We are considering utilizing active directory federation services as a solution to make one of our application single sign on. The question that wa sposed to me is can we exclude certin groups of account or OU's from being single sign on?
If you search for Active Directory Federation Services Excluding Internal User Accounts there is a topic in the course on ADFS. Not sure if it does exactly what you need.
This appears to be for rights management not ADFS. What I'm basically looking of ris I want to turn it on for an application for a group of users or exlcude for a group of users for example.
We want to use it internal to allow users to use their ad information to authenticate to a web based application. However we do not want this to be for every person in the doamin. Is there a way to exclude specific users or groups of users from this?
ASKER CERTIFIED SOLUTION
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
This would allow only the users in this group to use SSO to the web application using the AD credentials and not apply for the rest of the users in the Domain if I'm understanding you correctly.