• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 679
  • Last Modified:

Active Directory Federation Services

We are considering utilizing active directory federation services as a solution to make one of our application single sign on.  The question that wa sposed to me is can we exclude certin groups of account or OU's from being single sign on?
0
georgedschneider
Asked:
georgedschneider
  • 3
  • 3
1 Solution
 
mfulksCBTCommented:
If you search for Active Directory Federation Services Excluding Internal User Accounts there is a topic in the course on ADFS. Not sure if it does exactly what you need.

http://www.microsoft.com/learning/en/us/course.aspx?ID=50403A&Locale=en-us#tab2
0
 
georgedschneiderAuthor Commented:
This appears to be for rights management not ADFS.  What I'm basically looking of ris I want to turn it on for an application for a group of users or exlcude for a group of users for example.
0
 
georgedschneiderAuthor Commented:
We want to use it internal to allow users to use their ad information to authenticate to a web based application.  However we do not want this to be for every person in the doamin.  Is there a way to exclude specific users or groups of users from this?
0
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

 
mfulksCBTCommented:
You would create a group-claim on the ADFS server.  This document describes setting up ADFS with SharePoint.

http://technet.microsoft.com/en-us/library/cc262696%28office.12%29.aspx
0
 
georgedschneiderAuthor Commented:
This would allow only the users in this group to use SSO to the web application using the AD credentials and not apply for the rest of the users in the Domain if I'm understanding you correctly.
0
 
mfulksCBTCommented:
Yes.
0

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

  • 3
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now