Uploaded by legentilman

Questions for ADFS Deployment

advertisement
Questions to determine whether federation is a good fit?
1.
2.
Why are the goals we’re trying to accomplish?
Is the application/service claims-aware and does it support WS-Fed, SAML, or OAuth2?
Interview questions during any federation project?
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
11.
12.
13.
14.
15.
16.
17.
18.
19.
20.
What applications will users be using to gain access this application/service? Their browser, Outlook,
Lync, custom software, etc?
What types of devices will be used to access this application/service?
Do you want to perform device registration (DRS) of these devices so you can also perform device
authentication for applications and/or services?
Who are the users that need to access this application/service?
What’s the company’s policy on using internally-issued certificates or wildcard certificates?
Where will these users be physically located on the network when accessing this application/service?
How many users will need to access this application/service?
Are there any other SSO projects occurring within the company that we should be aware of?
Do you have any other production Active Directory forests? Will all forests be expected to leverage the
same O365 tenant?
Do you have any other identity platforms already in the company that we will expect to integrate with
like Ping, Siteminder, etc?
Will any users require multi-factor authentication (MFA)?
Will any of these applications require special authentication types?
Do you have any special industry standards you need to comply with?
Do you need high-availability of the ADFS service and backend SQL servers?
Do you have a DR site and plan to keep part of this ADFS infrastructure in this DR site?
Do you have a consistent UPN across the enterprise? If not, how many?
Do you have any non-routable UPN’s in the enterprise?
If you had to, would you be willing to change your UPN to support these projects?
Do you have any other data or attribute stores besides Active Directory that we may need to pull user
attributes from?
Related to this project, do you have any applications that users will need access that aren’t claimsaware?
Download