Windows 裝置的逐步解說: 地點加入Walkthrough: Workplace Join with a Windows Device

適用於:Windows Server 2016、Windows Server 2012 R2Applies To: Windows Server 2016, Windows Server 2012 R2

本主題示範如何使用工作地點加入來連接您的 Windows 裝置使用您的工作地點,以及如何使用單一登入來存取 web 應用程式。This topic demonstrates how to use Workplace Join to connect your Windows device with your workplace and how to access a web application by using Single Sign-On. 您必須先完成中的步驟執行在 Windows Server 2012 R2 AD FS 設定實驗室區段之前,您可以嘗試本節。You must complete the steps in the Set up the lab environment for AD FS in Windows Server 2012 R2 section before you can try out this walkthrough.

存取裝置的登記之前 web 應用程式Access the web application before device registration

在本節中,您會存取公司 web 應用程式之前,您的工作地點到加入您的裝置。In this walkthrough, you access a company web application before you join your device to the workplace. 網頁將會顯示在您的安全性權杖中已包含宣告。The webpage displays the claims that were included in your security token. 請注意,索賠項目清單中的不包含任何裝置的相關資訊。Notice that the list of claims does not include any information about your device. 您也可能會觀察到,您不需要單一登入。You might also observe that you do not have Single Sign-On.

若要之前您使用工作地點加入您的裝置上存取 web 應用程式To access the web application before you use Workplace Join on your device

  1. 使用您的 Microsoft account 登入 Client1。Log on to Client1 with your Microsoft account.

  2. 左 Internet Explorer,瀏覽至您的一般宣告應用程式, https://webserv1.contoso.com/claimappOpen Internet Explorer and browse to your generic claims app, https://webserv1.contoso.com/claimapp.

  3. 登入使用公司核對網頁: ** roberth@contoso.com的密碼: ** P@ssword **。Log on to the webpage by using a company domain account: **roberth@contoso.com, password: P@ssword.

  4. 網頁列出您的安全性權杖中所有宣告。The webpage lists all the claims in your security token. 僅限使用者宣告會出現在您的安全性權杖。Only user claims are present in your security token.

  5. 關閉 Internet Explorer。Close Internet Explorer.

  6. 打開 Internet Explorer 和相同宣告應用程式中,瀏覽https://webserv1.contoso.com/claimappOpen Internet Explorer and navigate to the same claims app, https://webserv1.contoso.com/claimapp.

  7. 請注意,提示您重新輸入認證。Notice that you are prompted to enter your credentials again. 您不使用加入的工作地點裝置連接到地點,因此不需要單一登入。You are not connected to the workplace from a device with Workplace Join and therefore do not have Single Sign-On.

使用工作地點加入加入您的裝置Join your device with Workplace Join

重要

工作地點加入成功,client 電腦 (Client1) 必須信任 SSL 憑證用來設定 「 Active Directory 同盟 Services (AD FS)步驟 2: 設定聯盟伺服器裝置登記服務 (ADFS1) 以For Workplace Join to succeed, the client computer (Client1) must trust the SSL certificate that was used to configure Active Directory Federation Services (AD FS) in Step 2: Configure the Federation Server with Device Registration Service (ADFS1). 它也必須驗證憑證的撤銷資訊。It must also be able to validate revocation information for the certificate. 如果您使用工作地點加入的任何問題,您可以在 Client1 檢視事件登入。If you have any issues with Workplace Join, you can view the event log on Client1.

事件登入,請打開事件檢視器,展開應用程式與服務登,展開Microsoft,展開Windows,然後按一下 [的工作地點加入To see the event log, open Event Viewer, expand Applications and Services Logs, expand Microsoft, expand Windows, and then click Workplace Join.

若要加入的工作地點加入您的裝置To join your device with Workplace Join

  1. 使用您的 Microsoft account 登入 Client1。Log on to Client1 with your Microsoft account.

  2. [開始]畫面左常用列,],然後選取設定常用鍵。On the Start screen, open the Charms bar, and then select the Settings charm. 選取 [ [變更電腦設定Select Change PC Settings.

  3. 電腦設定頁面上,選取網路,然後按一下 [的工作地點On the PC Settings page, select Network, and then click Workplace.

  4. 請輸入您的工作地點的存取,或管理的裝置上關閉身份方塊中,輸入** roberth@contoso.com ,然後按一下 [加入In the **Enter your UserID to get workplace access or turn on device management box, type roberth@contoso.com, and then click Join.

  5. 當系統提示您輸入認證時,輸入** roberth@contoso.com ,並密碼: ** P@ssword **。When you are prompted for credentials, type **roberth@contoso.com, and password: P@ssword. 按一下[確定]Click OK.

  6. 您現在應該會看到此訊息: 「 這個裝置已加入您的工作場所網路 」。You should now see the message: "This device has joined your workplace network."

存取加入工作場所之後 web 應用程式Access the web application after joining the workplace

示範的這一角,您會從裝置連接的工作地點加入存取公司 web 應用程式。In this part of the demonstration, you access a company web application from your device that is connected with Workplace Join. 網頁將會顯示在您的安全性權杖中已包含宣告。The webpage displays the claims that were included in your security token. 請注意索賠項目清單,包括裝置和使用者資訊。Notice that the list of claims includes both device and user information. 您可能也會看到您現在具有單一登入。You might also observe that you now have Single Sign-On.

存取加入工作場所之後 web 應用程式To access the web application after joining the workplace
  1. 登入Client1使用您的 Microsoft account。Log on to Client1 with your Microsoft account.

  2. 左 Internet Explorer,瀏覽至您的一般宣告應用程式, https://webserv1.contoso.com/claimappOpen Internet Explorer and browse to your generic claims app, https://webserv1.contoso.com/claimapp.

  3. 登入使用公司核對網頁: ** roberth@contoso.com的密碼: ** P@ssword **。Log on to the webpage by using a company domain account: **roberth@contoso.com, password: P@ssword.

  4. 網頁列出您的安全性權杖中主張。The webpage lists claims in your security token. 您權杖包含宣告使用者及裝置。Your token contains both user and device claims.

  5. 關閉 Internet Explorer。Close Internet Explorer.

  6. 打開 Internet Explorer 和相同宣告應用程式中,瀏覽https://webserv1.contoso.com/claimappOpen Internet Explorer and navigate to the same claims app, https://webserv1.contoso.com/claimapp.

  7. 請注意,您的提示您重新輸入認證。Notice that you are not prompted to enter your credentials again. 您的工作地點加入裝置連接,因此單一登入。You are connected from a device with Workplace Join and therefore have Single Sign-On.

也了See Also

加入的任何裝置 SSO 和順暢第二個因數驗證在公司應用程式的工作地點 設定實驗室 AD FS 在 Windows Server 2012 R2 的 逐步解說: 的工作地點裝置 iOS 加入Join to Workplace from Any Device for SSO and Seamless Second Factor Authentication Across Company Applications Set up the lab environment for AD FS in Windows Server 2012 R2 Walkthrough: Workplace Join with an iOS Device