2

Can anyone please tell me, what is the difference between active directory federation services (ADFS) and single sign-on (SSO)?

From a simple look at things both seem to do much the same thing in identity management, making it so users require only a single logon to access many services. My company of course currently uses AD but there is talk of getting a SSO service. I'm not quite understanding the difference other than SSO will also stretch to web apps.

What are the key basic differences?

I tried asking this on SO but didn't even get a good reason as to why people can't answer it. I would really appreciate some pointers. I mainly deal with the hardware side of things, and I'm fairly new to the game, so its all rather mysterious to me.

Simon East
  • 1,514
  • 1
  • 15
  • 18
Hank
  • 21
  • 3
  • `My company of course currently uses AD but there is talk of getting a SSO service` - To what end? What's the driving need? – joeqwerty Jul 03 '14 at 01:42
  • I'm not really involved with that decision process but from what i gather its because there are quite a few web apps used by the company and people are annoyed at having to login to them each individually – Hank Jul 03 '14 at 02:05

1 Answers1

2

ADFS is one way to realize Single Sign-On (SSO) capabilities. There are other products as well.

ADFS provides this ability through SAML based authentication, your applications need to be adjusted to work with that model, it does not "magically" do SSO.

In the most current version of ADFS (2012 R2), you can even proxy the SSO Authentication to Kerberos-based web applications.

There are of course other ways to do it. There is/was TMG which allowed SSO, there is the concept of Windows Integrated Auth for your domain-based clients, which could also work

MichelZ
  • 11,068
  • 4
  • 32
  • 59