{"id":243,"date":"2017-08-16T12:18:12","date_gmt":"2017-08-16T04:18:12","guid":{"rendered":"https:\/\/rol801.com\/wordpress\/?p=243"},"modified":"2017-08-16T12:18:12","modified_gmt":"2017-08-16T04:18:12","slug":"work-place-by-facebook-integrate-with-azure-ad-part-iii","status":"publish","type":"post","link":"https:\/\/rol801.com\/wordpress\/?p=243","title":{"rendered":"Work Place by Facebook integrate with Azure AD – Part III"},"content":{"rendered":"

\"\"\"\"<\/p>\n

 <\/p>\n

 <\/p>\n

 <\/p>\n

 <\/p>\n

Part III<\/p>\n

\u505a\u5b8c\u5c0d\u4e0a\u5169\u908aConfig\uff0c\u4fc2\u6642\u9593\u6e2c\u8a66\u4e0b\u6210\u679c\u3002<\/p>\n

\u9996\u5148\u4fc2\u53bb “https:\/\/mydomain.facebook.com”
\nWorkPlace login page \u986f\u793a “Your company has enabled single sign-on.”
\n\u8b8a\u6210\u5187\u5f97\u4fc2\u5230\u7528”UserName\/Password” Auth<\/p>\n

“User Name \/ Password” \u00a0vs “SSO”
\n\"\"<\/p>\n

\"\"<\/p>\n

 <\/p>\n

 <\/p>\n

 <\/p>\n

 <\/p>\n

 <\/p>\n

 <\/p>\n

 <\/p>\n

 <\/p>\n

 <\/p>\n

 <\/p>\n

 <\/p>\n

\u7576\u5649”Log In” \u5c31\u6703Redirect \u53bbAzure\u5605Login Page \uff08\u7b2c\u4e00\u6b65\u6210\u529f\uff09<\/p>\n

\"\"<\/p>\n

 <\/p>\n

 <\/p>\n

 <\/p>\n

 <\/p>\n

 <\/p>\n

\u4e4b\u5f8c\u5c31\u8b8a\u6210\u540cOffice365 Login \u4e00\u6a23\uff0c\u9700\u8981\u7528 AD Credentail \/ Client Certificate \u505a Auth<\/p>\n

\u4fc2\u5df2\u7d93Join Domain\u5605PC\u3002\u56e0\u70ba\u6709Kerberos Auth\uff0c\u7576Page redirect\u53bb\u5230Azure Login,\u53ea\u9700\u8981\u6253Username (UPN)\uff0c\u5f80\u5f8c\u5605login process\u5c31\u6703\u7528Kerberos \u5b8c\u6210<\/p>\n","protected":false},"excerpt":{"rendered":"

        Part III \u505a\u5b8c\u5c0d\u4e0a\u5169\u908aConfig\uff0c\u4fc2\u6642\u9593\u6e2c\u8a66\u4e0b\u6210\u679c\u3002 \u9996\u5148\u4fc2\u53bb “https:\/\/mydomain.facebook.com” WorkPlace login page \u986f\u793a “Your company has enabled single sign-on.” \u8b8a\u6210\u5187\u5f97\u4fc2\u5230\u7528”UserName\/Password” Auth “User Name \/ Password” \u00a0vs “SSO”                       \u7576\u5649”Log In” \u5c31\u6703Redirect \u53bbAzure\u5605Login Page \uff08\u7b2c\u4e00\u6b65\u6210\u529f\uff09           \u4e4b\u5f8c\u5c31\u8b8a\u6210\u540cOffice365 Login \u4e00\u6a23\uff0c\u9700\u8981\u7528 AD Credentail \/ … Continue reading “Work Place by Facebook integrate with Azure AD – Part III”<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":true,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2}},"categories":[13,2,4,3,12],"tags":[],"class_list":["post-243","post","type-post","status-publish","format-standard","hentry","category-adfs","category-it","category-mdm","category-microsoft","category-saml"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/p71O8A-3V","jetpack-related-posts":[{"id":237,"url":"https:\/\/rol801.com\/wordpress\/?p=237","url_meta":{"origin":243,"position":0},"title":"Work Place by Facebook integrate with Azure AD – Part II – Azure AD Enterprise App Configuration \/ Work Place SSO Authentication","author":"rol801","date":"August 16, 2017","format":false,"excerpt":"\u00a0 \u00a0 \u00a0 \u00a0 Part II \u7e8cPart I\u3002Work Place Subdomain \u6e96\u5099\u5c31\u7d6e\uff5e\u958b\u59cb\u6232\u8089\u3002SAML Config\u3002 \u5982SalesForce\u4e00\u6a23\uff0c\u5927\u8def\u5605Idp\uff08ADFS \/ Azure AD \/G Suite \/ OKTA \/ One Login \/ Ping Identity)\u90fd\u6709article\u8b1b\u9ede\u505a\u3002\u57fa\u65bcDomain \u5df2\u7d93\u4fc2 Azure AD \u4e0a\u9762Federated\uff0c\u4ea6\u5373\u4fc2\u540cOffice365 \u4e00\u6a23\uff0c \u6703\u8fd4ADFS Server \u505aAuth \/ MFA\u3002 \u6240\u4ee5\u4fc2\u5514\u9700\u8981\u8003\u616eADFS \u500barticle \u9ede\u505a\u3002 SAML configuration \u5514\u96e3\u3002\u57fa\u672c\u90fd\u4fc2\u5169\u908a\u8cc7\u6599 Copy n Paste\u3002 \u4f46\u4fc2\u6700\u944a\uff0c\u6700\u6015\u5c31\u4fc2\u5169\u908a\u5404\u81ea\u5404\u63cf\u8ff0\u3002Field\u540d\u5514\u77e5\u908a\u500b\u5c0d\u908a\u500b\u3002 \u4eca\u6b21\u90fd\u4fc2\uff0c\u5148Configure \u4fc2Azure AD\uff0cFirst Try\u7167\u8ddfArticle\u4fc2\u5514\u5920Parameters\u2026","rel":"","context":"In "ADFS"","block_context":{"text":"ADFS","link":"https:\/\/rol801.com\/wordpress\/?cat=13"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/rol801.com\/wordpress\/wp-content\/uploads\/2017\/08\/azure-active-directory.png?resize=350%2C200&ssl=1","width":350,"height":200},"classes":[]},{"id":295,"url":"https:\/\/rol801.com\/wordpress\/?p=295","url_meta":{"origin":243,"position":1},"title":"Azure AD Seamless SSO","author":"rol801","date":"February 28, 2018","format":false,"excerpt":"\u00a0 \u00a0 \u00a0 \u00a0 Seamless SSO\uff0c\u4e00\u500b\u66fe\u7d93\u89ba\u5f97\u597d\u96e3\u597d\u96e3\u5605\u6771\u6771\u3002\u4f46\u4fc2\u7d93\u904e\u5462\u5169\u4e09\u5e74\u524dConfigure Kerberos\uff0c\u540c\u958b\u59cb\u63a5\u89f8SAML\u5f8c\u5f97\u5230\u5605\u7d93\u9a57\u3002 Seamless SSO\u5514\u518d\u4fc2\u5481\u96e3\u4ee5\u89f8\u6478\u3002 \u7b2c\u4e00\uff0c\u90fd\u4fc2\u8981\u591a\u8b1d\u6211\u54cb\u5049\u5927\u5605Microsoft\u3002Azure AD\u4fc2\u4e0a\u5e74\u4e5d\u6708\u5de6\u53f3\u5605Update\u3002 Pass-Through Authentication\u3002Microsoft \u89e3\u91cbBenefit\u4fc2Authentication\u6703\u8fd4\u8fd4OnPremises AD\u505a\uff0c\u53ef\u4ee5\u5514\u9700\u8981\u958bPassword Sync\u3002 \u4fc2\u53e6\u4e00\u65b9\u9762\uff0c\u96d6\u7136\u5df2\u7d93\u6709ADFS WAP\uff0c\u4f46\u4fc2\u4fc2DMZ\u5605\u95dc\u4fc2\uff0c\u4fc2\u7121join AD\u3002\u6240\u4ee5Azure Pre-Authentication\u4fc2\u7528\u5514\u5230\u3002\u4fc2\u53e6\u4e00\u65b9\u9762\uff0c\u96d6\u7136\u5df2\u7d93\u6709ADFS WAP\uff0c\u4f46\u4fc2\u4fc2DMZ\u5605\u95dc\u4fc2\uff0c\u4fc2\u7121join AD\u3002\u6240\u4ee5Azure Pre-Authentication\u4fc2\u7528\u5514\u5230\u3002\u4f46\u4fc2\u7528Application Proxy Connector\u5c31\u7121\u5462\u500b\u9650\u5236\u3002Application Proxy Connector\u53ef\u4ee5\u5b89\u88dd\u4fc2\u4efb\u4f55\u4e00\u90e8Domain Joined Server\u3002\u4fc2\u5462\u500b\u56e0\u7d20\u4e4b\u4e0b\uff0cMachine Account \u884c Kerberos\u5c31\u7d55\u5c0d\u7121\u96e3\u5ea6\u3002 \u6b65\u9a5f\u53ef\u4ee5\u7167\u8ddfMicrosoft\u3002\u8b02\u7368\u6709\u4e00\u500bStep\u4ee4\u6211\u7279\u5225\u7559\u610f\uff0c\u56e0\u70ba\u540c\u4ee5\u5f80Configure KCD\u5514\u540c\u3002Common\u4fc2Delegation - \"Trust this computer for delegation to specified services only\" \u4e0b\u9762\u5605Section\u4fc2\u63c0\u00a0\"Kerberos only\"\uff0c\u4f46\u4fc2\u4eca\u6b21Config Application Proxy Delegation\u4fc2\u7528\"Use Any\u2026","rel":"","context":"In "Azure AD"","block_context":{"text":"Azure AD","link":"https:\/\/rol801.com\/wordpress\/?cat=14"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/rol801.com\/wordpress\/wp-content\/uploads\/2018\/02\/microsoft-azure-640x401.png?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/rol801.com\/wordpress\/wp-content\/uploads\/2018\/02\/microsoft-azure-640x401.png?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/rol801.com\/wordpress\/wp-content\/uploads\/2018\/02\/microsoft-azure-640x401.png?resize=525%2C300&ssl=1 1.5x"},"classes":[]},{"id":333,"url":"https:\/\/rol801.com\/wordpress\/?p=333","url_meta":{"origin":243,"position":2},"title":"Android Enterprise – Device Owner Mode Configuration \u5f8c\u611f – Part 1","author":"rol801","date":"July 13, 2018","format":false,"excerpt":"\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u4e00\u76f4\u4fc2MDM Product\u7bc4\u7587\u7576\u4e2d\uff0cAndroid\/iOS\u7b97\u4fc2\u53eb\u96d9\u982d\u99ac\u3002 \u4f46\u5462\u500b\u8b1b\u6cd5\u500b\u4eba\u8a8d\u70ba\u4fc2\u56e0\u70ba\u5305\u542bBYOD\u3002Android\u54c1\u724c\u591a\uff0cModel\u591a\u6a23\u6027 \u5605\u767e\u82b1\u9f4a\u653e\u3002 \u4f46\u540c\u6a23\u54cb\uff0c\u76f8\u5c0diOS \u5605\u7d71\u4e00\u6027\uff0cAndroid\u5605Device fragmentation\u78ba\u5be6\u6210\u70ba\u57a2\u75c5\u3002 \u4fc2\u55ae\u7d14roll out business own device \u5605\u89d2\u5ea6\uff0ciOS\u7cfb\u4e00\u9762\u5012\u4f54\u512a\u3002 \u4fc2\u4ee5\u5f80\u5605Android For Work (AfW)\uff0c\u552f\u4e00\u5605\u505a\u6cd5\u5c31\u4fc2 \u958bGoogle Managed Account\uff0c\u5373\u4fc2\u54a9\uff1f\u5c31\u7cfb\u7528\u639bCorp Domain\u53bb Google (https:\/\/admin. google.com) \u985e\u4f3cMicrosoft Azure \u5481\u3002 Verify \u500bCorp Domain\uff0cSet up Directory Sync\uff0c Password Sync \u4e0a\u53bbGoogle, bla bla bla\uff0c \u518d\u639b\u552f\u4e00 \u4e00\u500bMDM\u3002\u5187\u932f\uff0c\u4f60\u7121\u7747\u932f\u3002\u4fc2\u5f97\u4e00\u500b MDM quota. \u5462\u500b\u7cfb\u820a\u505a\u6cd5\u6700\u5927\u5605\u554f\u984c\uff0c\u7576\u8981\u7b2c\u4e8c\u500bMDM \u8981\u7528\u2026","rel":"","context":"In "IT"","block_context":{"text":"IT","link":"https:\/\/rol801.com\/wordpress\/?cat=2"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/rol801.com\/wordpress\/wp-content\/uploads\/2018\/07\/download.jpeg?resize=350%2C200&ssl=1","width":350,"height":200},"classes":[]},{"id":225,"url":"https:\/\/rol801.com\/wordpress\/?p=225","url_meta":{"origin":243,"position":3},"title":"Work Place by Facebook integrate with Azure AD – Part I – Subscription + Upgrade to Premium Work Place Premium","author":"rol801","date":"August 15, 2017","format":false,"excerpt":"\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u7d55\u5c0d\u5514\u4fc2\u65b0\u91ce\u3002 \u4e00\u5169\u5e74\u524d\u8a18\u5f97\u53ebFacbook for Work\uff0c\u4f46\u4fc2\u6435\u5514\u5230\u65b9\u6cd5\u7533\u8acb\u3002\u6a5f\u7de3\u4e0b \u4e0a\u661f\u671f\u7747\u5230Azure \u5605article\u3002 WorkPlace by FB\u8981\u958bAccount\u5514\u96e3\uff0c\u53bbhttps:\/\/facebook.com\/work \u7528Corporate Email account\u5c31\u958b\u5230\u3002\u4f46\u5c31\u5481\u666e\u901a\u4fc2\u505a\u5514\u5230\u4efb\u4f55Customization\u5605\uff08\u5305\u62ecAuthentication Integration)........ e.g. \"https:\/\/work-xxxxxxxx.facebook.com\" \u6240\u4ee5\u3002\u3002 \u7b2c\u4e00\u4ef6\u4e8b\u4fc2upgrade\u53bbWork Place Premium\u3002 Procedure\u90fd\u4fc2\u57fa\u672cverify domain ownership\u3002 \u4e00\u4fc2Domain RootLevel \u5605Web Server Webpage\u653etoken\uff0c\u53e6\u4e00\u9078\u64c7\u5c31\u4fc2DNS \u843d TXT Record (\u5f8c\u8005\u7d55\u5c0d\u6613\u505a\u5f97\u591a\uff0c\u4f46\u4fc2\u4f30\u5514\u5230FB Support\u8a71\u7747\u5514\u5230\u6211\u96bbDomain host \u4fc2\u908a\uff0c\u5514\u8b1b TXT Record \u500b\u505a\u6cd5\u6211\u77e5......\u73a9\u91ce) \u6642\u9593\u95dc\u4fc2\u3002\u3002 \u5169\u65e5\u7b49\u5de6 DNS Record Creation \u540c\u5f80\u5f8cFB\u5605vertificaton\uff0c\u4e4b\u5f8c\u518d\u9700\u8981\u7b49FB Subdoamin \u7531https:\/\/work-xxxxxxxx.facebook.com\u2026","rel":"","context":"In "ADFS"","block_context":{"text":"ADFS","link":"https:\/\/rol801.com\/wordpress\/?cat=13"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/rol801.com\/wordpress\/wp-content\/uploads\/2017\/08\/azure-active-directory.png?resize=350%2C200&ssl=1","width":350,"height":200},"classes":[]},{"id":71,"url":"https:\/\/rol801.com\/wordpress\/?p=71","url_meta":{"origin":243,"position":4},"title":"ADFS 3.0 -> MFA Setup Configuration","author":"rol801","date":"January 6, 2016","format":false,"excerpt":"\u00a0 \u00a0 \u00a0 \u00a0 \u57fa\u65bc\u88abM\uff04 \u6311\u6a5f\u8a71\u73a9 ADFS \u8981\u7528 On-Premises MFA \u5148\u5920\u597d\u3002 \uff08\u5f80\u5f8c\u5c31\u4fc2\u554f M\uff04\u9ede\u89e3 Cloud MFA \u505a\u5514\u5230Intranet IP by pass MFA) \u7528\u6700\u7c21\u55ae\u5605\u65b9\u6cd5\u4fc2 MFA server \u5b89\u4fc2 ADFS \u540c\u4e00\u90e8\u5e7e\u3002 \u5b89\u88dd\u540c\u5927\u90e8\u5206configure \u4ee5\u4e0b\u9762URL\u70ba\u597d\uff0c \u6bd4Microsoft Official Article \u66f4\u65b9\u4fbf Reference https:\/\/4sysops.com\/archives\/azure-multi-factor-authentication-part-7-securing-ad-fs\/ \u4f46\u4fc2\uff0c\u8981\u63d0\u53ca MFA User Portal\u6703\u7121\u795e\u795e\u9ed0\u7dda login \u5514\u5230\uff0c \u751a\u81f3\u5f71\u97ff\u5230\u4e00\u822c\u7528\u5605ADFS \u721bpage\u3002\u4fc2\u5b89\u88dd\u9014\u4e2dReboot Server\u591a\u7684\u4e8b....... \u6700\u5f8c\u6700\u7d93\u5178\u5605\u4fc2Microsoft \u5605 article \u932f\u8aa4\u52c1\u591a\u3002 PowerShell Commmand \u81ea\u5df1\u780c\u4f46\u4fc2\u7528\u9ece\u5305Parameter\u2026","rel":"","context":"In "ADFS"","block_context":{"text":"ADFS","link":"https:\/\/rol801.com\/wordpress\/?cat=13"},"img":{"alt_text":"mfa_thumb","src":"https:\/\/i0.wp.com\/rol801.com\/wordpress\/wp-content\/uploads\/2016\/01\/mfa_thumb-300x179.png?resize=350%2C200&ssl=1","width":350,"height":200},"classes":[]},{"id":276,"url":"https:\/\/rol801.com\/wordpress\/?p=276","url_meta":{"origin":243,"position":5},"title":"My ADFS Claims Rules Journey \u2013 Part 2","author":"rol801","date":"January 29, 2018","format":false,"excerpt":"\u7e8c\u4e0a\u56de\uff5e \u5176\u5be6\u4fc2\u7db2\u4e0a\u8b1bADFS \u5605post \u5927\u591a\u4fc2\u63a5\u8fd1\u4e00\u5e74\u4ee5\u4e0a\u5605\u820aarticle\u30022017 \u5f8c\u534a\u5605\u65b0post\u63a5\u8fd1 \u201c0\u201d \u3002 \u4fc2\u7121\u982d\u7d6e\u4e0b\u53ea\u53ef\u4ee5\u7528\u820asample code \u53bb\u780cclaims rule \u53bb\u8a66\uff0c \u5931\u6557\u4f8b\u5b50\u5982\u4e0b Sample1 NOT exists([Type == \"http:\/\/schemas.microsoft.com\/2012\/01\/requestcontext\/claims\/x-ms-forwarded-client-ip\", Value =~ \"\\bXXX\\.XXX\\.XXX\\.XXX\\b\"])&& NOT exists([Type == \"http:\/\/schemas.microsoft.com\/2012\/01\/requestcontext\/claims\/x-ms-client-application\", Value =~ \"Microsoft.Exchange.ActiveSync|Microsoft.Exchange.AutoDiscover\"])&& NOT exists([Type == \"http:\/\/schemas.microsoft.com\/claims\/authnmethodsreferences\", Value == \"http:\/\/schemas.microsoft.com\/claims\/multipleauthn\"]) => issue(Type = \"http:\/\/schemas.microsoft.com\/authorization\/claims\/deny\", Value = \"DenyUsersWithClaim\"); \u7b2c\u4e00\u500b\u8ad7\u5230\u5605\u505a\u6cd5\u4fc2\u7528\u6709\u5187\u884cMFA\uff0c\u57fa\u5982Legacy Client\u5605ActiveSync\u4fc2\u5514\u6703\u884cMFA\uff08\u4fc2Part1 AAR \u5df2\u7d93\u754c\u5b9a\uff09\u3002\u7406\u8ad6\u4e0a\u4fc2\u5571\uff0c\u4f46\u4fc2......\u6240\u6709\u4fc2Internal\u5605user\u4e00\u6a23\u5514\u9700\u8981MFA\uff0c\u7d50\u679c\u4fc2\u908a\u6210Internal client\u4ea6\u5514\u6703\u53bblogin\u5230\u4efb\u4f55Azure Services.... \u4fc2\u8a66\u5462\u6bb5Claims Rule\u2026","rel":"","context":"In "ADFS"","block_context":{"text":"ADFS","link":"https:\/\/rol801.com\/wordpress\/?cat=13"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/rol801.com\/wordpress\/wp-content\/uploads\/2015\/12\/adfs-logo.png?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/rol801.com\/wordpress\/wp-content\/uploads\/2015\/12\/adfs-logo.png?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/rol801.com\/wordpress\/wp-content\/uploads\/2015\/12\/adfs-logo.png?resize=525%2C300&ssl=1 1.5x"},"classes":[]}],"_links":{"self":[{"href":"https:\/\/rol801.com\/wordpress\/index.php?rest_route=\/wp\/v2\/posts\/243","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/rol801.com\/wordpress\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/rol801.com\/wordpress\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/rol801.com\/wordpress\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/rol801.com\/wordpress\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=243"}],"version-history":[{"count":5,"href":"https:\/\/rol801.com\/wordpress\/index.php?rest_route=\/wp\/v2\/posts\/243\/revisions"}],"predecessor-version":[{"id":252,"href":"https:\/\/rol801.com\/wordpress\/index.php?rest_route=\/wp\/v2\/posts\/243\/revisions\/252"}],"wp:attachment":[{"href":"https:\/\/rol801.com\/wordpress\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=243"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/rol801.com\/wordpress\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=243"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/rol801.com\/wordpress\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=243"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}