DMAP: The Ultimate G...
Other Services
Active Directory Federation Services (AD FS) is a feature of the Windows Server operating system (OS) that extends end users'
single sign-on (SSO) access to applications and systems outside the corporate firewall.
What AD FS does
Microsoft's traditional Active Directory technology stores usernames and passwords and uses them to manage and secure access to computers on a Windows domain. It also provides SSO access to corporate applications. AD Federation Services builds upon this functionality to authenticate users on third-party systems, such as another company's extranet or a service hosted by a cloud provider.
Through SSO capabilities, ADFS can authenticate a user to different, related web apps during a single online session. ADFS shares the user's identity and access rights, also known as claims, across the organization's security boundaries. When users attempt to access a certain web app from one of their trusted business partners -- also known as a federation -- their organization must authenticate the employee's identity information via claims to the host of the web app. The host can then make authorization decisions based on the claims.
More than 80% organizations use Active Directory. Digital transformation is driving these organizations to transition mission critical system to cloud or hybrid environments. Active Directory Federation Service (ADFS) allows users from these organizations to Single Sign-On (SSO) into external applications. Once logged into their AD domain with a single username and password, employees get right into all corporate on-premises and cloud apps from their desktops.
Why Do I Need It?
- Reduce the burden on the IT helpdesk and improve productivity as system users can seamlessly create access requests.
- Enable proactive risk identification and mitigation to ensure audit and regulatory compliance requirements are met.
What Are the Benefits?
- Improved employee productivity by allowing to self-request.
- Audit trail of all access requests and manager or application owner approvals.
Important Features of ADFS:
SSO, federation:
SSO capabilities allow federation partners to share a streamlined experience when they use the organization's web apps. Additionally, IT can deploy federation servers in multiple organizations to enable transactions between federation partners.
Interoperability:
Through a federation specification called WS-Federation, ADFS federated identity management system is interoperable with other products that support web services architecture and even environments that don't use the Microsoft Windows identity model.
Extensibility:
ADFS supports the Security Assertion Markup Language (SAML) 1.1 security token type and Kerberos authentication, and can also change claims using a customizable access request. Through this extensible architecture, organizations can adjust ADFS to work with their current security and business frameworks.
Versions:
Active Directory Federation Services was first released with Windows Server 2003 R2 as an additional download. Since then, Microsoft has released five different versions of AD FS.
Why SecurEnds?
SecurEnds is fastest growing third-party solution for ADFS that provides an easily configurable self-service portal for access approvals.
Read More: https://securends.com/active-directory-federation-services/
Comments