I have a local web asp system, that large companies use. I run with local users, in that system. To day, we have been importing users from a security group in the customers Active Directory. That means that we have read access to that security group in the customers AD. Then we have had AD FS integration, and validated users in that manner. And if a user was deleted or deactivated in AD, it would be the same in our system automatically.
However I need to plan a design change, because new customers deny us access directly to their AD. And as far as I see it, AD FS does not support user export ?
I was thinking about making a web service, witch the users via AD FS connects against, and make that web service create the users in my web application user database.
Any thoughts / Suggestions on the subject would be highly appreciated.