Cross Identity

Official Blog

Active Directory Federation Services


Back in 1999, Microsoft introduced Active Directory to the world. Eventually, the windows 2000 server came with an integrated Active Directory. Since it acted as a repository in which components such as Contact, Printer, Computer, Shared folder, Group and Organizational Units (OUs) could be organized, most companies started considering and using the Active Directory as a critical database.

The Active Directory had constant improvisations and year after year, new features and services were added to it. Today, there are plenty of Active Directory services such as AD Domain services, AD Lightweight Directory Services, AD Right Management Services, AD Certificate Services, etc.

However, out of the many services, Active Directory Federation Services (ADFS) has gained immense popularity and businesses are opting for ADFS.

What is Active Directory Federation Service (ADFS)?

The objective of providing an Active Directory Federation Service is to drastically simplify access management within the organization. ADFS supports identity management and provides a Single Sign-On solution, this is how;

  • When a third-party, say your company’s clients, partners or vendors need an access to your environment, ADFS authenticates their username and passwords that allows the sharing of identities between the organizations securely, this is also known as “Federated Identity Management” as Federation means trust between your company and the third parties.
  • ADFS offers Single Sign-On, where the users can sign on to multiple applications, without having to validate their credentials each time they log in. Users need only one strong, secure credential to log in to their applications.

ADFS in Azure

Companies today are rapidly moving from on-premise application to cloud based applications. While using cloud applications has a lot of advantages, there is an obvious challenge associated to using cloud apps – Having separate set of credentials and validating each one of them.

Consider this, you need to access applications which are available on the Active Directory, as soon as you login with your AD credentials, your identity is validated and you can start using these applications, now say, you also use certain applications which are cloud-based. Typically, a cloud app needs a separate set of credentials, each of which must be authenticated.

Therefore, you can effortlessly access your AD application with a single set of credentials but when it comes to cloud apps, the problem still persists, you have to use multiple credentials and validate them individually; a certainly time-consuming process which may also prevent you from moving into cloud.

This is when, ADFS in Azure comes into picture. It provides a simplified identity federation and single sign-on solution so you can authenticate your on-premise credentials and seamlessly access the cloud applications as well.

ADFS for your organization – a good choice?

Deploying an Active Directory Federation Service should be a well-thought decision and shouldn’t be opted for just because businesses around you are going for it.

You may be able to make an informed decision after reading the advantages and disadvantages of ADFS as given below –


Single Sign-On to applications

The Single Sign-On solution is a real time-saver and enhances productivity. Employees have access to multiple applications and with SSO, they can login to all their applications at one go with only one set of credentials. They no longer need to spend time logging into each application. This saves a lot of their time and helps them become more productive.

Secure third-party connections

When a client or a vendor needs access to your environment, you cannot deny them the same. However, the question of how secure the access is, would surely bother you.
ADFS authenticates a user’s identity and helps establish a federation trust which builds secure third-party connections and makes sharing information between your organization and trusted partners much easier and secure.

Easy access to cloud apps

Accessing the applications on your Active Directory is undoubtedly a lot simpler. All the applications are in one place and you need only one credential to access them all. However, accessing cloud applications becomes complicated as they need different credentials which are in no relation to your AD credentials. So, if you use 5 cloud applications, you will be using and validating 10 different credentials.

This whole process is simplified with ADFS in Azure AD. You can easily access, manage and single sign-on to your cloud applications by authenticating the on-premise credentials.

ADFS also has some drawbacks – it is complex to understand, you cannot use ADFS on remote desktop servers, it may not be able to authenticate older apps, and the pricing is not necessarily pocket-friendly.

Is there an alternative to ADFS?

Most organizations today use an Active Directory which implies that they also require ADFS owing to its advantages, but it certainly is not the only option available.

You may want to explore other identity and authentication solutions that may benefit your organization better than ADFS.

Cross Identity’ has 19 years of experience in the IAM domain and understands your organization’s identity and access management needs perfectly well.

Our product – CI offers cloud-based identity solutions such as Single Sign-On, Password Management, Lifecycle Management, etc. The solutions are also available as pre-configured services, which is a license-free model that lets you pay for only what you consume.

We sync the solutions with your Active Directory, and the organizations that don’t have a directory can on board their applications on the Cross Identity’ in-built, cloud directory.

Drop in a line and know more about how our solutions will help you with an efficient identity management.