How ADFS v2 Helps Microsoft IT to Manage Application Access

Download this episode

Download Video

Description

ADFS 2.0 is being released today, but there is a group that has been using it for almost two years: Microsoft's IT department, which dogfooded ADFS 2.0 from the very first pre-release.

Brian Puhl, Principal System Architect, and Femi Aladesulu, Service Engineer, share their vast experience in using ADFS 2.0, which they earned handling access to the Microsoft IT application portfolio on premises and in the cloud.

From the topology of Microsoft's internal ADFS 2.0 deployment to the description of how day-to-day operations (such as a new application's onboarding) are handled, Brian and Femi will take you on a whirlwind tour. Today, Microsoft IT is able to offer identity as a reliable, self-provisioned service. Tune in to get tips that will help you to achieve the same results!

Embed

Format

Available formats for this video:

Actual format may change based on video formats available and browser capability.

    The Discussion

    • User profile image
      Rainwater​Eyes

      Wonderful Episode!  Thank you for sharing.

       

      In the last minutes of the show, you identified a complex application having their own STS federated with the main Identity Provider STS.  Is the "private" STS a private instance of ADFS2.0 or is it a custom implementation?

       

      This question is coming from an ISV perspective.  We want to embrace the claims model and “outsource” identity to an STS. But 1) the client may need us to provide the STS because they don’t have one, 2) they may want us to use an existing STS (political struggle ensues to get our required claims from their IT), 3) they may want us to federate our STS with their IP-STS. Can ADFS2.0 be used as a private STS for an ISV application simliar to the scenerio you described?  It seems SharePoint 2010 took this approach with their own SharePoint STS.

       

      Can you provide some insight into how an ISV installing software into the clients environment should approach this problem?  (or suggest another place to post this question.)  Thanks for your consideration.

    Comments closed

    Comments have been closed since this content was published more than 30 days ago, but if you'd like to send us feedback you can Contact Us.