Microsoft’s Active Directory Federation Services (AD FS) was, until recently, the company’s only option for customers who wanted single sign-on (SSO). However, it is not a rudimentary setup and takes a lot of time and effort to manage. There are now several alternatives, including JumpCloud’s SSO. This article describes two migration paths to help you move from AD FS and also provides an overview of what a full migration from Microsoft entails.
First, let’s explore the benefits of moving from AD FS to more streamlined SSO services.
Why migrate from AD FS?
Simply put, most small and medium-sized enterprises (SMEs) no need for AD FS.
Microsoft’s own words are the most scathing indictment against AD FS:
“We don’t recommend this option unless you need federated single sign-on and on-premises password management. This path is more difficult and expensive, requires the management of multiple servers, and is only relevant for districts with complex configuration and security requirements,” he said. wrote in supporting clients in the field of education.
Some of this complexity stems from its use of security token services, forcing its users to deploy and maintain a server farm that even Microsoft describes as “complex and expensive”. Multiple servers, integrations, and advanced network settings are required to provide true SSO.
The TL:DR on this writer adventure with AD FS, install Active Directory Domain Services (AD DS) and AD FS, a Web Application Proxy server role on another server, then configure an external domain for authentication: hours spent waiting for each instance of Windows Server is patched and updated.
Microsoft’s latest options are Azure AD SSO or Intune, which require multiple subscriptions per device. If you don’t know what subscriptions are required, you’re not alone; many IT admins struggle to navigate them. Its other Azure services are non-SSO and leave the operating system as its own silo, which complicates user management and increases complexity and maintenance costs.
Microsoft (Read more…)