ADFS

Redmond Summit 2015

I am looking forward to presenting in an hour or so on “How Identity Management Impacts the bottom line.”

Yesterday I had fun delivering a session on “ADFS vs Password Sync? It depends” This morning Alex Simons of Microsoft revealed a few new things that change some of my advice.

1. Soon Azure AD can do the location restriction by application for SSO. This potentially eliminates a deal breaker for some people
2. You can now run Password Sync and ADFS at the same time.

Both of which make it more likely that you will do Password Sync. The second one makes it more likely that you will run both because Password Sync can be a warm standby for failing over from ADFS.

Continue reading

Implications of Office 365 Password Sync for ADFS (SSO)

Nice recap on the implications of Office 365’s…

@binarybrewery - Jun 4, 2013

Nice recap on the implications of Office 365’s Password Sync and why you may still need ADFS.

Continue reading

Implications of Office 365 Password Sync for ADFS (SSO)

The article on Password Sync for Office 365 is interesting news and clearly states that Federated users can’t have their password’s synced. In the Community Additions many curious users asked their questions treating it as a forum. Well here are my responses:

If you do Password Sync do you still need ADFS or any other SSO tool that works with Office365? 

Password Sync gives you the ability to login to Office365 using the same username and password that you use with your Active Directory. This is usually referred to as Simplified SignOn or Reduced SignOn. 

Continue reading

Insight Cloud SSO Solution and FIM Jumpstart offerings

I wrote an article for the Insight Newsletter about two of our new offerings.

Solving identity and access management for mid-sized business
By David Lundell, Sr. Manager, Identity and Security Practice
User productivity, IT budgets, and security and compliance all suffer from ineffective identity and access management. Insight has two new packages aimed at helping mid-sized businesses confront these challenges in the age of the cloud. Read more.

http://feeds.feedburner.com/IdentityLifecycleManagerilmBestPractices

Continue reading

FIM R2 Showdown -- Classic vs. Declarative

Come join me at The Experts Conference 2012 in San Diego April 29 - May2 where I will be presenting:

FIM R2 Showdown — Classic vs. Declarative
Speaker: David Lundell

Is there room enough for both in this town? FIM 2010 R2 has two ways of accomplishing many tasks: Classic and Declarative. Attend this showdown to learn when to saddle up Classic vs. when to saddle up with Declarative Sync Rules and why. Dissenting opinions politely welcomed — join the controversy! Discussion will take into account performance, ease of implementation and maintainability.

Continue reading

Calling a stored procedure in an ADFS claims rule

After you have setup your SQL Attribute Claims Store in ADFS. If you want to use it and in fact test it you must set up a claims rule that makes use of it. To do this you must create a claim using a custom rule, which allows you to employ the claims rule language.

The following technet entry is a good start as it illustrates how to enter a SQL Query and even a stored procedure.

Continue reading

Troubleshooting SQL Attribute Stores with ADFS

Several others have showed how to define SQL attribute stores with ADFS.

Note that when entering the connection string there is no validation or feedback to the administrator. If there is a problem you usually won’t see it until you setup a claims rule that uses it and you get an error. So make certain to carefully build and test your connection string. Remember that if you use integrated authentication to connect to the SQL Server that it will run under the context of your ADFS Service account so you will need to grant your ADFS service account permissions to the SQL Server and Database.

Continue reading

TEC 2010 Europe – Sweet German Chocolate!

Sounds like a great conference. The Berliners will…

johnkaiser - Nov 2, 2010

Sounds like a great conference. The Berliners will want you back soon with Volume2!

Continue reading

TEC 2010 Europe – Sweet German Chocolate!

Overall TEC 2010 Europe  in Dusseldorf Germany was pretty cool. I enjoyed the speakers reception on Sunday night and got to meet some folks from the SharePoint side some of whom are even interested in FIM and one of them bought my book!

For the first time I was able to bring my wife along to TEC! We enjoyed some good time in Dusseldorf including seeing Schloss (Palace) Benrather.

Monday we started off with a keynote from  Uday Hegde and Mark Wahl on the future of Directory and Identity Technologies. It was mostly an overview and demo of the various MSFT Identity technologies, FIM, RMS, ADFS etc. I did enjoy Mark’s well prepared video demo. He clearly had practiced the timing quite well, explaining as the mouse moved across the screen carrying out his demo.

Continue reading

ADFS v2 Test Report -- Found

Something has happened with the project liberty website and most links to it are now broken, including the link to the test results from last year which includes which profiles ADFS v2 passed. So here it is:

http://projectliberty.org/liberty/content/download/4732/32917/file/SAML_3Q09_%20IOP_Test_Event_Final_Report.pdf

ADFS v2 passed: IDP Lite, SP Lite, eGov 1.5

http://feeds.feedburner.com/IdentityLifecycleManagerilmBestPractices

Continue reading