employer. Relying Party (RP) Trusted Identity Provider (IP) SharePoint 2013 Client System Ex. web browser Secure Token Server (STS) EX. Active Directory Federation Services (ADFS) Identity Store, Attribute Store, (AD, Database or Directory) 3. Authenticate User, Get info (claims) about user Token with Claims Format: SAML/WS-Fed 4. Authenticated user, attributes retrieved & STS creates token 1. Sign In Page 5. User is authenticated and SharePoint 2010 now has user’s claims & knows it can trust them Claims Based Auth’n/Auth’r Architecture 2. Requests authentication (thru username/password) and a token Browser Redirect
  • 21. © 2014 Protiviti Consulting Private Ltd. An Equal Opportunity Employer. Relying Party (RP) Trusted Identity Provider (IP) SharePoint 2013 Client System Ex. web browser Secure Token Server (STS) EX. Active Directory Federation Services (ADFS) Identity Store, Attribute Store, (AD, Database or Directory) 3. Authenticate User, Get info (claims) about user Token with Claims Format: SAML/WS-Fed 4. Authenticated user, attributes retrieved & STS creates token 1. Sign In Page 5. User is authenticated and SharePoint 2010 now has user’s claims & knows it can trust them Customizing Claims Authentication Process 2. Requests authentication (thru username/password) and a token Browser Redirect Custom Claim Provider Custom Claim Provider … Claim Rule Claim Rule … SQL DB, LDAP, PKI etc… iAttributeStore …
  • 22. © 2014 Protiviti Consulting Private Ltd. An Equal Opportunity Employer. • Select a Standards-based Identity Provider (SAML) – Active Directory Federation Services 2.0 or later • Supports full SAML 1.1 and 2.0 Tokens and Protocol • Supports WS-Federation Tokens and Protocol • SharePoint 2010/2013 use SAML 1.1 tokens and SAML 2.0 protocol • Must authenticate against Active Directory – Ping Federate (Commercial) – Thinktecture (Open Source) Trusted Identity Providers Trusted Identity Provider (IP) Secure Token Server (STS) EX. Active Directory Federation Services (ADFS) Identity Store, Attribute Store, (AD, Database or Directory) 3. Authenticate User, Get info (claims) about user Token with Claims Format: SAML/WS-Fed 4. Authenticated user, attributes retrieved & STS creates token
  • 23. © 2014 Protiviti Consulting Private Ltd. An Equal Opportunity Employer. Augmenting Claims - Custom Claim Providers • Used to Augment User Claims and Customize People Picker • SharePoint farm level feature • Can deploy more than one • Called after user is authenticated …and after Trusted Identity Provider has already returned claims – Built on top of WIF (Windows Identity Framework) – Used to augment claims or transform claims – Used to customize the People Picker (ex. resolving claims through user search)
  • 24. © 2014 Protiviti Consulting Private Ltd. An Equal Opportunity Employer. Custom Claim Provider Deployment • Deployed as a Farm Level Feature Receiver – requires more code – Must inherit from SPClaimProviderFeatureReceiver (lots of examples) • Can deploy multiple claim providers – Called in order of deployment • Once deployed - Available in every web app, in very zone – Can cause performance issues – When user logs in, all Custom Claim Providers deployed get called • Set IsUsedByDefault property in Feature Receiver Def'n to False • Turn it on manually for required web apps
  • 25. © 2014 Protiviti Consulting Private Ltd. An Equal Opportunity Employer. Common Customer Needs • How do I secure access to sensitive information just to certain people and only under certain conditions? – (More) Fine Grained Access Control – Sensitive content sitting beside non-sensitive content • I have compliance requirements about who can access certain types of data and when – How do I enforce that without stopping business?
  • 26. © 2014 Protiviti Consulting Private Ltd. An Equal Opportunity Employer. What Types of Claims are Useful? • Military, Intelligence, Government Defense – Security Clearance, Caveats, Communities of Interest – Need to Know • Commercial – Department, Team or Role – Current Date/Time, Current Device (BYOD) – Group Membership with multiple groups – Partner ID or Business ID (in partner extranet scenarios) • Aerospace/Defense Contracting – Nationality + Current Location • Homeland Security – Agency (law enforcement, emergency response, public health…) – Scope or Level (local, state, federal), Current Threat Level
  • 27. © 2014 Protiviti Consulting Private Ltd. An Equal Opportunity Employer. Intelligence Military Examples Classification Caveats Need to Know Security Clearance Caveats Groups Has All Has All Has Minimum Classification Topics Restrictions Communities Security Clearance Topics Restrictions Communities Has Minimum Has Any Not Have Any Has All
  • 28. © 2014 Protiviti Consulting Private Ltd. An Equal Opportunity Employer. Commercial Example • Claim: Employee Status • Document Metadata: Classification (HBI, MBI, LBI) If employee.status = FTE and document.classification = HBI Then permit access to document If employee.status = Contract and document.classification = HBI Then deny access to document
  • 29. © 2014 Protiviti Consulting Private Ltd. An Equal Opportunity Employer. Government Example • Claim: Client Case Numbers • Document Metadata: Document Case Number If document.case=X AND client.casenumbers includes X Then permit access to document If document.case=X AND client.casenumbers DOES NOT includes X Then deny access to document
  • 30. © 2014 Protiviti Consulting Private Ltd. An Equal Opportunity Employer. Summary • Claims Based Authentication/Authorization still a new topic for many people – Allows us to take our identities across network boundaries in a trusted and secure – Enabling our move to the cloud – required for Identity Federation • Claims Based Authentication is Default in SharePoint 2013 – Classic Mode is Deprecated (Still there in 2013 but will likely go away next version) • Claims are great tool for Enterprise-Grade Authentication and Authorization – Infrastructure and Planning Required to take advantage of it – Leading SharePoint deployments in businesses, government and military to more fine grained authorization
  • 31. © 2014 Protiviti Consulting Private Ltd. An Equal Opportunity Employer. • 7th Annual Conference • 6 SharePoint MVPs presenting • Full-Day Training Workshops pre and post conference • Separate tracks for Business Users, Technical Users & UX Professionals • Government, Association, Nonprofit & Group Discounts Available Get 15% off! Use: PRO15 when registering Learn More & Register at SharePointConference.org Dallas, TX October 20, 2014
  • 32. Antonio Maio Protiviti, Senior SharePoint Architect & Senior Manager Microsoft SharePoint Server MVP Thank You! Email: Antonio.maio@protiviti.com Blog: www.trustsharepoint.com Slide share: http://www.slideshare.net/AntonioMaio2 Twitter: @AntonioMaio2