Active Directory Federation Services

Ganesh Chauhan, Technical Support Specialist, Microsoft Azure.

A Federation is a collection of domains that have developed trust. The amount of trust varies, but it nearly always requires authentication and almost always includes authorization. A typical federation would consist of a number of groups that have developed trust in order to share access to a set of resources.

You can federate your on-premises infrastructure with Azure AD and use this federation for authentication and permission. This sign-in mechanism assures that all user authentication takes place on-premises. This method enables administrators to set more stringent levels of access restriction. Federation with AD FS and PingFederate is possible.

How Federation Work: –

Azure Active Directory (Azure AD) Connect allows you to configure federation using on-premises Active Directory Federation Services (AD FS) and Azure AD. You may utilize federation sign-in to allow users to sign in to Azure AD-based services using their on-premises passwords—and without having to enter their passwords twice while on the corporate network. You can use the federation option with AD FS to deploy a new installation of AD FS or to specify an existing installation on a Windows Server 2012 R2 farm.

Note: – If you want to use Federation with Active Directory Federation Services (AD FS), you can optionally configure password hash synchronization as a backup in the event that your AD FS infrastructure fails.

Azure AD federation compatibility list: –

Azure Active Directory enables single-sign-on and increased application access security for Microsoft 365 and other Microsoft Online services in hybrid and cloud-only deployments without the need for a third-party solution. Microsoft 365, like the majority of Microsoft’s Online Services, is connected with Azure Active Directory for directory services, authentication, and authorization. Azure Active Directory also offers single sign-on to hundreds of SaaS and on-premises web apps. Supported SaaS applications can be found in the Azure Active Directory application gallery.

IDP Validation: –

If your business employs a third-party federation solution, you can configure single sign-on for your on-premises Active Directory users with Microsoft Online services like Microsoft 365, as long as the third-party federation solution is compatible with Azure Active Directory. Please contact your identity provider if you have any issues with compatibility. See Azure AD identity provider compatibility documents for a list of identity providers that Microsoft has previously validated for compatibility with Azure AD.

Professional Labs is the premier cloud managed service provider in UAE. Contact us for more information
Contact Us | Professional labs (