Single Sign On | What it is How it works Why you need it

Поделиться
HTML-код
  • Опубликовано: 24 ноя 2024

Комментарии • 78

  • @husseinabdelmalik5025
    @husseinabdelmalik5025 4 года назад +5

    Amazing work, thank you so much.
    Could you please if possible make a series of azure Devops

    • @AzureAcademy
      @AzureAcademy  4 года назад +4

      thanks @Hussein we have a DevOps series in the works now...stay tuned

    • @tandonanmol
      @tandonanmol 4 года назад +1

      @@AzureAcademy We are also waiting for the Kubernetes series 😛. I am guessing that would be a part of devops series?

    • @AzureAcademy
      @AzureAcademy  4 года назад +3

      The K8Series is something I am working on with Phil Gibson who did our Open Service Mesh video, He has been tied up with other things due ti Ignite...I am hoping to sync with him to get more on AKS very soon...but I am sure there will be a DevOps tie in...stay tuned!

  • @itips4021
    @itips4021 3 года назад +3

    Excelllent video - quick yet detailed ! Other SSO video's seem to imply all you got to do is run AD Connect ... click -click ..& thats it - job done! 👍

    • @AzureAcademy
      @AzureAcademy  3 года назад +1

      Yup there is a lot that goes into it ☺️👍

  • @sethzwicker3631
    @sethzwicker3631 4 года назад +3

    Can you, when ready, do a video on the new Azure AD Cloud provisioning Agent? I'm curious to see how that works and if it's intended to augment or replace the ADConnect application we install now. Thanks!

    • @AzureAcademy
      @AzureAcademy  4 года назад +3

      I will take a look at it...stay tuned!

  • @richardwaldron1684
    @richardwaldron1684 4 года назад +2

    Great video as usual, thank you. One thing I'd really like you to bring your expertise and clarity to is SAML for single sign-on please - a subject that still confuses me. Cheers.

    • @AzureAcademy
      @AzureAcademy  4 года назад +2

      thanks @Richard...can you clarify for me what I can clarify for you 😁😜
      can you be specific on the scenario you want me to show?

  • @yogesham3997
    @yogesham3997 4 года назад +4

    Excellent content and please do some videos on Azure AD application proxy basics and working on different SSO.

    • @AzureAcademy
      @AzureAcademy  4 года назад +3

      That is 4 votes for Azure AD App Proxy...I'm working on it...stay tuned!

  • @onexl001
    @onexl001 4 года назад +3

    Appreciate. Awesome video. Can u please do azure app proxy video

    • @AzureAcademy
      @AzureAcademy  4 года назад +1

      Thank you for watching and for the suggestion...I will start working on it...stay tuned!

  • @xDavidxG
    @xDavidxG Год назад +1

    Hello Dean, I hope you are doing well. I'm not sure whether anything has changed on the single sign on when it comes to the local applications, such as outlook, teams, onedrive, etc, when utilizing Azure AD Connect on an AVD Environment. I reviewed the Entra Seamless SSO, on the key features it outlines the following:
    Great user experience
    Users are automatically signed into both on-premises and cloud-based applications.
    Users don't have to enter their passwords repeatedly.
    I'm thinking this may work for the local apps, or not sure what "on-premises" may be referring to. Looking to review options on this to provide a more efficient experience when setting up users on the environments, as well as ongoing management.

    • @AzureAcademy
      @AzureAcademy  Год назад +1

      For AVD there are different SSO options and methods. Watch this ruclips.net/video/_PrgdDH1oB4/видео.htmlsi=zG-NoJI5VxbxwdUF

  • @ViggoStomsvik
    @ViggoStomsvik 4 года назад +2

    Great video! But why did you do the "Group policy" and the "Group policy preference" (Adding the Registry item in the same GPO?).

    • @AzureAcademy
      @AzureAcademy  4 года назад +1

      Thank you @Viggo the reason Depends on how you choose to manage GPOs in your environment
      For me, I want to manage fewer policies rather than have 1 GPO per type, item or section.
      there are advantages to both so which is right for you?

  • @sreezworldz
    @sreezworldz 3 года назад +1

    Simply learned hard topics. You're the perfect presenter loved it. subscribed ❤❤❤

    • @AzureAcademy
      @AzureAcademy  3 года назад +1

      Thanks very much! 👍☺️😎

  • @kabookeo
    @kabookeo 2 года назад +1

    Excellent explanation. Thank you!

  • @TheOltimator
    @TheOltimator 4 года назад +2

    great stuff, thanks for the videos!

    • @AzureAcademy
      @AzureAcademy  4 года назад +2

      Thanks for watching @Catsten Please let me know what else you are interested in...so I can make that video for you!

  • @JohnCochraneUK
    @JohnCochraneUK 2 года назад +1

    Great content. However could I suggest you remove the "Azure Academy" banner in the top left corner. It often blocks important detail.

    • @AzureAcademy
      @AzureAcademy  2 года назад +1

      Thank you John for your feedback. I do try to make sure that the url, if it is important is in the video description so you can easily get to it. So thank you for helping me to improve, very appreciated.

  • @sethzwicker3631
    @sethzwicker3631 4 года назад +2

    Great video. Can you please shed some light on the registry addition? I've done the GPO steps but this is the first time I've seen the registry component. How does that fit in?

    • @AzureAcademy
      @AzureAcademy  4 года назад +2

      it is in the official docs - docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-sso-quick-start#step-3-roll-out-the-feature and I have always added it when I setup SSO...
      I believe it enables the SSO magic on https sites

    • @sethzwicker3631
      @sethzwicker3631 4 года назад +1

      @@AzureAcademy I think that last option is an either/or between the registry option vs GPO. I don't think it's a 3rd step...from what I can tell.

    • @AzureAcademy
      @AzureAcademy  4 года назад +1

      not totally sure @Seth...I will ask the Azure AD Team and get back to you

    • @atomique90
      @atomique90 4 года назад +1

      @@AzureAcademy I was also wondering about the registry addition. If you look into the docs you linked here, they say "There are two ways to modify users' Intranet zone settings: ..." - Option 1 (GPO): Users cannot modify their own settings and Option 2: Users can modify their own settings - I just rolled out the GPO without the registry key and had no issues with SSO - docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-sso-quick-start#why-do-you-need-to-modify-users-intranet-zone-settings

    • @AzureAcademy
      @AzureAcademy  4 года назад +1

      I have always used the reg entry...but I prefer to do it with GPO so I can centrally manage it.

  • @frankanderson5379
    @frankanderson5379 4 года назад +1

    A great use case for implementing SSO is no auth prompt for M365 Apps within your WVD session hosts.

    • @AzureAcademy
      @AzureAcademy  4 года назад +1

      Thanks Frank! Do you have a link to the M365 side of that setup process?

  • @James-sc1lz
    @James-sc1lz 4 года назад +1

    Very impressive. Thanks for sharing

    • @AzureAcademy
      @AzureAcademy  4 года назад +1

      Thank you! Let me know what other videos you are interested in me creating, Cheers!

  • @prasannakumar9885
    @prasannakumar9885 4 года назад +1

    Can you do a video on ,
    Add an on-premises application for remote access through Application Proxy in Azure Active Directory

    • @AzureAcademy
      @AzureAcademy  4 года назад +1

      I have had a few requests for App Proxy...It is on the backlog...thanks!

  • @sachithsilva3896
    @sachithsilva3896 4 года назад +2

    Good job

    • @AzureAcademy
      @AzureAcademy  4 года назад +2

      thanks! let me know what other videos you are interested in...I am always looking for new ideas!

  • @adeyemiakanfe7641
    @adeyemiakanfe7641 4 года назад +1

    This is a nice content. Subscribed !

    • @AzureAcademy
      @AzureAcademy  4 года назад +1

      Awesome! Please share The Azure Academy with others!

  • @O2C69
    @O2C69 2 года назад +1

    Hi, Love the video, am looking at implementing SSO via Azure AD connect for enterprise applications for office 365, MS Teams, Sharepoint, Outlook, Onedrive. Currently using adfs farm and moving datacentres. Am looking to move SSO to Azure in a simple manner and remove adfs.
    To change the way domain users sign-on do I just run Azure AD Connect and follow instructions in this video and select 'Passthrough with Single Sign-on' and add multiple agents for HA on all domain controllers and remove private & public dns records referencing adfs farm. Please
    Would Passthrough work for remote users that are connecting to the Lan via ssl-vpn?, if yes what happens if they are not, what solution if the user is not connected to ssl-vpn?
    Awaiting your good response.

    • @AzureAcademy
      @AzureAcademy  2 года назад +2

      In general yes… However because you have a DFS in your environment using SS so I would look at exactly what a DFS is doing to be sure that all of those will work then make your cut over

    • @O2C69
      @O2C69 2 года назад +1

      @@AzureAcademy
      Thank you for your response,
      How do I find out the cloud applications that are being used in adfs for SSO?
      Also I looked into this further and my organisation is using password hash in AAD Connector & adfs for Microsoft 365 apps - E3, E5 licenses but not sure of any other cloud apps being used, so I believe i just need to use password hash & SSO, i need to re-run AAD Connector & set the settings & have a secondary AAD Connector as staging mode.
      To do an initial test I would add a testing group in Azure AD as staged roll-out and see if this work in the LAN & SSL-VPN.
      do I need to do any other configuration for users e.g. Browser & Registry settings or is this just for using Passthrough & SSO requirement.
      Please Advise.
      Merry Xmas.

    • @AzureAcademy
      @AzureAcademy  2 года назад +1

      +office 2crazy pass through will send authentication requests when you sign into Azure to your domain controller, it doesn’t matter if they are on your VPN or not.

  • @Stinger301
    @Stinger301 4 года назад +1

    Thanks for a great video. I tried the above in my environment but this did not work. I have setup password hash sync with SSO enabled. To test it rather than create a Group policy on the domain, I modified the local policy on the computer and created the registry entry. After this I was still getting prompted to use my credentials. Am I missing something? Your help would be much appreciated.

    • @AzureAcademy
      @AzureAcademy  4 года назад +1

      the PC you are testing from needs to be joined to your domain and needs to be able to "talk" to the domain controller to perform the token exchange. I have NOT tried this with a local policy because I want to manage everything as centrally as possible...but I assume that it should have the same effect. Does the Azure Portal show that you have setup SSO for your domain? try the kerberos key roll over to reset. If still not working I would remove it and reset it, then try again.

  • @Jay_1509
    @Jay_1509 3 года назад +1

    Thank you sir for video. We have application hosted in azure VM and have requirement to do SSO for that application in VM. please can you let me know how can we do it ? please provide any reference ?

    • @AzureAcademy
      @AzureAcademy  3 года назад +2

      If the VM needs SSO then…how are you logging into the VM? Is the account a local account, AD account of Azure AD Account?

    • @Jay_1509
      @Jay_1509 3 года назад +1

      @@AzureAcademy Hi Thanks for reply. First of all i am bit confused if SSO configuration for application in azure VM is possible or not.
      User will access application from out side of VM. application is completely in cloud VM (no onprem). please advise.

    • @AzureAcademy
      @AzureAcademy  3 года назад +1

      I think you may be confusing this feature with something else.
      This is a single sign on with Azure AD and Active Directory.
      There is another feature that allows you to sign in from an Azure AD Joined laptop to an Azure VM USING ONLY AZURE AD watch this and tell me if this is what you are looking for
      ruclips.net/video/rUwmkLreb08/видео.html

  • @shyinylu
    @shyinylu 4 года назад +2

    9:07 I am already familiar with all of this Kerberos rollover but how do you actually automate it? Is there any other way of doing so beside storing the actual domain admin and global admin credentials in a script file to pass them into a script?

    • @AzureAcademy
      @AzureAcademy  4 года назад +2

      great question @shyinylu the answer depends on your tools and skills.
      1. You can use PowerShell as an automated task like I showed.
      2. Azure Automation Account running a PowerShell Runbook
      3. Azure DevOps with a Pipeline with trigger
      you can also store those admin creds in Azure KeyVault so you don't have to type them in and they are stored securely

  • @UdayVaswani
    @UdayVaswani 4 года назад +1

    Hi Sir,
    Can you help us with WVD with only Cloud only setup and all such with only cloud-only setup as we are startup

    • @AzureAcademy
      @AzureAcademy  4 года назад +2

      very cool! As a cloud only group you still have to choose if you will have a "traditional domain controller" running on a VM in the cloud or if you will use Azure AD Domain Services.
      Here is my Azure AD DS video so you can see what it looks like - ruclips.net/video/Uayv69FZlyI/видео.html

  • @fbifido2
    @fbifido2 Год назад +1

    How to enable SSO for AAD & AADDS in Azure Cloud VM?
    i don't have AD outside or inside the cloud nor any sync app.

    • @AzureAcademy
      @AzureAcademy  Год назад +2

      There is no method in Azure AD that will give you SSO in AADDS, however…I’m not sure this will work because you have limited GPO control in AADDS, but you may be able to use GPO to make it work for applications
      Watch this video at 4:35
      The other method is for SSO to get onto a VM you could use Azure AD credentials for that
      Watch this 👉 ruclips.net/video/rUwmkLreb08/видео.html

  • @LV13619
    @LV13619 Год назад +1

    what does the GPO setting "Allow updates to status bar via script" do exactly and why is it needed?

    • @AzureAcademy
      @AzureAcademy  Год назад +1

      Where did you see that?

    • @LV13619
      @LV13619 Год назад +1

      @@AzureAcademy In your video itself at 05:25 mins

    • @LV13619
      @LV13619 Год назад +1

      @@AzureAcademy also, what's the use and need for the registry shown in your video at 05:32 mins

    • @AzureAcademy
      @AzureAcademy  Год назад +1

      This is a browser policy when you access a site that is in this single site zone.
      This policy setting allows you to manage whether script is allowed to update the status bar within the zone.
      It is needed for SSO to do everything it needs to function

    • @AzureAcademy
      @AzureAcademy  Год назад +1

      The registry setting enables SSO over SSL

  • @ThePatsev
    @ThePatsev 2 года назад +1

    When SSO enabled, is Outlook going to ask for a password when it's launched for the first time? Or it takes the identity from the Windows login?

    • @AzureAcademy
      @AzureAcademy  2 года назад +2

      Outlook does NOT get identity that way. To SSO with Office, you need a GPO to tell the office apps that they are part of m365 and have a tenant assigned

    • @ThePatsev
      @ThePatsev 2 года назад +1

      @@AzureAcademy Thank you!

    • @AzureAcademy
      @AzureAcademy  2 года назад +1

      👍☺️

  • @denniswesterman
    @denniswesterman 4 года назад +2

    Is it possible to connect sso in a wvd with aads?

    • @AzureAcademy
      @AzureAcademy  4 года назад +3

      great question...in the Classic model of WVD...YES, in the ARM model not yet.
      It was working but we found some issues in the code so it in being updated ...should be available soon

    • @denniswesterman
      @denniswesterman 4 года назад +2

      @@AzureAcademy Thank you for your answer.
      Do you have some "how to" docs for the classic?
      When I look back at the above video I don't understand how I can apply it in the WVD classic environment.

    • @AzureAcademy
      @AzureAcademy  4 года назад +3

      WVD depends on Azure AD for the type of logins So if you setup things as I showed today it should just work in WVD classic. If you have all of that and it isn't working you may need ADFS...I will look for the info and post it if I can find it.

  • @jackgleeson8321
    @jackgleeson8321 4 года назад

    nice video

    • @AzureAcademy
      @AzureAcademy  4 года назад

      Thanks for the visit...let me know what other videos you are interested in

    • @jackgleeson8321
      @jackgleeson8321 4 года назад

      @@AzureAcademy I would really like to know new pathway to certification with azure as Microsoft is changing it?

    • @AzureAcademy
      @AzureAcademy  4 года назад

      they are only kinda changing it...Removing the non-cloud stuff and going all in on Azure. So look for the AZ exams in general and also for specialties.

    • @jackgleeson8321
      @jackgleeson8321 4 года назад +1

      @@AzureAcademy Are Microsoft changing the azure certification to role based azure certs

    • @AzureAcademy
      @AzureAcademy  4 года назад +1

      I think that is correct to say.