ADFS (Active Directory Federation Services) is an SSO solution created by Microsoft to authenticate users logging into applications which are incompatible with Integrated Windows Authentication (IWA) and Active Directory (AD).
ADFS provides organizations with the flexibility needed to simplify the user experience while improving the control that admins have over user accounts across owned as well as third-party applications. Since ADFS implements SSO, your employees are required to remember only one set of credentials for all the applications.
How it works
With ADFS, authentication is managed using a proxy server which is hosted between the AD and the target application. It operates based on federated trust – users can access an application through SSO without being required to authenticate their identity on the target application.
Why ADFS is important
ADFS was created to overcome the limitations that come with authentication methods used by ADs to allow users to connect with third-party integrations. For modern workplaces which require seamless connectivity with applications which are not owned or managed by the organization, ADFS delivers a distinct advantage. Companies simply have to establish a federated trust link with third-party applications and ADFS can act as a unified authenticator for owned as well as third-party applications.
Problems with ADFS
While ADFS comes as an efficient solution for authenticating users for integrated applications, it does have its fair share of drawbacks.
Cost
ADFS comes as a free feature with Windows Server, but the commissioning of ADFS requires a server license which is charged per core.
In addition to this direct cost, the management of ADFS servers can also increase the operational costs incurred by your organization. The federation trust links between the applications have to be maintained with utmost care by employees with a high level of technical skill. Also, since ADFS is a critical service, high availability is key. In addition, the infrastructure required to maintain and patch ADFS servers can be expensive.
Complexity
The time-consuming and complex nature of configuring the ADFS service with the addition of every application can hinder operational flow and IT agility in your organization. The process is also technically intricate and requires experienced professionals to carry it out.
Security
Using ADFS services right off the shelf can come with its own security risks. The ADFS as well as the Windows Server that the service runs on, would require further strengthening of security.
As much as the ADFS has significantly enhanced authentication across the networks and third-party applications of organizations, it would be advisable to take into account the drawbacks discussed above. If you are interested in using ADFS services or enhance your existing authentication services, Akku – the Identity and Access Management Solution – can help you get there. To know more, get in touch with us now.
Join our mailing list to know how you can control your cloud better.
Data security is a critical business priority today - this is especially true for businesses…
Author: Dinesh Reading Time: 3 mins In the past few months, it seems that any…
Author: Baskar Reading time: 3 mins Why do you need an IAM? These tools help…
How do you strengthen your identity verification processes? Most organizations go the route of…
Your management team says that the time has come to invest in your organization’s cybersecurity.…