Active Directory Federation Services (AD FS) in Windows 2012 R2 have reached the release 3.0.\u00a0In the long list of new features, an interesting one (dedicated to the world of BYOD) is the workplace join. I have configured workplace join in my lab and used it to authenticate an IPad. The following post explains and shows all the required steps.<\/p>\n
Note<\/strong>: the full configuration video is available here http:\/\/www.youtube.com\/watch?v=vQk2sF-tqf8&list=UUREnpjKgVEWhBxLU9yEDmXQ\u00a0<\/a><\/p>\n\n Workplace join answer to the need, for users to access company resources from their devices without giving the control on them to the network administrators. However it answers also to the need of the IT staff to keep control on what the device is able to do on the corporate resources. Workplace join enables users to register Windows-based and IOS-based devices for single sign-on and access to corporate data. The aforementioned device ado not join Active Directory, but the workplace join process generates a device object in AD and installs a certificate inside the device. From now on the network administrators are able to use this authentication to allow or remove access to network resources for the device, while users enjoy a single sign-on experience.<\/p>\n To realize my lab, I have used as a starting base this good post from Keith Mayer \u201cWhy R2? Step-by-Step: Solve BYOD Challenges with Workplace Join in Windows Server 2012 R2 and Windows 8.1<\/i>\u201d http:\/\/bit.ly\/1fc034K<\/a><\/p>\n <\/p>\n First step has been to add the Active Directory Federation Services role to my server Aphrodite (that is also my Domain Controller and Certification Authority).<\/span><\/p>\n
\n<\/address>\nBefore We Start: Introduction to Workplace Join<\/h4>\n
\nStep by step procedure<\/span><\/h4>\n