Identity and Access Management, Identity Governance

Azure AD Connect Azure AD Connect is a tool that connects functionalities of its two predecessors –  Windows Azure Active Directory Sync, commonly referred to as DirSync , and Azure AD Sync (AAD Sync). Azure AD Connect will be now the only directory synchronization tool supported by Microsoft as DirSync and AAD Sync are deprecated and supported only until April 13, 2017. Why do you need Azure AD Connect?    To synchronize users’ identities between local and cloud directories. Here "local" refers to the on-premise Active Directory infrastructure and domains and "cloud" refers to the applications hosted in Azure cloud, such as Office 365 or O365. Why do you need to synchronize between local or on-premise Active Directory and Azure AD?    To provide for users access different resources on both on-premises and cloud environments with just a single set of credentials. Applications that are deployed in a traditional Data Center or on-premise rely on the on-premise

Here are some important links for PingFederate for reference. In December 2017, new versions for PingFederate 9 and PingAccess 5 were released. Read here the vendor availability release. Default Login for PingFederate Administrator console https://PingFederate_hostname:9999/pingfederate/app is the default URL  (login with username as Administrator and password) Default Login for PingAccess Admin console https://PingAccess_hostname:9000/login is the default login URL   (login with username as Administrator and password) PingFederate 9 documentation What's new in PingFederate 8.4 What's new in PingAccess 4.3 IdP-initiated SSO—POST   (link check Dec20) SP-initiated SSO—POST-POST  SP-initiated SSO—Redirect-POST Single sign-on  with PingFederate How to configure IE, chrome browser for Kerberos and NTML PingFederate Release Notes   Industry Standard s SAML 2.0 profiles   ( SSO profile variations offered by PingFederate ) Integrate PingID with your VPN  Kerberos

This article provides the step by step process during Smart Card authentication to Active Directory. How does Smart Card authentication work with Active Directory and what are the steps when a user logins to Active Directory with a Smart Card. (Here is link to How does Kerberos Protocol work ) Although this article is from 2000, its steps remain the same as of Windows 2012 infrastructure with Kerberos authentication. Reference from Microsoft for integrating Smart Card login with third party Certification Authority (CA) Smart Card Logon Integration with Kerberos By  Roberta Bragg October 1st, 2000 Learn the basic behind-the-scenes steps for Smart Card logon under Kerberos. ( This article was published in redmondmag in 2000 ) When smart cards are used for authentication in Win2K, a copy of the certificate and the private key can be stored on the smart card. When the user inserts the card in the reader, he or she will be prompted to enter the pin. What happens next? H