Archive

Posts Tagged ‘sso’

Azure AD Premium a visionary in Gartner IDaaS Magic Quadrant! I love it! – #Azure, #AzureAD, #IDaaS

This is awesome! I just love what Microsoft is doing with all the cool Azure offerings! That’s also why I’ve been digging deeper into this area lately and also took the Microsoft Specialist – Architecting Microsoft Azure Solutions exam and been playing around with Azure AD, DirSync and ADFS a lot.

Now with the whole release of Windows 10, Azure AD, Intune, ADFS and System Center we’re going to have a lovely story going forward with how to do client management going forward, just take a Windows 1o device, join it through Azure AD, Intune and federation and then sign in using your on-premise AD credentials. On top of that you can also then leverage Azure AD or federation with it for your SaaS apps as well and with SSO, and why not use the Azure connector to make your on-premise web apps available on the Internet with authentication as well!

Microsoft and Azure rocks!

Now also with the magic quadrant from Gartner that shows how well Microsoft is doing! It look very promissing, and just think about combingin all this also with Citrix Workspace cloud going forward! So great! ūüôā

Gartner just released their Magic Quadrant for Identity Management as a Service (IDaaS) and after only ~10 months in market, Azure AD premium was placed in the “Visionary” quadrant, far to the right of our competitors for our completeness of vision and our ability to execute, only slightly below companies with established, multi-year track records.

If you are a Gartner client, you can find the report here. We will have a complimentary copy to share soon, so please check back.

We’re really pleased with this result. We believe it validates our vision of providing of a complete solution for hybrid identity management, a solution that includes not just a directory and employee identity management, but full suite of identity capabilities, an integrated device management offering (Microsoft Intune), leading edge information protection (Azure RMS) and a robust set monitoring and security capabilities.

I am especially delighted by this validation because it says a lot about our customers, implementation partners and ISV partners who have worked together with us. They have been awesome about sharing their time and energy every day, to make sure that the products and services we build meet their needs and are helping them position their companies to thrive in the emerging world of cloud and devices.

This graphic was published by Gartner, Inc. as part of a larger research document and should be evaluated in the context of the entire document. The Gartner document is available upon request from Microsoft.
Gartner does not endorse any vendor, product…

Continue reading here!

//Richard

Upgrading to #Citrix #Receiver for #Windows – why and how?

This is something that all Citrix admins should read! How many questions don’t U get about which version of the client to use and why etc?

This document describes the various versions of Receivers for Windows, lists the reasons for upgrading, and recommends best practices for upgrading to the latest version of Receiver based on specific circumstances.

Note: The Online Plug-in 12.x will reach end of its maintenance in March 2013. Customers using Online Plug-in with XenApp 5, XenApp 6.x, XenDesktop 4.x, or XenDesktop 5.x must upgrade to the latest version of Receiver for Windows 3.X prior to that date where practical.

Citrix Receiver is the latest Citrix software you install on Windows end points to gain access to virtualized apps and desktops. It is also regularly installed on virtual desktops to enable access to virtualized apps.

The name of Citrix client software and the built-in functions are changed over the years. The clients in common use today are the Online Plug-in for Windows 12.X and the Receiver for Windows 3.X.

Where the Online Plug-in for Windows 12.X provided Web and PNAgent support, Receiver for Windows 3.X provides additional support. It can be configured for self-service access to applications, VPN-less remote access, single sign-on the Windows, Web, and SaaS applications, and has a built-in method to check for updates.

Both the Online Plug-in and Receiver have two versions.

  • The¬†Online Plug-in Web¬†is used solely for Web access to applications and the¬†Online Plug-in (Full)¬†supports Web access as well as PNA Services. The¬†Full¬†version supported SSO, Smart Cards, and access to apps through the Start menu¬†
    The standard Receiver for Windows, CitrixReceiver.exe, can be considered is a complete replacement for the Online Plug-in Web and largely a replacement for the Online Plug-in (Full). It can be used for web access. It can be configured to access PNA Services. And it can also be used with the latest versions of StoreFront, CloudGateway (App Controller), and Access Gateway to provide a rich set of services. It contains the latest, multithread, multi-stream HDX engine.

  • The¬†CitrixReceiverEnterprise.exe¬†version essentially…

Continue reading here!

//Richard

#Windows #Azure Active Directory steps out of the shadows

I’ve blogged about this release before with some info but here is another good article about how it can assist you in managing user authentication in the cloud.

Microsoft recently announced the general availability of Windows Azure Active Directory, a cloud-based service that lets admins manage multiple user identities and access. Although it’s been lurking in the background of other Microsoft products for some time — and still requires work to make it a fully useful tool — it’s a step in the right direction.

At its core, Windows Azure Active Directory is essentially a copy of Active Directory held in the cloud that provides basic authorization and authentication when users access cloud services. Ideally, admins use it to centralize the database of authorized users for cloud services, which then lets them authorize employees and contractors to work in certain applications. This allowance includes both Microsoft and third-party applications that accept authentication through common industry standards.

Through synchronization with an on-premises Active Directory deployment, you can also deploy¬†single sign-on, so users don’t have to remember multiple passwords or enter them more than once to access cloud applications. More importantly, it provides a better way to remove access to cloud services for users who have left the company — a previous weak link in the cloud identity management story.

Windows Azure Active Directory: Not exactly new

True to Microsoft’s history of¬†dogfooding¬†its own products, Windows Azure Active Directory had been in use for nearly a year before its current general release. Few actually knew that all¬†Office 365¬†accounts have been using a preview release of Windows Azure Active Directory for some time. Users of the general Windows Azure service, Dynamics CRM andWindows Intune¬†also have their details stored in private Windows Azure Active Directory accounts.

According to Microsoft, since just after the beginning of the 2013 calendar year, “Windows Azure AD has processed over 65 billion authentication requests while maintaining 99.97% or better monthly availability.” Windows Azure Active Directory is a distributed service running across 14 of Microsoft’s data centers all over the globe.

User interface improvements

One improvement that happened between the preview release of Windows Azure Active Directory and the Web version release is the user interface, which was basically nonexistent before. Now you can access a clean section of the modern-looking Windows Azure control panel to create and manage instances of Windows Azure Active Directory (Figure 1).

Create and manage instances of Windows Azure Active Directory

You can add these instances to your Windows Azure subscription by logging into your Microsoft account, which…

Continue reading here!

//Richard

Windows Azure Active Directory (AD) has reached General Availability!

April 9, 2013 1 comment

This is cool! And I think that it’s a great step in the right direction for many companies! ūüôā

Windows Azure Active Directory

Windows Azure Active Directory (Windows Azure AD) is a modern, REST-based service that provides identity management and access control capabilities for your cloud applications. Now you have one identity service across Windows Azure, Microsoft Office 365, Dynamics CRM Online, Windows Intune and other 3rd party cloud services. Windows Azure Active Directory provides a cloud-based identity provider that easily integrates with your on-premises AD deployments and full support of third party identity providers.

Use Windows Azure AD to:

Integrate with your on-premises active directory

Quickly extend your existing on-premises Active Directory to apply policy and control and authenticate users with their existing corporate credentials to Windows Azure and other cloud services.

Offer access control for you applications

Easily manage access to your applications based on centralized policy and rules. Ensure consistent and appropriate access to your organizations applications is maintained to meet critical internal security and compliance needs. Windows Azure AD Access Control provides developers centralized authentication and authorization for applications in Windows Azure using either consumer identity providers or your on-premises Windows Server Active Directory

Build social connections across the enterprise

Windows Azure AD Graph is an innovative social enterprise graph providing an easy RESTful interface for accessing objects such as Users, Groups, and Roles with an explorer view for easily discovering information and relationships.

Provide single sign-on across your cloud applications

Provide your users with a seamless, single sign-on experience across Microsoft Online Services, third party cloud services and applications built on Windows Azure with popular web identity providers like Microsoft Account, Google, Yahoo!, and Facebook.

Read more about the service here!

Pricing

Access Control

Access Control is available at no charge. Historically, we have charged for Access Control based on the number of transactions. We are now making it a free benefit of using Windows Azure.

Directory

The base directory, Tenant, User & Group Management, Single Sign On, Graph API, Cloud application provisioning, Directory Synchronization and Directory Federation, is available at no charge. Certain additional capabilities such as Azure AD Rights Management will be available as a separately priced option.

Read more about pricing here!

//Richard

#Citrix #XenMobile #MDM Integration With #Cisco ISE for #BYOD

Interesting and a good blog post by Sameer Mehta.

World of BYOD

 Bring your own device (BYOD) initiatives are enabling employees to bring their own personal devices to work and allowing them corporate access to services such as Email. We did a recent audit using our ability to integrate with security incident and event management (SIEM) systems for a customer. The audit provided visibility into their ActiveSync traffic and found devices that belonged to executives that were not under IT management. Here’s a snapshot of their BYO devices.

 

There are several reasons to enable such access ‚Äď for example, to boost employee productivity or convenience of accessing email from any device. Having said that, as¬†Uncle Ben¬†puts it,¬†‚Äúwith great power comes great responsibility‚ÄĚ, and this responsibility is on the IT administrator from a security point of view. It‚Äôs IT‚Äôs responsibility to make sure that corporate data is not compromised or leaked in the following scenarios:

  • What happens when this personal device is lost or stolen?
  • What happens if this device is jailbroken or rooted?
  • What happens if this device ends up outside an approved geofence. For example, outside of the US?
  • What happens if the user inadvertently installs an application that has the ability and access to the entire device memory, thereby having unauthorized access to corporate data?

End User’s perspective on Enterprise Mobility

End users want access to corporate services such as email, intranet, ability to share and collaborate over documents, and also use 3rd¬†party applications such as Evernote, Quick Office or GoodReader. With mobile solutions such as XenMobile MDM, CloudGateway, ShareFile and GoToAssist, Citrix provides ubiquity i.e. ‚Äėaccess any app. from any device‚Äô, and a unified view for applications with an enterprise app store, documents via ShareFile. Having said that, since the user is accessing multiple applications; end user experience is a key component of mobility solutions. For example, bootstrap authentication and provide single sign on (SSO) to other applications.

Enterprise IT perspective on BYOD

As IT is providing access to corporate services, the main concern is around data loss prevention (DLP) and protecting corporate content on the mobile device. This means, encrypting data at rest for application data, and documents that are hosted either on Sharepoint, Network File share or Cloud storage. From a DLP perspective, for security conscious organizations, the mobile solutions bundle, which includes XenMobile MDM and CloudGateway…

Continue reading here!

//Richard

Configuring Email-Based Account Discovery for #Citrix #Receiver

Check out this great blog post from Avinash Golusula:

Configuring Email-Based Account Discovery

1     Add DNS Service Location (SRV) record to enable email based discovery

During initial configuration, Citrix Receiver can contact Active Directory Domain Name System (DNS) servers to obtain details of the stores available for users. This means that users do not need to know the access details for their stores when they install and configure Citrix Receiver. Instead, users enter their email addresses and Citrix Receiver contacts the DNS server for the domain specified in the email address to obtain the required information.

To enable Citrix Receiver to locate available stores on the basis of users‚Äô email addresses, configure Service Location (SRV) locator resource records for Access Gateway or StoreFront/AppController connections on your DNS server. If no SRV record is found, Citrix Receiver searches the specified domain for a machine named ‚ÄúdiscoverReceiver‚ÄĚ to identify a StoreFront/AppController server.

You must install a valid server certificate on the Access Gateway appliance and StoreFront/AppController server to enable email-based account discovery. The full chain to the root certificate must also be valid. For the best user experience, install either a certificate with a Subject or Subject Alternative Name entry of discoverReceiver.domain, or a wildcard certificate for the domain containing your users’ email accounts.

To allow users to configure Citrix Receiver by using an email address, you need to add a SRV record to your DNS zone.

  • Log in to your DNS server
  • In DNS > Right-click your¬†Forward Lookup Zone
  • Click on¬†Other New Records
  • Scroll down to¬†Service Location (SRV)
  • Configuring Email-Based Account Discovery
  • Choose¬†Create Record
%d bloggers like this: