操作实例:使用 Windows 设备加入工作区Walkthrough: Workplace Join with a Windows Device

本主题演示如何使用“工作区加入”将你的 Windows 设备与工作区连接以及如何通过使用单一登录访问 Web 应用程序。This topic demonstrates how to use Workplace Join to connect your Windows device with your workplace and how to access a web application by using Single Sign-On. 你必须完成在Windows Server 2012 R2 中设置 AD FS 实验室环境部分中的步骤,然后才能尝试此演练。You must complete the steps in the Set up the lab environment for AD FS in Windows Server 2012 R2 section before you can try out this walkthrough.

在设备注册前访问 Web 应用程序Access the web application before device registration

在本操作实例中,你在将设备加入工作区前访问公司 Web 应用程序。In this walkthrough, you access a company web application before you join your device to the workplace. 该网页显示你的安全令牌中所包括的声明。The webpage displays the claims that were included in your security token. 请注意声明列表不包括有关你的设备的任何信息。Notice that the list of claims does not include any information about your device. 你还可能会发现你不具有单一登录。You might also observe that you do not have Single Sign-On.

在你的设备上使用“工作区加入”前访问 Web 应用程序To access the web application before you use Workplace Join on your device

  1. 请使用你的 Microsoft 帐户登录到 Client1。Log on to Client1 with your Microsoft account.

  2. 打开 Internet Explorer 并浏览到一般声明应用 https://webserv1.contoso.com/claimappOpen Internet Explorer and browse to your generic claims app, https://webserv1.contoso.com/claimapp.

  3. 使用公司域帐户登录到网页: roberth@contoso.com ,密码: P@sswordLog on to the webpage by using a company domain account: roberth@contoso.com, password: P@ssword.

  4. 该网页列出你的安全令牌中的所有声明。The webpage lists all the claims in your security token. 在你的安全令牌中仅存在用户声明。Only user claims are present in your security token.

  5. 关闭 Internet Explorer。Close Internet Explorer.

  6. 打开 Internet Explorer 并导航到同一声明应用 https://webserv1.contoso.com/claimappOpen Internet Explorer and navigate to the same claims app, https://webserv1.contoso.com/claimapp.

  7. 请注意,系统会提示再次输入你的凭据。Notice that you are prompted to enter your credentials again. 你无法从使用“工作区加入”的设备连接到工作区,因此不具备单一登录。You are not connected to the workplace from a device with Workplace Join and therefore do not have Single Sign-On.

使用“工作区加入”加入你的设备Join your device with Workplace Join

重要

若要成功执行工作区加入,客户端计算机 (Client1) 必须信任在 Step 2: Configure the Federation Server with Device Registration Service (ADFS1)中用于配置 Active Directory 联合身份验证服务 (AD FS) 的 SSL 证书。For Workplace Join to succeed, the client computer (Client1) must trust the SSL certificate that was used to configure Active Directory Federation Services (AD FS) in Step 2: Configure the Federation Server with Device Registration Service (ADFS1). 它还必须能够验证该证书的吊销信息。It must also be able to validate revocation information for the certificate. 如果在执行工作区加入时遇到任何问题,可以查看 Client1 上的事件日志。If you have any issues with Workplace Join, you can view the event log on Client1.

若要查看事件日志,请打开事件查看器,依次展开“应用程序和服务日志”****、“Microsoft”**** 和“Windows”****,然后单击“工作区加入”****。To see the event log, open Event Viewer, expand Applications and Services Logs, expand Microsoft, expand Windows, and then click Workplace Join.

使用“工作区加入”加入你的设备To join your device with Workplace Join

  1. 请使用你的 Microsoft 帐户登录到 Client1。Log on to Client1 with your Microsoft account.

  2. 在“开始”**** 屏幕上,打开“超级按钮”**** 栏,然后选择“设置”**** 超级按钮。On the Start screen, open the Charms bar, and then select the Settings charm. 选择“更改电脑设置”****。Select Change PC Settings.

  3. 在“电脑设置”**** 页面上,选择“网络”****,然后单击“工作区”****。On the PC Settings page, select Network, and then click Workplace.

  4. 在 "输入用户 id 以获取工作区访问权限或打开设备管理" 框中,键入 roberth@contoso.com ,然后单击 "加入"。In the Enter your UserID to get workplace access or turn on device management box, type roberth@contoso.com, and then click Join.

  5. 当系统提示你输入凭据时,请键入 roberth@contoso.com 和密码: P@sswordWhen you are prompted for credentials, type roberth@contoso.com, and password: P@ssword. 单击“确定”。Click OK.

  6. 现在,你应看到如下消息:“此设备已加入工作区网络。”You should now see the message: "This device has joined your workplace network."

加入工作区后访问 Web 应用程序Access the web application after joining the workplace

在此部分的演示中,从与“工作区加入”连接的设备访问公司 Web 应用程序。In this part of the demonstration, you access a company web application from your device that is connected with Workplace Join. 该网页显示你的安全令牌中所包括的声明。The webpage displays the claims that were included in your security token. 请注意声明列表同时包括设备和用户信息。Notice that the list of claims includes both device and user information. 你还可能会发现你现在具有单一登录。You might also observe that you now have Single Sign-On.

在加入工作区后访问 Web 应用程序To access the web application after joining the workplace
  1. 请使用你的 Microsoft 帐户登录到“Client1”****。Log on to Client1 with your Microsoft account.

  2. 打开 Internet Explorer 并浏览到一般声明应用 https://webserv1.contoso.com/claimappOpen Internet Explorer and browse to your generic claims app, https://webserv1.contoso.com/claimapp.

  3. 使用公司域帐户登录到网页: roberth@contoso.com ,密码: P@sswordLog on to the webpage by using a company domain account: roberth@contoso.com, password: P@ssword.

  4. 该网页列出你的安全令牌中的声明。The webpage lists claims in your security token. 你的令牌同时包含用户和设备声明。Your token contains both user and device claims.

  5. 关闭 Internet Explorer。Close Internet Explorer.

  6. 打开 Internet Explorer 并导航到同一声明应用 https://webserv1.contoso.com/claimappOpen Internet Explorer and navigate to the same claims app, https://webserv1.contoso.com/claimapp.

  7. 请注意,系统不会提示再次输入你的凭据。Notice that you are not prompted to enter your credentials again. 你从使用“工作区加入”的设备连接,因此具有单一登录。You are connected from a device with Workplace Join and therefore have Single Sign-On.

另请参阅See Also

跨公司应用程序从任何设备加入工作区以实现 SSO 和无缝第二重身份验证 为 Windows Server 2012 R2 中的 AD FS 设置实验室环境演练:使用 IOS 设备 Workplace JoinJoin to Workplace from Any Device for SSO and Seamless Second Factor Authentication Across Company Applications Set up the lab environment for AD FS in Windows Server 2012 R2 Walkthrough: Workplace Join with an iOS Device