Troubleshooting Active Directory Federation Services

Enabling single sign-on for your users must not be a big deal. There are multiple hybrid identity authentication scenarios available to obtain single sign-on capabilities to your users:

  • Active Directory Federation Services (AD FS): single sign-on, based on one identity in your on-premises Active Directory and publishes on-premises and cloud web applications. This is the most complex scenario and often used by organizations with 250+ seats. They are not only using Office 365 applications for single sign-on, but also for other Intranet and Internet applications to achieve SSO user experience.
  • Password Hash Sync (PHS): same sign-on, which means you must authenticate again with your on-premises credentials accessing Office 365 services.
  • Pass-through authentication (PTA): single sign-on, allows your users to sign in to Azure Active Directory directly validating the users’ passwords against your on-premises Active Directory.
  • Seamless single sign-on: single sign-on, automatically signs your users in when they are on their corporate devices connected to your corporate network. Can be combined with either PHS or PTA.

When should I use AD FS instead of other hybrid authentication methods?

Read more at the atwork blog.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

w

Connecting to %s