Solved

Active Directory Federation Services

Posted on 2011-03-04
6
662 Views
Last Modified: 2012-06-21
We are considering utilizing active directory federation services as a solution to make one of our application single sign on.  The question that wa sposed to me is can we exclude certin groups of account or OU's from being single sign on?
0
Comment
Question by:georgedschneider
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
6 Comments
 
LVL 2

Expert Comment

by:mfulksCBT
ID: 35039701
If you search for Active Directory Federation Services Excluding Internal User Accounts there is a topic in the course on ADFS. Not sure if it does exactly what you need.

http://www.microsoft.com/learning/en/us/course.aspx?ID=50403A&Locale=en-us#tab2
0
 

Author Comment

by:georgedschneider
ID: 35056808
This appears to be for rights management not ADFS.  What I'm basically looking of ris I want to turn it on for an application for a group of users or exlcude for a group of users for example.
0
 

Author Comment

by:georgedschneider
ID: 35071344
We want to use it internal to allow users to use their ad information to authenticate to a web based application.  However we do not want this to be for every person in the doamin.  Is there a way to exclude specific users or groups of users from this?
0
Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

 
LVL 2

Accepted Solution

by:
mfulksCBT earned 500 total points
ID: 35071506
You would create a group-claim on the ADFS server.  This document describes setting up ADFS with SharePoint.

http://technet.microsoft.com/en-us/library/cc262696%28office.12%29.aspx
0
 

Author Comment

by:georgedschneider
ID: 35071753
This would allow only the users in this group to use SSO to the web application using the AD credentials and not apply for the rest of the users in the Domain if I'm understanding you correctly.
0
 
LVL 2

Expert Comment

by:mfulksCBT
ID: 35072049
Yes.
0

Featured Post

Increase Agility with Enabled Toolchains

Connect your existing build, deployment, management, monitoring, and collaboration platforms. From Puppet to Chef, HipChat to Slack, ServiceNow to JIRA, Splunk to New Relic and beyond, hand off data between systems to engage the right people.

Connect with xMatters.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Sometimes drives fill up and we don't know why.  If you don't understand the best way to use the tools available, you may end up being stumped as to why your drive says it's not full when you have no space left!  Here's how you can find out...
This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
This tutorial will give a short introduction and overview of Backup Exec 2012 and how to navigate and perform basic functions. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as conne…
To efficiently enable the rotation of USB drives for backups, storage pools need to be created. This way no matter which USB drive is installed, the backups will successfully write without any administrative intervention. Multiple USB devices need t…

717 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question