ADFS integration

What is AD FS (Active Directory Federation Services):

Active Directory Federation Services (AD FS) is a Single Sign-On (SSO) solution developed by Microsoft that allows organizations to authenticate users across different applications and systems, both on-premises and in the cloud.

Key Points:

  • Federation Service: Provides identity federation between an organization's Active Directory and external systems or service providers.

  • SSO (Single Sign-On): Enables users to log in once and access multiple applications without needing to re-enter credentials.

  • Claims-Based Authentication: AD FS uses claims (user attributes) for authentication and authorization instead of traditional credentials.

  • Protocols Supported:

    • WS-Federation: Microsoft’s proprietary protocol for web-based SSO.

    • SAML 2.0: An open standard for cross-domain authentication.

    • OAuth 2.0/OpenID Connect: Modern protocols for API and app authentication.

  • Integration: Often used for Microsoft services like Exchange OWA, SharePoint, and other third-party applications.

Configure login to Exchange OWA using AD FS with Hideez Identity Cloud as the Identity Provider, utilizing the WS-Federation protocol (3-tier architecture: Exchange OWA → WS-Federation → AD FS → SAML 2.0 →Hideez Identity Cloud).

Advantages:

  1. Leverages existing AD FS infrastructure: If AD FS is already installed and configured, this option allows you to use the existing infrastructure without additional setup or changes.

  2. Integration with other Microsoft applications: If the organization already integrates other Microsoft products via AD FS, this option allows centralized authentication management for all applications, including Exchange OWA and others.

  3. Centralized access policy management: With AD FS in place, you can manage access policies and security measures centrally, ensuring consistent enforcement across all integrated services, including Hideez Identity Cloud.

  4. Enhanced security: AD FS can be configured with additional security features like MFA, enhancing access protection for all connected resources.

  5. Convenient for organizations already using AD FS: This option is ideal for organizations with established AD FS configurations, allowing easy integration of Hideez Identity Cloud as an external identity provider without major infrastructure changes.

For more details, refer to the official Microsoft documentation on Active Directory Federation Service (AD FS).

PreviousConfiguration of Hideez Cloud as an External Authentication Method for Microsoft Entra ID via OIDCNextLogin to Microsoft Exchange OWA Using AD FS and Hideez Identity Cloud as a Third-Party IdP