Buiding on our momentum from Microsoft Ignite in September, there is cause for merriment for those of you using Microsoft Active Directory Federation Services (AD FS). I am sensing disbelief, but read on, I promise the is joy afoot.
What’s the big deal about AD FS? As you likely picked up from the title, AD FS is the Microsoft solution to implement identity federation and single sign-on (SSO) from the corporate network to intranet, extranet and cloud applications. This means that users can use their corporate login information to access applications outside of the organization. For example, AD FS enables your users to log in from the Microsoft/Windows environment and have seamless access to Office 365 and external applications like Salesforce or Box.
You’re probably thinking that enterprises have been doing this for years, this isn’t exciting. Where is the joy you promised? We’re getting to it, hang in there. Those familiar deploying AD FS are also likely familiar with Microsoft Web Application Proxy (WAP). WAP is Microsoft’s gateway product to allow external access to internal (behind the firewall) applications, like AD FS for example. WAP has specific support for AD FS using Active Directory Federation Services and Proxy Integration Protocol (MS-ADFSPIP, in what is sure to be the longest acronym appearing in this blog). This protocol enables the required mutual certificate-based authentication and the exchange of specific information between the AD FS server and the WAP.
External users must go through the WAP to access AD FS. WAP runs on Windows servers. This is the part that adds complexity and cost. These systems typically need to be load balanced and highly configured for security because they are exposed to the open internet, and you may need many of them for scale.
Here’s the good part: F5 has enabled the F5 BIG-IP platform to support MS-ADFSPIP, and it is the first non-Microsoft product to do so. What does this mean? F5 BIG-IP with the Access Policy Manager (APM) can replace the WAP servers and the load balancers that support them. You can proxy AD FS with a secure solution that was designed to be exposed to the internet. With F5 as the AD FS proxy, you can reduce the number of servers in the DMZ, simplify the deployment, scale faster, and still have full support for MS-ADFSPIP.
You can check out the Microsoft Ignite session where Microsoft’s Samuel Devasahayan, Principal Group Program Manager - Identity Division, reveals the exciting news here. You can almost hear the tears of joy falling.
About the Author
Related Blog Posts
The everywhere attack surface: EDR in the network is no longer optional
All endpoints can become an attacker’s entry point. That’s why your network needs true endpoint detection and response (EDR), delivered by F5 and CrowdStrike.
F5 NGINX Gateway Fabric is a certified solution for Red Hat OpenShift
F5 collaborates with Red Hat to deliver a solution that combines the high-performance app delivery of F5 NGINX with Red Hat OpenShift’s enterprise Kubernetes capabilities.
F5 accelerates and secures AI inference at scale with NVIDIA Cloud Partner reference architecture
F5’s inclusion within the NVIDIA Cloud Partner (NCP) reference architecture enables secure, high-performance AI infrastructure that scales efficiently to support advanced AI workloads.
F5 Silverline Mitigates Record-Breaking DDoS Attacks
Malicious attacks are increasing in scale and complexity, threatening to overwhelm and breach the internal resources of businesses globally. Often, these attacks combine high-volume traffic with stealthy, low-and-slow, application-targeted attack techniques, powered by either automated botnets or human-driven tools.
Volterra and the Power of the Distributed Cloud (Video)
How can organizations fully harness the power of multi-cloud and edge computing? VPs Mark Weiner and James Feger join the DevCentral team for a video discussion on how F5 and Volterra can help.
Phishing Attacks Soar 220% During COVID-19 Peak as Cybercriminal Opportunism Intensifies
David Warburton, author of the F5 Labs 2020 Phishing and Fraud Report, describes how fraudsters are adapting to the pandemic and maps out the trends ahead in this video, with summary comments.