Federated Identity support on Live@edu – coming soon to an IdP near you…

A question I often get asked by customers considering Live@edu is something along the lines of “How do I get my Active Directory/other identity platform to work with Live@edu?” 

This is a question that I usually follow up with some qualification questions of my own around what “work with” means to the customer. Sometimes what they mean is that they would like an end-user to be able to log into our Live services or Outlook Live with their on-premises identity.  Why do they want this?  Well, it is for a number of reasons; here are some:

  • reducing identity proliferation – customers do not want to add yet another identity management solution for each new application they introduce.
  • driving better interoperability and collaboration opportunities – if collaborative tools could simply get along better without an administrator or end-user having to worry about how everyone is authenticating to them, users could be more effective more quickly.
  • getting the most out of existing investments – the ability to extend what has already been built on-premises to service cloud applications is very appealing.

Today we announced that Microsoft is working in a development partnership with the University of Washington to build and deliver federated identity support to Live@edu.  Federation addresses the needs outlined above by offering a secure process for sharing and managing identity data and establishing single sign-on across organizations.  With federation, organizations can seamlessly share services with internal and external trusted partners.

Through this partnership, Microsoft and the UW will provide education customers worldwide with a choice of approaches:

  • Customers with an existing investment in Active Directory will be able to extend that authentication platform to the cloud with ADFSv2 to enable access to Live@edu services.
  • Customers with investments in alternate identity platforms, such as OpenLDAP, will be able to take advantage of support for SAML / Shibboleth federation.

The timeline for delivery of this functionality is later this calendar year.  The UW is working extensively with us on feature specification, piloting, documentation, and more; they have some real depth of expertise in this area, hence we are delighted to be able to work with them.

So, in the meantime, what can customers do to prepare for all of this?  A great place to start is this article, where we outline the kinds of things an Active Directory customer customer should be thinking about if they plan to ready their infrastructure with the cloud.  More specific documentation for Live@edu with AD and SAML/Shibb is coming as part of the partnership, as well as the requisite changes required in the admin UI for Live@edu to make the configuration straight forward.

If all of this seems a little intimidating, don’t worry.  Our aim here, by providing great choices around federation options, is to make the deployment of our cloud services solutions as easy as a deployment of on-premises solutions.  Of course there will be a learning curve, as there is with anything new, but having worked with Microsoft server tools now for almost 14 years, I think we are very good at distilling what may be initially perceived as highly technical concepts into services and products that are very accessible to the busy IT Professional.

Your thoughts are welcomed!  A big THANKS to the UW for the partnership!

Jonny

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: