Category: ADFS

Some of my personal favorites for auditing Microsoft environments

Harri Jaakkonen
Posted by Harri Jaakkonen Posted on 24/03/2022 0 Comments on Some of my personal favorites for auditing Microsoft environments
Posted in AAD Connect, ADFS, AIP, Azure, Azure AD, Azure B2B, Azure Information Protection, Compliance, Conditional access, Data Loss Prevention, Identity, Microsoft 365, Security

Professionals are always finding out ways to report M365 or Azure environments, automating activities or remediating threats. There is insane amount of content available to achieve these goals but I want to list some of my favorites in this post….

Continue Reading Some of my personal favorites for auditing Microsoft environments

Section 3 – Implement an Identity Management Solution – Implement and manage external identities – Azure AD and IdP

Harri Jaakkonen
Posted by Harri Jaakkonen Posted on 04/03/2022 0 Comments on Section 3 – Implement an Identity Management Solution – Implement and manage external identities – Azure AD and IdP
Posted in ADFS, Azure, Azure AD, Azure B2B, Identity, Security

And we reached section 3 on my Study guide, in this section I will cover the following: manage external collaboration settings in Azure Active Directory invite external users (individually or in bulk) manage external user accounts in Azure Active Directory…

Continue Reading Section 3 – Implement an Identity Management Solution – Implement and manage external identities – Azure AD and IdP

Sign-in to Azure AD with email as an alternate login ID (still in Preview)

Harri Jaakkonen
Posted by Harri Jaakkonen Posted on 23/11/2021 0 Comments on Sign-in to Azure AD with email as an alternate login ID (still in Preview)
Posted in AAD Connect, ADFS, Azure

What will work? Only emails in verified domains for the tenant are synchronized to Azure AD. Each Azure AD tenant has one or more verified domains, for which you have proven ownership, and are uniquely bound to you tenant. One…

Continue Reading Sign-in to Azure AD with email as an alternate login ID (still in Preview)

Continuous Access Evaluation and working with tokens

Harri Jaakkonen
Posted by Harri Jaakkonen Posted on 05/10/2021 0 Comments on Continuous Access Evaluation and working with tokens
Posted in ADFS, Azure, Azure AD, Identity, Security

Access, ID, and SAML2 ID tokens are JSON web tokens (JWT). These ID tokens consist of a header, payload, and signature. The header and signature are used to verify the authenticity of the token, while the payload contains the information about…

Continue Reading Continuous Access Evaluation and working with tokens

What’s new with AAD Connect V2 and why to migrate?

Harri Jaakkonen
Posted by Harri Jaakkonen Posted on 25/09/2021 0 Comments on What’s new with AAD Connect V2 and why to migrate?
Posted in AAD Connect, Active Directory, ADFS, Azure, Azure AD, Hybrid, Identity

History of AAD Connect User synchronization solutions has been here for a long time and they have evolved all the time, sometimes faster sometimes slower. Middle of September Microsoft released a new main version from Azure AAD Connect and the…

Continue Reading What’s new with AAD Connect V2 and why to migrate?

Enterprise applications SSO with custom manifest configuration

Harri Jaakkonen
Posted by Harri Jaakkonen Posted on 08/09/2021 0 Comments on Enterprise applications SSO with custom manifest configuration
Posted in Active Directory, ADFS, Azure, Azure AD, Certificates, Compliance, Identity, Security

Hi, Didn’t find an article about this, so I decided to gather the pieces and put them in one place. First little bit of background. You have Azure AD and  on-premises or cloud-based application that you want to allow SSO…

Continue Reading Enterprise applications SSO with custom manifest configuration

ADFS-failover PrimaryServer to Secondary.

Harri Jaakkonen
Posted by Harri Jaakkonen Posted on 31/03/2017 0 Comments on ADFS-failover PrimaryServer to Secondary.
Posted in ADFS, Clustering

Active Directory Federation Services can be installed in a farm. There can be maximum of 5 ADFS-servers in a farm using locally installed SQL Express. When You add in the sixth, You will have to install Full SQL-Server instance for…

Continue Reading ADFS-failover PrimaryServer to Secondary.

Java and Shibboleth authentication with Azure REST API and ADFS.

Harri Jaakkonen
Posted by Harri Jaakkonen Posted on 31/03/2017 0 Comments on Java and Shibboleth authentication with Azure REST API and ADFS.
Posted in ADFS, Azure, Java, Shibboleth

The last blog entry was about setting up Onpremise AD with Office 365 and ADFS. So now to the instresting part. I’m going a little bit awol with this, as I’m not a coder. First about Azure authentication. https://docs.microsoft.com/en-us/azure/app-service-api/app-service-api-whats-changed#authentication And specially…

Continue Reading Java and Shibboleth authentication with Azure REST API and ADFS.

Azure AD Connect with ADFS customization.

Harri Jaakkonen
Posted by Harri Jaakkonen Posted on 31/03/2017 0 Comments on Azure AD Connect with ADFS customization.
Posted in ADFS, Onpremise

So scenario was this. Customer has an Office 365 tenant all ready in-place. The users in Onpremise AD have SamAccountNames as UserPrincipalNames. The next step Is obvious. Add UPN-suffix and change UserPrincipalName to match email address. Then add mail-attribute for…

Continue Reading Azure AD Connect with ADFS customization.

ADFS 3.0, Intune with Apple and Anroid devices. EventID 364. MSIS7102: Requested Authentication Method is not supported on the STS.

Harri Jaakkonen
Posted by Harri Jaakkonen Posted on 10/01/2016 0 Comments on ADFS 3.0, Intune with Apple and Anroid devices. EventID 364. MSIS7102: Requested Authentication Method is not supported on the STS.
Posted in 2012 R2, ADFS, Office 365

So how to solve this one? First I saw this one in AD FS event log: All browser based Office 365 services where working just fine. Only Intune with Apple and Android devices got this error. So what next, Google?…

Continue Reading ADFS 3.0, Intune with Apple and Anroid devices. EventID 364. MSIS7102: Requested Authentication Method is not supported on the STS.