Hideez Identity Cloud
  • Getting Started Guide
    • Key features of Hideez Identity Cloud
    • Quick Start Guide
      • The Hideez Desktop Client
      • Hideez Authenticator App
    • Tennant manegement
      • User Management
        • Passkey
        • Hideez Authenticator App
        • FIDO Security Key
        • Platform Authentication via Windows Hello
        • Password+OTP
      • Workstation management
  • PC Authorization
    • Passwordless Authorization
      • Active Directory
        • Setting Up the Active Directory Certification Authority
        • Setting Up Workstation Passwordless Logon Settings on Hideez Identity Cloud
      • Microsoft Entra ID
    • Password-based Authorization
  • INTEGRATIONS
    • SAML 2.0
      • GitHub Enterprise
      • Google Workspace
      • Okta
    • OIDC (OpenID Connect)
      • Services that support OIDC and their configuration as Client
    • WS-Federation
      • Login to Exchange Outlook Web Application and Exchange Admin Center via Hideez Identity Cloud
    • Active Directory On-Premises
      • Connect Active Directory to Hideez Identity Cloud
      • ADFS integration
        • Login to Microsoft Exchange OWA Using AD FS and Hideez Identity Cloud as a Third-Party IdP
    • Microsoft Entra ID
      • Synchronization and import employees from Microsoft Entra ID to Hideez Identity Cloud
      • Configuration of Hideez Cloud as an External Authentication Method for Microsoft Entra ID via OIDC
    • Chrome OS
  • USE CASES
    • Passkey Login
    • Hideez Authenticator App login
    • FIDO Security Key login
    • Platform login via Windows Hello
    • Password+TOTP login
  • SUPPORT
    • Get Support
    • FAQ
      • What to do if a user loses their key/device and cannot access the site?
      • Can a custom domain name be created for the tenant instead of the default one?
      • Why am I already logged in Hideez, and no authorization occurs when I access my web application?
      • How long does an open authorization session last?
      • How to log out of the web application?
      • Can I administer multiple tenants simultaneously?
      • Can there be multiple administrators for the Hideez Identity Cloud?
    • Glossary
  • Hideez Documentation Portal
Powered by GitBook
On this page
  • What is WS-Federation:
  • Example Flow:
  1. INTEGRATIONS

WS-Federation

Hideez Identity Cloud - WS-Federation integration

PreviousServices that support OIDC and their configuration as ClientNextLogin to Exchange Outlook Web Application and Exchange Admin Center via Hideez Identity Cloud

Last updated 2 months ago

What is WS-Federation:

WS-Federation is a web-based Single Sign-On (SSO) protocol designed by Microsoft to enable identity federation across different domains and applications.

Key Points:

  • Purpose: Allows users to authenticate to multiple systems or applications using a single set of credentials.

  • Claims-Based Authentication: Relies on claims to pass user identity and attributes between an Identity Provider (IdP) (e.g., AD FS) and a Relying Party (RP) (e.g., an application).

  • Microsoft-Centric: Primarily used with Microsoft services like AD FS, Exchange OWA, and SharePoint.

  • Simplified SSO: Enables seamless access to applications without repeated logins.

  • Message Format: Uses XML-based messages to transfer authentication tokens securely.

  • Compared to SAML: While SAML is widely used across platforms, WS-Federation is more commonly found in Microsoft ecosystems.

Example Flow:

  • A user accesses Outlook on the Web (OWA) (Service Provider).

  • Outlook on the Web (OWA) redirects the authentication request to Hideez Identity Cloud (Identity Provider).

  • Hideez Identity Cloud uses WS-Federation to authenticate the user and send a security token back to OWA.

  • The user gains access to OWA without entering credentials again.

Configure login to Exchange OWA directly via Hideez Identity Cloud as the Identity Provider using the SAML 2.0 protocol (2-tier architecture: Exchange OWA → SAML 2.0 → Hideez Identity Cloud).

Advantages:

  1. No AD FS required: Eliminates the need for setting up and maintaining AD FS, simplifying the architecture, and reducing maintenance costs.

  2. Simpler configuration: Without the additional AD FS component, the setup process is quicker and easier.

  3. Faster access to resources: Direct integration with Hideez Identity Cloud reduces additional steps in the authentication process, providing quicker access to resources.

  4. Reduced latency: The direct integration model may lower response times compared to a multi-step architecture involving AD FS.

  5. Easier scalability: Scaling is simpler, as there’s no need to manage or expand an AD FS infrastructure for new integrations.

For more details, refer to the official Microsoft documentation on

If you need assistance with server setup or configuring SAML/OIDC, our support team is also available to help. We’ll be happy to assist you!

WS-Federation.
[email protected]