SAML with AD ?

Posted on 2016-07-15
Last Modified: 2016-07-15
Hi all,

We are introducing an SaaS in our company for the first time ever. The product's technical guys have said that in order to integrate with our AD, we will need to setup SAML with AD. So it works like SAML needs to be configured and then they have an AD connector which will do the sync.

My question is, is that different from ADFS ? I thought we need ADFS for trusts like these ? So SAML means no ADFS is required ? Because I have to keep my networking team in the loop due to (expected) DMZ requirements for ADFS ? Please advice.
Question by:Exchange User
  • 3
  • 2
LVL 14

Expert Comment

by:Shabarinath Ramadasan
ID: 41713101
SAML is an SSO Protocol which is commonly used. ADFS Supports SAML and other protocols like OPATH or MSFed. The SAS company says that they they support SAML and you can make use of any SSO Solution which supports SAML - including ADFS.

Hope that helps !

Author Comment

by:Exchange User
ID: 41713118
So. For design, how would you recommend to accomplish SSO ? We do not have ADFS so I have to do everything from scratch and the SaaS guys support SAML. How can I put together a design approach ?
LVL 14

Accepted Solution

Shabarinath Ramadasan earned 500 total points
ID: 41713305
You need to build the ADFS Farm and ADFS proxy Servers.
ADFS Farm will be placed in the internal network and Proxy servers will be in the DMZ.

To start with, Plan for on ADFS backend server and one ADFS proxy server. If you can accommodate, Have 2 backedn server + 2 ADFS Proxy which will give you HA.

Configuration is specific to the thirdparty entity. Most of the SAS providers would also give us a guide on how to configure SSO using ADFS. So better you get the document from them.

Here is an example for the configuration guide you could expect. I did the federation with Zoom few months back.

Hope that helps !

Author Comment

by:Exchange User
ID: 41713313
I get all that part which you mentioned. But where does SAML come into play ? I totally get the ADFS design and infrastructure part and I understand how to set it up. But got a bit confused when they said that they use SAML for SSO.
LVL 14

Expert Comment

by:Shabarinath Ramadasan
ID: 41713323
SAML is the protocol we use. We dont need to explicitly select on ADFS that SSO protocol is SAML or OPATH or something else. My assumption is that the configuration starts with an metadata xml file which is from the SAS provider. And the details about the protocol will be defined there. Its my assumption. But I am sure that we dont need to configure on the protocol which will be used for SSO.

Featured Post

Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Do you have users whose passwords are expiring and they are constantly calling you?  Well I sure did and needed a way to put an end to this.  We have a lot of remote users which would not be notified that their passwords were expiring since they wer…
Mapping Drives using Group policy preferences Are you still using old scripts to map your network drives if so this article will show you how to get away for old scripts and move toward Group Policy Preference for mapping them. First things f…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

911 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

27 Experts available now in Live!

Get 1:1 Help Now