United States   Change   |   All Microsoft Sites

Home

Microsoft Home  |  Servers and Tools  

Microsoft Identity and Access Solutions

Collaborate Securely Across Organizational Boundaries

Microsoft Active Directory Federation Services (AD FS) provides the interoperability required to simplify the broad, federated sharing of digital identities and policies across organizational boundaries. Seamless yet secure, customers, partners, suppliers, and mobile employees can all securely gain access to the information they need, when they need it.

Benefits:

  • Boost cross-organizational efficiency and collaboration with secure data access across companies.

  • Improve operational efficiency with streamlined federation systems and simplified management of IDs and passwords.

  • Boost visibility into cross-boundary processes with transparent, auditable information rights and roles.

  • Improve security with AD FS claim mapping, Security Assertions Markup Language (SAML) tokens, and Kerberos authentication.

  • Reduce costs by taking advantage of existing investments in Active Directory and security systems.

  • Eliminate the complexity of managing federation by using Active Directory as the main identity repository.

Business Needs:

  • Improve collaboration and operational efficiency by building secure and efficient connections with other organizations.

  • Retain control over corporate data, while allowing trusted entities access to business information.

  • Express, communicate, and share business policies with other trusted organizations.

Federated Identity Diagram

What’s New in Windows Server 2008

Active Directory Federation Services in Windows Server 2008 includes a number of functionality and operational improvements over the previous version in Windows Server 2003:

  • Improved application support: AD FS is tightly integrated with Active Directory Rights Management Services (AD RMS) and Microsoft Office SharePoint Server 2007. AD RMS and AD FS have been integrated in such a way that organizations can take advantage of existing federated trust relationships to collaborate with external partners and share rights-protected content. Office SharePoint Server 2007 takes full advantage of the single sign-on (SSO) capabilities that are integrated into this version of AD FS. AD FS in Windows Server 2008 includes functionality to support Office SharePoint Server 2007 membership and role providers.

  • Improved installation experience: AD FS is included in Windows Server 2008 as a standard server role. This simplified wizard-based installation performs server validation checks before the installation, which automatically lists and installs all the services that AD FS depends on during the server role installation. These services include Microsoft ASP.NET 2.0 and other services that are part of the Web Server (Internet Information Services, or IIS) server role.

  • Improved administration experience: Improved trust policy import and export functionality helps to minimize partner-based configuration issues that are commonly associated with federated trust establishment. Creating federated trusts between partner organizations is easier than ever in Windows Server 2008 as a result of enhanced policy-based export and import functionality.