Last Updated on April 18, 2021 by admin
Active Directory Federation Services is a Microsoft service which allows the sharing of identity information between partners beyond of an AD forest. The users can use their AD username and password to access Office 365 (for example) and they won't be prompted to provide login credentials.The username name and password will be maintained by the administrator from a single place that is an active directory.
Active Directory Federation Services are used for single sign on to provide users access to system and applications located across organizational borders. User doesn't authenticate with the cloud provider directly, instead, they authenticate with an AD and because of the trust relationship between the AD system and the cloud service, the user can seamlessly use cloud services.
In an ADFS, a federation server on one side authenticates the user using AD Domain Services and issues a token containing a claim about the user and its identity. On the other side at the resource partner, a federation server validates the token and issues another token for the local servers to accept it.