SharePoint Authorization and Authentication-Controlling Access to Documents and Data
-
Upload
tom-resing -
Category
Software
-
view
361 -
download
0
Transcript of SharePoint Authorization and Authentication-Controlling Access to Documents and Data
Tom Resing, MCM + Author
Managing Authentication
and Authorization --
Controlling Access to
Documents and Data
Photo by mbrand - Creative Commons Attribution-NonCommercial License https://www.flickr.com/photos/87317539@N00 Created with Haiku Deck
Photo by YanivG - Creative Commons Attribution-NonCommercial-ShareAlike License https://www.flickr.com/photos/17796222@N00 Created with Haiku Deck
Photo by ell brown - Creative Commons Attribution License https://www.flickr.com/photos/39415781@N06 Created with Haiku Deck
Photo by cackhanded - Creative Commons Attribution-NonCommercial License https://www.flickr.com/photos/37354253@N00 Created with Haiku Deck
Photo by mikecogh - Creative Commons Attribution-NonCommercial-ShareAlike License https://www.flickr.com/photos/89165847@N00 Created with Haiku Deck
Photo by Jamison_Judd - Creative Commons Attribution License https://www.flickr.com/photos/14072475@N07 Created with Haiku Deck
Photo by Stuck in Customs - Creative Commons Attribution-NonCommercial-ShareAlike License https://www.flickr.com/photos/95572727@N00 Created with Haiku Deck
Photo by kevin dooley - Creative Commons Attribution License https://www.flickr.com/photos/12836528@N00 Created with Haiku Deck
© 2015 Jive Software, Inc. All rights reserved | Jive Confidential Page 11
Tom Resing
2x Past Microsoft Most Valuable Professional (MVP) Award Winner 2013, 2014
The leading provider of moderncommunication and collaboration solutions for business.
© 2015 Jive Software, Inc. All rights reserved | Jive Confidential Page 14
Authentication Topics
• Authentication Types
• Focus on Claims
• Active Directory Integration
© 2015 Jive Software, Inc. All rights reserved | Jive Confidential Page 17
• Most common authentication provider for SharePoint
• Easy to use with claims or classic mode
• Integrates with Active Directory Federation Services (AD FS) for SAML 2.0 support
Active Directory
© 2015 Jive Software, Inc. All rights reserved | Jive Confidential Page 19
Hierarchy Topics
• Physical Security
• Network Security
• Content Databases
• Farm Level
• SharePoint Objects and Groupings
© 2015 Jive Software, Inc. All rights reserved | Jive Confidential Page 20
Physical and Network Security
• Servers
• Backups
• Tapes
• File copies
• Network
© 2015 Jive Software, Inc. All rights reserved | Jive Confidential Page 21
• Wikipedia says: “In information security, computer science, and other fields, the principle of least
privilege (also known as the principle of minimal privilege or the principle of least authority) requires
that in a particular abstraction layer of a computing environment, every module (such as a process,
a user or aprogram depending on the subject) must be able to access only the information
and resources that are necessary for its legitimate purpose.[1][2]”-
• Must apply at every level
– Including the file system and tape backups!
Principle Of Least Privilege
© 2015 Jive Software, Inc. All rights reserved | Jive Confidential Page 23
Authorization Topics
• Permissions Boundaries
• Self Service Site Creation
• Managing Authentication and
Authorization with PowerShell
• Troubleshooting Tools
• Search Permission Trimming
© 2015 Jive Software, Inc. All rights reserved | Jive Confidential Page 24
User Policy
© 2015 Jive Software, Inc. All rights reserved | Jive Confidential Page 25
• Example: My Sites
Self Service Site Creation
© 2015 Jive Software, Inc. All rights reserved | Jive Confidential Page 26
• Create Classic Mode Web Application https://technet.microsoft.com/en-us/library/gg276326.aspx
• Turn on Developer Dashboard
PowerShell Tips
New-SPWebApplication -Name “Classic AuthN Site" -ApplicationPool “OctoberSPAppPool"-ApplicationPoolAccount (Get-SPManagedAccount "CONTOSO\sp_farm") -Port 81 -URL "http://octobersp.cloudapp.net/"
$svc = [Microsoft.SharePoint.Administration.SPWebService]::ContentService$dds = $svc.DeveloperDashboardSettings$dds.DisplayLevel = "On"$dds.Update()
© 2015 Jive Software, Inc. All rights reserved | Jive Confidential Page 27
ULS Viewer
© 2015 Jive Software, Inc. All rights reserved | Jive Confidential Page 28
• Honors permissions
– Must be maintained
Search
Reference Material
© 2015 Jive Software, Inc. All rights reserved | Jive Confidential Page 30
Reference
ULSViewer.exe download (MSDN archive version)
http://www.benjaminathawes.com/2014/05/26/ulsviewer-exe-download/
Plan self-service site creation in SharePoint 2013
https://technet.microsoft.com/en-us/library/cc263483.aspx
Fiddler
http://www.telerik.com/fiddler
© 2015 Jive Software, Inc. All rights reserved | Jive Confidential Page 31
Reference
What’s new in SharePoint 2013
Administration – Todd and Shane
Professional SharePoint 2013
Administration (2010 edition, too)
© 2015 Jive Software, Inc. All rights reserved | Jive ConfidentialJive is the leading provider of modern communication and collaboration solutions for business.
For more information, visit www.jivesoftware.com