Many organizations embrace the new reality of Hybrid Identity.
For many of them, the increased level of security towards both on-premises resources and cloud services is the main reason to do so: Single sign-on (SSO) and multi-factor authentication (MFA) are two main drivers to onboard on Microsofts vision.
When looking at People, Process and Technology, the three critical success factors for both organizational transformation, but also complementary parts of a successful Information Security strategy, the need for Security Awareness becomes apparent.
In my opinion, security awareness is technologically assisted by branding and disclaimers. That’s why, in this series, I’ll focus on adding these to your Hybrid Identity deployment.
About this series
In this series, we’ll look at the following components of a typical Hybrid Identity implementation:
- Azure Active Directory Logon Pages
- Active Directory Federation Services (AD FS) Logon Pages
(based on AD FS on Windows Server 2012 R2) - Azure Multi-Factor Authentication Server’s AD FS Adapter
(based on Azure MFA Server version 7.2.0) - Azure Multi-Factor Authentication Server’s User Portal
(based on Azure MFA Server version 7.2.0)
I deliberately follow this outline throughout the series, because for any Hybrid deployment, this is the sequence you might want to adopt. While we get further in the series, you might or might not have implemented the components referenced. This way, you can quit early.
My customizations
Since this series delivers real-world information, I’ll walk you through the actual customization steps. For this I need some branding resources. As I’m from the Netherlands, I’ll replace a lot of the blue interface elements in a default implementation with orange elements. (color code #ff8000). For picture resources I’ll use depictions of typical Dutch tradition and/or heritage.
Resources
I’ve prepared the following resources for my branding:
- Two square pictures with the logo
Each of these pictures is 240 pixels wide and 240 pixels high. One of these pictures is stored with a transparent background based on an initially light background (white), and the pother is stored in the same way, but based on an initially dark background (black). I saved them as *.PNG files. When you save these pictures, make sure they’re not over 10KB in size. - One wide picture with the logo and (company) name
The recommended picture is 280 pixels wide and 60 pixels in height for Azure AD.
The recommended picture is 280 pixels wide and 35 pixels in height for AD FS.
I saved this picture as a .PNG with a transparent background, based on a background that was initially white. Again, keep it under 10KB in size. - One big picture as a background
The recommended picture is 1420 pixels in width and 1200 pixels in height for Azure AD. The recommended picture is 1420 pixels in width and 1080 pixels in height for AD FS.
This is the main resource. I saved it as a *.JPG file and kept it under 200KB in size. - One disclaimer text in US-English
This is the legal stuff I add to the logon pages. Since Azure AD limits this text to 256 characters, I created a US-English one that complies with this limitation. - One disclaimer text in Dutch Since the logon pages can show different disclaimer texts for different browser language settings, I also created a disclaimer text in Dutch. This text also counted less than 256 characters.
When you create these resources beforehand, It’ll be easy to apply them through this series.
Note:
While you could use any reasonable sized graphical resources you’d like, the above image sizes prevent scroll bars in the Graphical User Interfaces (GUIs).
Further reading
"People, Process, and Technology"
Brand protection and abuse: Keeping your company image safe on social media
Information Security Service Branding – beyond information Security Service Branding
Security Culture Framework
Login