Active Directory Federation Services (ADFS) is standards based Web Single Sign-On (SSO) service that enables federated identity by implementing claims based authentication across forests. It is part of Windows Server 2003 R2 and later releases of Microsoft’s server Operating System as a server role.

Claims based authentication is the process of authenticating a user based on a set of claims about its identity contained in a trusted token. Such a token is often issued and signed by an entity that is able to authenticate the user by other means, and that is trusted by the entity doing the claims based authentication.

In ADFS, identity federation is established between two organizations by establishing trust between two security realms. A federation server on one side (the Accounts side) authenticates the user through the standard means in Active Directory Domain Services and then issues a token containing a series of claims about the user, including its identity. On the other side, the Resources side, another federation server validates the token and issues another token for the local servers to accept the claimed identity. This allows a system to provide controlled access to its resources or services to a user that belongs to another security realm without requiring the user to authenticate directly to the system and without the two systems sharing a database of user identities or passwords.

One of the biggest challenges an IT department can face comes when identities need to cross company boundaries. When your organization enters a relationship with another organization and anyone from one side needs access to resources on the other side, you need a way to establish a secure, trusted relationship. For Administrators this creates a dilemma. They don’t want to be giving administrative rights to people outside their organization, but at the same time they also do not want the additional burden of the extra identity management tasks for those, external people. But you do want to be able to use your current, Active Directory environment to provide single sign on.

Read More:-
1. Cross Organization Single Sign-on Made Real With ADFS
2. Simplify Single Sign-on Using ADFS