InfoWorld review: Microsoft ADFS 2.0 and Forefront Identity Manager 2010
InfoWorld - Managing user access in businesses today is something like playing traffic cop in an intersection of a thousand roads. From Web-based applications to homegrown programs, from desktop PCs to the latest crop of smartphones, IT has to be able to control access to every sort of resource while allowing users to access them from anywhere and any platform.
A bigger challenge is providing seamless access to applications and systems across corporate or network boundaries. It's no trouble for IT to define and manage user names and passwords on their own network, but it takes more work -- or is nearly impossible -- to extend access to internal systems to numerous external users or to manage local user access to a system outside of their control.
[ Get all the details you need on deploying and using Windows 7 in the InfoWorld editors' 21-page Windows 7 Deep Dive PDF special report. Learn how to put AppLocker, BitLocker to Go, security accounts, and other key Windows 7 security improvements to good use in "The ultimate guide to Windows 7 security." ]
Microsoft has updated Forefront Identity Manager (FIM) 2010 and Active Directory Federation Services (ADFS) to aid IT in applying identity management across domains and business boundaries. Both of these tools are intended to extend user access control across the enterprise; FIM uses a common platform to tie user, certificate, group, and policy management together, while ADFS provides trust accounts between different networks or organizations. Together, they provide a powerful platform for extending user management beyond the company domain or network edge.
Active Directory Federation Services 2.0 Active Directory Federation Services, first available in Windows Server 2003, is now a server role in Windows Server 2008 R2. ADFS is a single-sign-on technology that uses claims-based authentication to validate a user's identity across domains. Normally when the user's account is in one domain and the resource is in another, the resource will prompt the user for local credentials. ADFS eliminates the secondary credential request; the user's identity is validated, and access provided, based on information in the user's home directory.
Through the use of ADFS, it is possible to facilitate a wide range of managed access. It makes it easy for users to access an Internet-accessible application on another company's network or to allow outside contractors access to internal resources for the duration of a specific project. The key advantage is that neither domain need contain any of the other domain's user information; no user information is shared, and each side remains responsible only for its own user management.
To continue reading, register here to become an Insider
It's FREE to join
- SharePlan Security SharePlan is a continuous, secure, enterprise-ready file sync and share platform that facilitates smart, real-time collaboration across all devices.
- Three Ways Your DNS Can Impact DDoS Attacks Domain Name System (DNS) plays a big role in consumers' day-to-day Internet usage and is a critical factor when it comes to distributed...
- 3 Reasons Why You Need Real User Web Performance Measurements Learn why a traditional (technical) understanding of website performance needs to be replaced with a competitive one, a model where performance equates to...
- The Winter Games - Your Way During the 2014 Winter Olympics, video streams from the Akamai network reached devices internationally. Learn how Akamai provided stream security and analytics capabilities...
- Online Video and Web Traffic: Sochi 2014 Winter Olympic Games Over 25 leading global broadcasters worked with Akamai to deliver the action, excitement and inspiration of Sochi because they understand online viewers expect...
- Video surveillance for IT: maximum image quality, minimum bandwidth Join us on Thursday, May 8th at 1 p.m. EST when Willem Ryan, Senior Product Marketing Manager at Avigilon, will discuss how IT... All Networking White Papers | Webcasts