Hideez Identity Cloud
  • Getting Started Guide
    • Key features of Hideez Identity Cloud
    • Quick Start Guide
    • User Management
      • Passkey
      • Hideez Authenticator App
      • FIDO Security Key
      • Platform Authentication via Windows Hello
      • Password+OTP
  • INTEGRATIONS
    • SAML 2.0 integration
      • GitHub Enterprise
      • Google Workspace
      • Okta
    • OIDC (OpenID Connect) integration
      • Services that support OIDC and their configuration as Client
    • WS-Federation integration
      • Login to Exchange Outlook Web Application and Exchange Admin Center via Hideez Identity Cloud
    • Active Directory On-Premises Integration
      • ADFS integration
        • Login to Microsoft Exchange OWA Using AD FS and Hideez Identity Cloud as a Third-Party IdP
    • Microsoft Entra ID integration
      • Synchronization and import employees from Microsoft Entra ID to Hideez Identity Cloud
      • Configuration of Hideez Cloud as an External Authentication Method for Microsoft Entra ID via OIDC
  • USE CASES
    • Passkey Login
    • Hideez Authenticator App login
    • FIDO Security Key login
    • Platform login via Windows Hello
    • Password+TOTP login
  • SUPPORT
    • Get Support
    • FAQ
      • What to do if a user loses their key/device and cannot access the site?
      • Can a custom domain name be created for the tenant instead of the default one?
      • Why am I already logged in Hideez, and no authorization occurs when I access my web application?
      • How long does an open authorization session last?
      • How to log out of the web application?
      • Can I administer multiple tenants simultaneously?
      • Can there be multiple administrators for the Hideez Identity Cloud?
    • Glossary
  • Hideez Documentation Portal
Powered by GitBook
On this page
  • What is WS-Federation:
  • Example Flow:
  1. INTEGRATIONS

WS-Federation integration

Hideez Identity Cloud - WS-Federation integration

PreviousServices that support OIDC and their configuration as ClientNextLogin to Exchange Outlook Web Application and Exchange Admin Center via Hideez Identity Cloud

Last updated 7 days ago

What is WS-Federation:

WS-Federation is a web-based Single Sign-On (SSO) protocol designed by Microsoft to enable identity federation across different domains and applications.

Key Points:

  • Purpose: Allows users to authenticate to multiple systems or applications using a single set of credentials.

  • Claims-Based Authentication: Relies on claims to pass user identity and attributes between an Identity Provider (IdP) (e.g., AD FS) and a Relying Party (RP) (e.g., an application).

  • Microsoft-Centric: Primarily used with Microsoft services like AD FS, Exchange OWA, and SharePoint.

  • Simplified SSO: Enables seamless access to applications without repeated logins.

  • Message Format: Uses XML-based messages to transfer authentication tokens securely.

  • Compared to SAML: While SAML is widely used across platforms, WS-Federation is more commonly found in Microsoft ecosystems.

Example Flow:

  • A user accesses Outlook on the Web (OWA) (Service Provider).

  • Outlook on the Web (OWA) redirects the authentication request to Hideez Identity Cloud (Identity Provider).

  • Hideez Identity Cloud uses WS-Federation to authenticate the user and send a security token back to OWA.

  • The user gains access to OWA without entering credentials again.

Configure login to Exchange OWA directly via Hideez Identity Cloud as the Identity Provider using the SAML 2.0 protocol (2-tier architecture: Exchange OWA → SAML 2.0 → Hideez Identity Cloud).

Advantages:

  1. No AD FS required: Eliminates the need for setting up and maintaining AD FS, simplifying the architecture, and reducing maintenance costs.

  2. Simpler configuration: Without the additional AD FS component, the setup process is quicker and easier.

  3. Faster access to resources: Direct integration with Hideez Identity Cloud reduces additional steps in the authentication process, providing quicker access to resources.

  4. Reduced latency: The direct integration model may lower response times compared to a multi-step architecture involving AD FS.

  5. Easier scalability: Scaling is simpler, as there’s no need to manage or expand an AD FS infrastructure for new integrations.

For more details, refer to the official Microsoft documentation on WS-Federation.

If you need assistance with server setup or configuring SAML/OIDC, our support [email protected] team is also available to help. We’ll be happy to assist you!