Budgeting for Active Directory®: Identity Federation
When looking to acquire Microsoft’s® Active Directory® product, most IT administrators will initially smile. The cost: “free”. Active Directory and domain control services at large are features that may be enabled on any Windows Server. But as most seasoned Windows admins know, that ‘free’ price is far from the true cost of ownership to run a directory within their organization. The full extent of the hidden costs is often underestimated. When it comes to complex IT infrastructure such as directory services, it’s easy to predict one number for the total cost, only to start implementing the software and realize that the projections do not cover the full cost. This is only exacerbated when limitations within the solution require you to purchase additional solutions to supplement missing functionality. In our previous blog post on how to budget for Active Directory, we gave an overview of the underlying costs briefly. In this blog post, we will more closely inspect the cost of identity federation with Active Directory.
Identity Federation has been a feature of Active Directory since the early 2000’s, launching with Windows Server 2003. Called Active Directory Federation Services (ADFS), it “uses a claim-based access-control authorization model to maintain application security and to implement federated identity” (Wikipedia). Essentially, what ADFS can do for a group of organizations is allow them to share access to resources like applications across their respective networks, all through the establishment of a ‘trusted’ identity relationship.
Active Directory’s role in this is to act as the identity provider – an extremely functional tool, but a tool that comes at a high price.
Active Directory Identity Federation Requirements
There are a lot of ways to describe federation. The initial form of AD federation pre-dated SAML, and it functioned through the replication of identities in a domain controller across organizations and their disparate domain controllers. The (Read more...)
*** This is a Security Bloggers Network syndicated blog from Blog – JumpCloud authored by Jon Griffin. Read the original post at: https://jumpcloud.com/blog/budgeting-active-directory-identity-federation/