Solved

Active Directory Federation Services

Posted on 2011-03-04
6
661 Views
Last Modified: 2012-06-21
We are considering utilizing active directory federation services as a solution to make one of our application single sign on.  The question that wa sposed to me is can we exclude certin groups of account or OU's from being single sign on?
0
Comment
Question by:georgedschneider
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
6 Comments
 
LVL 2

Expert Comment

by:mfulksCBT
ID: 35039701
If you search for Active Directory Federation Services Excluding Internal User Accounts there is a topic in the course on ADFS. Not sure if it does exactly what you need.

http://www.microsoft.com/learning/en/us/course.aspx?ID=50403A&Locale=en-us#tab2
0
 

Author Comment

by:georgedschneider
ID: 35056808
This appears to be for rights management not ADFS.  What I'm basically looking of ris I want to turn it on for an application for a group of users or exlcude for a group of users for example.
0
 

Author Comment

by:georgedschneider
ID: 35071344
We want to use it internal to allow users to use their ad information to authenticate to a web based application.  However we do not want this to be for every person in the doamin.  Is there a way to exclude specific users or groups of users from this?
0
Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

 
LVL 2

Accepted Solution

by:
mfulksCBT earned 500 total points
ID: 35071506
You would create a group-claim on the ADFS server.  This document describes setting up ADFS with SharePoint.

http://technet.microsoft.com/en-us/library/cc262696%28office.12%29.aspx
0
 

Author Comment

by:georgedschneider
ID: 35071753
This would allow only the users in this group to use SSO to the web application using the AD credentials and not apply for the rest of the users in the Domain if I'm understanding you correctly.
0
 
LVL 2

Expert Comment

by:mfulksCBT
ID: 35072049
Yes.
0

Featured Post

Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

You might have come across a situation when you have Exchange 2013 server in two different sites (Production and DR). After adding the Database copy in ECP console it displays Database copy status unknown for the DR exchange server. Issue is strange…
OfficeMate Freezes on login or does not load after login credentials are input.
This tutorial will show how to push an installation of Backup Exec to an additional server in both 2012 and 2014 versions of the software. Click on the Backup Exec button in the upper left corner. From here, select Installation and Licensing, then I…
This tutorial will give a short introduction and overview of Backup Exec 2012 and how to navigate and perform basic functions. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as conne…

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question