SharePoint Federation and Extranet Workshop

June 18, 2014 9:00 AM - 4:00 PM

Javits Convention Center

Whether you are running SharePoint on premise or in the cloud, federation is an important topic. How do your users securely authenticate, whether they are members of your corporate AD or external users. Single sign-on and a seamless login experience are the nirvana that most organizations fail to achieve and it is a huge barrier to successful adoption. Extending your SharePoint through an Extranet to external partners builds on that success.

The workshop is broken into morning and afternoon sessions. The morning session is applicable to both business and technical audiences. It will introduce the concepts and scenarios, and take you through a number of customer case studies to illustrate. The afternoon sessions will be technical in nature and will provide the knowledge to implement the scenarios presented in the morning.

Morning Sessions

Anyone running or considering Office 365 needs to understand federation. It is also important for on premise installations, particularly where you are extending your SharePoint through an Extranet. Federation is the most secure way to do this, both for your internal users and external partners.

During the morning sessions you'll learn about ADFS, SAML, and federation, and how to leverage it to provide secure access to both your internal and external users. Understand the business needs for delegating user management, and how to design self-registration pages and approvals, and integrate them with your existing line of business systems

Unit 1 - Federation

We'll start by explaining web single sign-on, and how federation and SAML support this.  We'll cover identity providers such as ADFS and Thinktecture Identity Server and how they work with service providers such as SharePoint and users (principals).  You'll come away with an understanding not only of how this can be leveraged for SharePoint, but for any of your claims-aware web applications.

Unit 2 – Reference Scenarios

Here we'll go over at a high level different scenarios around where you would use federation, and how it would be architected.

• Office 365 Intranet
• Everyone other than the smallest of companies is going to want to federate their Office 365 with their on premises AD.  Staff should be automatically logged into SharePoint Online from their domain computers.  Learn how to architect this for internal and remote staff access, and how to leverage
• Office 365 Extranet
• Build on the above scenario by allowing your external partners to collaborate with your staff.  Understand the pros and cons of external sharing with Microsoft accounts, how external organization can also use their federated accounts, or how you can provision accounts for your external users and federate them in
• On Premise Extranet
• On premise means a fully managed SharePoint installation, whether in your data centre's DMZ or hosted externally.  We'll cover farm architectures and hosting options such as internal, RackSpace, FPWeb, Azure and Amazon.  From there we'll discuss how federation lets your staff access the Extranet without opening your firewall to the DMZ, and how it can also be leveraged for your external users
• On Premise Public Web Site and Extranet
• Building on the previous scenario, we'll talk about how we extend the same Extranet infrastructure to build a fully responsive, modern web site, which SharePoint 2013 excels at

Unit 3 - Customer Case Studies

Join us as we take you through a tour of a number of customer case studies ranging from the simple to the complex that illustrate the above scenarios.

• Office 365 Intranet
• Simple Extranet with no self-registration
• Collaboration portal with a customized self-registration
• Public web site with member's area, self-registration, and Dynamics CRM integration (www.bgccan.com)
• Public web site with member's area, self-registration, and approval delegation to external partners (www.publichealthontario.ca)
• Office 365 and Azure courtroom records management portal with self-registration, document processing, and workflows

Afternoon Sessions

In the afternoon we're going to get more technical.  Here we'll roll  up our sleeves and go through the steps required to get this all working.  Coming out of these sessions you'll have the details and PowerShell scripts required to get this working in your own environment.

Unit 4 - Office 365

ADFS is the preferred way for organizations to securely connect their corporate AD to Office 365, including SharePoint Online.  This unit will cover how to set it up, where to put ADFS (in the DMZ or Azure), and how to set it up so that staff inside the corporate network are automatically signed in.  Next we'll go over how this can also be leveraged for external users, including using Thinktecture Identity Server to provide a rich login experience. 

Unit 5 - SharePoint On Premise

Forms-based authentication has been the traditional way to allow external users access to the SharePoint Extranet.  Learn how federation can be used to provide a more secure Extranet, and how to implement it for both your internal and external users.

Unit 6 - Custom Claims

Understand how you can integrate your line of business system into the federation process and extend the claims that are provided to the service providers such as SharePoint.

Unit 7 - Extranet User Provisioning

Determining who is responsible for creating and managing external user accounts for an Extranet is often a challenge.  IT doesn't want to be the gatekeeper.  Can the business manage it, or is there a desire to delegate to the external partners themselves?  Is it invitation only, or does it support self-registrations?  What is the approval process?  How do users get their passwords, and what do they do when they forget them?  Are there external systems (such as Dynamics CRM) that are part of the registration process, and do they need to be updated?