Active Directory Domain Services or ADFS is the underlying technology that provides a seamless Single Sign On experience for users. Without ADFS, users will have to maintain two separate credentials, one set of credentials for on-premise resources and a second set for Office 365. Active directory Federated Services also referred to as ADFS, is the service that keeps Office 365 and existing on-premise Server Active directory in sync. In this video, Sharon will explore the history of ADFS and the how and why the technology has changed to meet today’s unique security challenges.
- Currently there are three identity models to choose from when getting started with Office 365 Identity Management. There's Cloud identity, Synchronized Identity, or Federated Identity. Cloud Identity assumes all users are managed via Azure Active Directory. Active Directory or AD is not required. This is perfect for the company who wants everything in the Cloud and does not require a traditional AD. Next is the Synchronized Identity. In this model, usernames and passwords are synced from server AD to Azure AD.
You may already be familiar with DirSync, which was a tool for this model for years. Users would need to sign in to Office 365 after already signing into the on-premise AD. I see this model in most small and medium businesses or SMB implementations. Finally, Federated Identity, otherwise referred to as Active Directory Federated Services, or ADFS for short, is a Microsoft technology that provides single sign-on access to systems and applications across organizational borders.
Simply stated, ADFS allows a user to use a single username and password to access various applications. For example, a user logs onto their corporate computer using their username and password. From there they access other resources, such as Office 365 email, without having to provide their credentials again. Typically you would implement ADFS in any of the four following scenarios. First, there is already an existing ADFS infrastructure in place.
Or multiple forests exist in the on-premise environment. A custom hybrid application such as SharePoint is in place, and finally, policy dictates single sign-on, sign-on restrictions, or any other policy that requires a federated identity.
Here, system admins will learn how to implement and manage federated identities for single sign-on in Office 365. Microsoft Certified Trainer Sharon Bennett shows how to plan for an Active Directory Federation Services (AD FS), install the AD FS role on Windows Server 2012 R2, and install and manage AD FS proxy servers.
Note: This training course maps to the Implement and Manage Federated Identities for SSO domain for Microsoft Certification exam 70-346.
- Planning for AD FS
- Sizing your infrastructure
- Configuring clients
- Installing the AD FS role
- Managing your servers
- Installing and configuring the AD FS proxy
- Tips for taking Microsoft Certification exam 70-346