Active Directory Federation Services

Active Directory Federation Services

Active Directory Federation Services is a feature and Web service from Microsoft on Windows Server that allows it to be used in sharing identity information outside the existing network. Users authenticate their user’s name and password. Users can access certain applications. Without asking you to provide login credentials again. This application can be local or in the cloud or even hosted by other companies.

About Active Directory Federation Services

Here is a diagram to explain the concept. It doesn’t matter where this application lives or who owns it. This user account can be managed by an administrator from one place, namely Active Directory. Active Directory Federation Services (ADFS) provides solutions for identity identification for organizations that want to share identity information securely with their partners.

Using the Federation AD trust policy, you can manage your trust relationships with partners, and assign partner claims to claims that are understood by your organization’s web application. By relying on partner claims to start web application sessions, the responsibility for partner account management is held by partners. Partners know exactly when employees are recruited or dismissed, and roles are converted internally.

ADFS also provides centralized management of federal partnerships, reducing headaches in adding and removing partnerships. When you create a partnership to use another organization’s Web application, ADFS provides a centralized place to manage and review employee identity information shared with that partner. Active Directory Union Services provides a way to manage Internet identity and provide a single access capability. This is important because the transition from running internal applications to running applications in the cloud.

Active Directory Federation Services Access

When you run an application internally, you can give access rights to Active Directory objects (users and groups). After users are registered in Active Directory, they are recognized regardless of which server they are connected to access applications and other resources. Another example of how it works: When you log in to the computer in the morning using AD credentials, your identity is created after you verify your credentials. The same credentials will be used when you want to access local resources throughout your organization.

Now, if you want to access Netflix, Netflix won’t recognize you automatically because Netflix is ​​technically a cloud-based application. Regardless of whether you have logged in with your AD Domain account, there is no trust between Netflix and your domain. Netflix manages its own user account, so you must provide credentials for this site. The same applies to the corporate environment.

Your company can have a cloud application. Just like Netflix, this application will require a unique set of credentials. Netflix passwords are easy to remember, but the concept doesn’t work well in a corporate environment. For example, you can also get an Amazon account. Netflix and Amazon have no relationship with each other, so they need two different sets of credentials. Imagine the same concept in a corporate environment. If your company subscribes to 10 cloud-based applications, you must remember 20 different sets of credentials.

Unlike ordinary users, this will be a nightmare for support staff who need to manage various multi-user accounts and even manage password reset settings. These types of challenges make ADFS very important and are being widely adopted. One example of the widely applied ADFS application is from Microsoft for customers who want to transfer multiple services to Office 365.

Active Directory Federation Services (ADFS Office 635)

ADFS consists of Office 365 from various services, such as Microsoft Exchange, SharePoint, and Lync. Because Office 365 servers run in the cloud, you cannot directly join their servers to your domain. Because Office 365 requires an Active Directory environment, Microsoft creates a custom domain in the cloud for your Office 365 subscription. ADFS can be used instead to set the directory synchronization (using tool DirSyc) that will automatically create an account on the Microsoft domain that matches the account in your local domain.

You can even choose which accounts to be synchronized if you do not want all of your AD account has service Office 365. For the same account of this, some associated password might be a problem, and you enter the Active Directory Services. Active Directory Federation Services (ADFS) solution is Single Sign On (SSO) made by Microsoft. As a component of the Windows Server operating system, this gives users reliable access to applications that can not use Windows Integrated (IWA) through Active Directory (AD).

Employees only need to remember one set of credentials to access multiple applications via SSO. Active Directory Federation Services manages authentication through hosted proxy services between the AD and the target application. He uses the Unified Trust Fund, which binds ADFS and target applications to provide access to users. This allows users to sign in to applications that are consolidated through the SSO without having to authenticate themselves when they apply directly.

The authentication process generally follows the following four steps for Active Directory Federation Services:

  1. The user moves to the URL provided by the ADFS service.
  2. The ADFS service then authenticates the user through the organization’s AD service.
  3. When confirmed, the ADFS service then asks the user to authenticate.
  4. The user’s browser then transferred these claims to the target application, grant or deny access based Federated Trust services have been made.

ADFS produces the need to overcome the authentication challenges made by M in an increasingly online world. AD and IWA have set a limit in terms of modern documentation, and users can not authenticate access to AD integrated application externally. This is a challenge in the modern workplace, where users often need access to applications that are not owned or managed by the organization of their AD. Active Directory Federation Services able to complete and simplify the challenges of this third-party authentication, but is accompanied by several risks and losses.

ADFS to solve the problem for users who need access to AD integrated applications when working remotely, and offers a flexible solution for standards organizations to authenticate their credentials through a Web interface. Allows users from one organization to access other organized applications outside their domain. Examples include applications in partner organizations or cloud services that are now part of the IT landscape that is expanded in many organizations in Active Directory Federation Services.