PKI Blog

What Should a FIM Lab Environment Look Like?

Posted by CSS Technical Team on Jun 17, 2014 6:55:18 AM

This question always brings about a lively discussion during FIM design sessions, as this topic has many different vantage points.

Read More

Topics: Forefront Identity Manager, IT Security, Microsoft Security Partner, Setting up a FIM Lab, FIM production, FIM, Forefront Identity Manager (FIM), Identity Management, FIM Lab Best Practices, SCCM, Blog, what should a fim lab look like, Active Directory (AD), Active Directory, FIM LAB Design, AD, FIM Lab

Federated Identity Access to Windows Azure Service Bus

Posted by Jake Chang on Nov 13, 2013 4:42:02 AM

Identity Federation is all about trusts. As the diagram shows below, all participants within such identity federation form a cycle of trusts. One can easily extend federated authentication for Windows Azure Service Bus to external user communities with social identity, Windows Azure Active Directory (WAAD) tenant’s cloud identity, or business partner’s identity. It also supports federation protocols such as SAML-P, WS-Fed and OpenID.

Read More

Topics: Federation, Windows Azure Active Directory, SWT token, Cloud, IT Security, Microsoft Security Partner, Identity Federation, security token service (STS), SAML token, Access Control Service, Windows Azure Service Bus, Windows Azure Active Directory (WAAD), identity, Blog, Microsot Azure, Azure, Active Directory, AD, Windows Azure, OpenID, WAAD, SAML-P

Migrating Relying Party Trusts

Posted by Sarah Duncan on Jul 9, 2013 5:29:48 AM

There are times when you might find yourself needing to migrate a relying party (RP) from one AD FS implementation to another. Unfortunately, at the moment there do not seem to be existing tools to do this. So, we offer the following rather quick and dirty approach. There might be better ways, but this gets the job done.

Read More

Topics: Federation, Microsoft Active Directory AD, Active Directory Federation Services, AD FS, Migration, Blog, PowerShell script, Active Directory, Relying Party trusts, PowerShell

FIM Self Service Password Reset: Account Enablement

Posted by Sami Van Vliet on Jun 19, 2013 5:52:51 AM

I recently worked on a project where the client had some users who may not be logging into their accounts for 6 months or more, but their corporate policy was to disable accounts that had been dormant for more than 3 months.

Read More

Topics: Forefront Identity Manager, IT Security, Microsoft Security Partner, FIM, Microsoft Active Directory, Password reset, Forefront Identity Manager (FIM), Identity Management, Microsoft AD, FIM Password reset, Blog, Self-Service Password Reset, Active Directory, AD

File Server Resource Manager and AD RMS

Posted by Sarah Duncan on Jun 3, 2013 8:06:31 AM

You may have heard of the ability back in Windows Server 2008 R2 to use the File Classification Infrastructure (FCI) feature (part of the File Services role) together with the AD RMS Bulk Protection Tool (a command-line tool) to automatically apply rights protections to documents stored on a file server based on things such as key words in the files. That was a nice feature, but a little clunky to use with the command-line AD RMS Bulk Protection Tool. The good news is that the AD RMS integration has now been incorporated into the File Server Resource Manager on Windows Server 2012, eliminating the need for the AD RMS Bulk Protection Tool in this context. The AD RMS Bulk Protection Tool can also be used outside of FCI whenever you need to bulk encrypt or decrypt a batch of files.

Read More

Topics: Active Directory Rights Management Services, IT Security, Microsoft Security Partner, Microsoft Active Directory, Data Protection, FCI, RMS, command line tool, AD RMS Bulk Protection Tool, Blog, Active Directory, File Server Resource Manager, AD, AD RMS, File Classification Infrastructure (FCI)

Authorization Error Enabling AD RMS for Exchange

Posted by Sarah Duncan on May 2, 2013 9:06:08 AM

Recently I encountered an odd authorization error while trying to enable Active Directory Rights Management Services (AD RMS) for an on premise Exchange 2010 server and thought the world might benefit from my experience in resolving the issue.

Read More

Topics: Active Directory Rights Management Services, Microsoft Active Directory AD, IT Security, Microsoft Security Partner, Microsoft Active Directory, Microsoft Exchange, Microsoft, Exchange server, Blog, Active Directory, AD RMS, IT management

“Thinking Different” Making Apps SAML 2.0 Federation-Capable

Posted by CSS Technical Team on Mar 20, 2013 4:54:00 AM

When implementing a federation solution, or replacing an existing legacy solution, let’s consider how “thinking about the problem differently” can improve things.

Read More

Topics: SAML, Federation, Active Directory Federation Services, Application Publishing, Federation Capable, IT Security, Microsoft Security Partner, Applications, AD FS, SAML 2.0, Blog, Active Directory, Apps

Claims-based Authentication and Authorization with ADFS 2.0 and SharePoint 2010

Posted by Jake Chang on Jan 21, 2013 9:02:07 AM

A lot of technical notes and web articles talk about different aspects for claims-based federation between ADFS 2.0 and SharePoint 2010. In this blog, we will primarily focus on claims mapping, setting for authentication and authorization process.

Read More

Topics: Federation, Microsoft ADFS, Active Directory Federation Services, IT Security, Microsoft Security Partner, authentication, ADFS 2.0, SharePoint, Claims-based authentication, Microsoft AD, ADFS, SharePoint 2010, Blog, Microsoft SharePoint, Microsoft SharePoint 2010, Active Directory, PowerShell

FIM: Set Membership Based on Group Membership

Posted by Sami Van Vliet on Jan 8, 2013 5:23:21 AM

Sets and groups are different object types in FIM, but often people would like to have sets based on group membership. We figured out a way to do that with some custom attributes.

Read More

Topics: Microsoft Active Directory AD, IT Security, Microsoft Security Partner, FIM, FIM Sets, FIM Groups, Identity Management, Microsoft AD, Microsoft Forefront Identity Manager, Microsoft FIM, FIM Group Set, Blog, Active Directory, AD

Microsoft Windows Azure Active Directory

Posted by Jake Chang on Oct 30, 2012 7:13:15 AM

Microsoft Windows Azure Active Directory opens opportunities for people and organizations to use applications anywhere based on cloud ubiquitous connectivity and open standard protocols such as OAuth, SAML-P, WS-Federation and REST API paradigm.

Read More

Topics: IT Security, Microsoft Windows Azure Active Directory, Microsoft Security Partner, Microsoft Azure, Identity Management, Microsoft AD, Blog, Active Directory, AD, Windows Azure, SAML-P

Posts by Topic

see all

Want to Learn more about CSS?