whether need to enable ADFS , on the company application accessed by users outside the domain?

Question

Problem statement :We have a company application and company employees use this application with username@company_domain.com , Active directory takes care of user's identity and roles , now we want some one from outside the organization to access the company application lets say from a facebook account or gmail account , and the AD needs to know these accounts are not from the company domain and dynamically assign them lesser privilege roles.

My question is do I need to have ADFS enabled on the AD ,And if yes can I have good resources for the same.Any help appreciated.

score 1 · Accepted Answer · answered Jul 30 '18 at 19:05

This is not what ADFS does.

You cannot use social accounts (Facebook etc.) to log directly into ADFS.

(Refer: Connecting ADFS with social logins for an example with Auth0).

Also, ADFS only does authentication and authorisation. It does not have workflows e.g. dynamically assigning roles.

You will have to build this yourself - you can use the Account Management C# API to talk to AD via LDAP.

My suggestion would be to not use ADFS but rather something like Auth0, Okta etc.

These do allow social logins and they have "rules" where you can define workflow.

I was able to achieve social login connection with ADFS using Auth0 .Thankyou — OutOfBounds 94, Aug 02 '18 at 07:10

whether need to enable ADFS , on the company application accessed by users outside the domain?

1 Answers1