Skip the navigation

InfoWorld review: Microsoft ADFS 2.0 and Forefront Identity Manager 2010

By Keith Schultz
July 7, 2010 06:10 AM ET

InfoWorld - Managing user access in businesses today is something like playing traffic cop in an intersection of a thousand roads. From Web-based applications to homegrown programs, from desktop PCs to the latest crop of smartphones, IT has to be able to control access to every sort of resource while allowing users to access them from anywhere and any platform.

A bigger challenge is providing seamless access to applications and systems across corporate or network boundaries. It's no trouble for IT to define and manage user names and passwords on their own network, but it takes more work -- or is nearly impossible -- to extend access to internal systems to numerous external users or to manage local user access to a system outside of their control.

[ Get all the details you need on deploying and using Windows 7 in the InfoWorld editors' 21-page Windows 7 Deep Dive PDF special report. Learn how to put AppLocker, BitLocker to Go, security accounts, and other key Windows 7 security improvements to good use in "The ultimate guide to Windows 7 security." ]

Microsoft has updated Forefront Identity Manager (FIM) 2010 and Active Directory Federation Services (ADFS) to aid IT in applying identity management across domains and business boundaries. Both of these tools are intended to extend user access control across the enterprise; FIM uses a common platform to tie user, certificate, group, and policy management together, while ADFS provides trust accounts between different networks or organizations. Together, they provide a powerful platform for extending user management beyond the company domain or network edge.

Active Directory Federation Services 2.0 Active Directory Federation Services, first available in Windows Server 2003, is now a server role in Windows Server 2008 R2. ADFS is a single-sign-on technology that uses claims-based authentication to validate a user's identity across domains. Normally when the user's account is in one domain and the resource is in another, the resource will prompt the user for local credentials. ADFS eliminates the secondary credential request; the user's identity is validated, and access provided, based on information in the user's home directory.

Through the use of ADFS, it is possible to facilitate a wide range of managed access. It makes it easy for users to access an Internet-accessible application on another company's network or to allow outside contractors access to internal resources for the duration of a specific project. The key advantage is that neither domain need contain any of the other domain's user information; no user information is shared, and each side remains responsible only for its own user management.

To continue reading, register here to become an Insider

It's FREE to join

Learn More

Already an Insider? Sign in

Originally published on www.infoworld.com. Click here to read the original story.
Reprinted with permission from InfoWorld. Story copyright 2012 InfoWorld Media Group, Inc. All rights reserved.
Our Commenting Policies