Are you considering to deploy Microsoft Office 365 cloud productivity suite to provide your users access to familiar Office applications and files from any device anywhere? Some of the advantages of adopting Office 365 include IT cost reduction, scalability, easier administration, automatic updates and patch management.
Once you have decided to get Office 365, it is important to choose carefully from one of the three identity models available with Office 365 – – Cloud Identities, Synced Identities, and Federated Identities. This decision will be based on where you want to manage your user accounts for Office 365 and where you want to control the password policy. You can choose from three types of identities when using Office 365
This diagram explains at a high level the three identity models for Office 365 deployment. (Image Source – http://blogs.technet.com/)
In this blog post, we will discuss the benefits of deploying Federated Identity with Office 365.
Federated identity enables users to use their existing Active Directory corporate credentials to get seamless access to the Office 365 cloud productivity suite. The corporate Active Directory stores and controls the password policy. Users are authenticated via on-premises Active Directory services by establishing a Federation Trust between the on-premises Active Directory and Office 365.
Federated Identity for Office 365 requires setting up Active Directory Federation Services (AD FS), AD FS Proxies, and Directory Synchronization tool.
Benefits of Federated Identity
Single Sign-On
In recent times, deploying SSO has become imperative. With the rise of applications and devices, employees have to create numerous login credentials. It is painful and counterproductive for employees to sign in separately into different applications in the absence of SSO.
IT admins have to spend a lot of time helping employees to resolve the login issues. From an IT administrator’s perspective managing multiple user identities across different applications and controlling who is granted access to which application is burdensome.
With the Federated Identity, single sign-on can be implemented using existing Active Directory credentials. Federated Identity sign-in model facilitates true single sign-on (SSO) allowing users to have the same password for on-premises and cloud applications including Office 365, third-party cloud, and SaaS applications. Once users sign in to their domain-joined computers, connected to the Active Directory domain, they do not need to re-enter their password while connecting to Office 365.
Reduced Security Risks
With Federated Identity, you can keep the authentication process within your on-premises Active Directory, enabling increased security. In this model, you don’t have to synchronize password hashes in the cloud Azure Active Directory. Password policy is stored on-premises, behind your firewall.
In the absence of SSO, employees are often expected to create their login for these cloud applications. Multiple login credentials expose the organization to various risks, including the potential use of easy-to-crack passwords by users. Managing a single set of credentials provide convenience to employees and IT admins and helps in creating a strong, single password.
Increased Organizational Productivity
Employees can experience a decrease in productivity if they have to deal constantly with multiple application logins, re-entering passwords and helpdesk calls for password resets. This is also a potential increase in administrative overhead which can largely offset the benefits of switching to cloud-based applications. Federated SSO can simplify the log in process improving organizational productivity.
Utilize Existing Active Directory Infrastructure
If you already have an Active Directory infrastructure in place, it is a no-brainer to deploy Federated Identity. You have already made the one-time investment in setting up the infrastructure. You do not need to incur a recurring cost every month associated with the Cloud Identity model.
Unified Management Experience
The Federated Identity also helps in managing Office 365 and other third-party cloud application seamlessly by providing a unified experience. Client Access Policy is a part of Federated Identity using Active Directory Federation Services that can limit access to cloud services based on user location, client type, or Exchange endpoint of the client. Federated Identity also provides sign-in audit, and immediate user disable features.
Keen on federated single sign-on (SSO) for Office 365, but not so keen on the administrative overhead of configuring AD FS?
Installation and configuration of AD FS and Directory Synchronization tool is a complex and time-consuming process. It involves a number of steps to get it up and running.AD FS infrastructure should be set up for high availability to prevent unexpected outages that could lead to service failure. Troubleshooting AD FS is also very complex.
To simplify this complex process of deploying AD FS and Directory Synchronization to establish SSO, Celestix offers the Celestix Federated Solution.
Celestix Federated
The Celestix Federated solution simplifies AD FS deployments with reporting and audit capabilities. It is designed to deploy on either existing AD FS servers running Windows Server 2012 R2, or onto new AD FS farm deployments.
If you are considering or evaluating federation services, Celestix Federated Series solution is simple to install and configure. For Office 365 deployments, we provide all the tools and steps in an easy to use wizard that will configure all the necessary components.