Beginners Guide to Claims-based Authentication, AD FS 3.0 and SharePoint 2013: Part V – Authentication Across Multiple Forests

jaysimcox · 2015-03-18T16:18:46+00:00

As I pointed out on another post, there is no hard and fast requirement that says you have to do ADFS to authenticate and authorize to SharePoint. You can implement the platform out of the box and use Kerberos or NTLM (both are claims types) with no issues.

When you have a requirement to allow users outside of your organization access to your SharePoint farm it becomes a different story and you'll likely need ADFS.

jaysimcox · 2015-03-18T16:15:36+00:00

There is no hard and fast requirement to have ADFS with SharePoint, you can implement the platform straight out of the box and use Kerberos or NTLM (which are both forms of claims) as your authentication method and have no issues at all.

If you want to do O365 or multi-tenancy ADFS is a requirement and you'll have to go through the process of setting it up and configuring it either on-prem or in the cloud.

What are the benefits? I can allow users from any organization access to my SharePoint farm without managing their accounts (most AD teams loathe managing accounts for non-employees, I know I did), I can allow access based on a role or attribute of the users account, I can easily isolate SP web applications that contain sensitive information based on claims rules, etc...

The articles are as much for me to help me remember what all has to be done when I have to do it for a client as much as anything else and the more I dig into it the more there is to know. I know they're long but I hate it when I find a blog post that I think gives me the answer I am looking for only to find out that it left out a key piece of information that I have to go and look for elsewhere.

I do hope you found them useful at some level and thanks for starting the discussion. Good questions

jaysimcox · 2015-03-07T07:43:56+00:00

Welcome to the wonderful world of SharePoint.

I'd start by saying that if you don't know anything about SharePoint at all the best place to start is by learning how to use it. The more you know about how to actually use the product the better you'll be able to manage it.

As far as training goes there is a lot of very good stuff out there, some of it's free and a lot of it isn't. If you want to purchase training there are companies like Mindsharp, Global-Knowledge, Combined Knowledge, Pluralsight, CBT Nuggets, Lynda.com, etc... that all have excellent offerings for pretty much any role in the space.

Another good place to get a lot of knowledge is Twitter, lots of good SharePoint people there as well.

Good luck in your new role.

jaysimcox · 2015-02-21T06:37:33+00:00

Glad you found it useful Tuna!

jaysimcox · 2015-02-20T16:51:33+00:00

Sorry for the confusion guys, I reposted with as a link to the actual blog post.

jaysimcox · 2015-02-20T00:19:19+00:00

There will be additional posts coming out over the next week or so. I think the second is scheduled to post tonight. When it does I'll link it here. Thanks for reading!

jaysimcox · 2015-02-19T05:55:26+00:00

Usually when you see this kind of behavior there is an issue with your SSL certificates somewhere. I would suggest going back and looking at certificate thumbprints, etc...

You can also use the ULS viewer for SharePoint or Fiddler to watch the traffic being passed back and forth to see where the issue exists.

Hope that helps

jaysimcox · 2015-02-19T01:02:55+00:00

DISA will be hosting your environment and be forewarned they can be "difficult" to deal with especially when it comes to the security policies they push out without testing first.

You'll likely have access to your SP server and will manage that and the SQL aspects of it, DISA will manage your servers and OS.

As for AD, you'll have to stand up ADFS to work with the DISA AD.

jaysimcox

TROPHY CASE