Solved

SAML with AD ?

Posted on 2016-07-15
5
40 Views
Last Modified: 2016-07-15
Hi all,

We are introducing an SaaS in our company for the first time ever. The product's technical guys have said that in order to integrate with our AD, we will need to setup SAML with AD. So it works like SAML needs to be configured and then they have an AD connector which will do the sync.

My question is, is that different from ADFS ? I thought we need ADFS for trusts like these ? So SAML means no ADFS is required ? Because I have to keep my networking team in the loop due to (expected) DMZ requirements for ADFS ? Please advice.
0
Comment
Question by:Exchange User
  • 3
  • 2
5 Comments
 
LVL 14

Expert Comment

by:Shabarinath Ramadasan
ID: 41713101
SAML is an SSO Protocol which is commonly used. ADFS Supports SAML and other protocols like OPATH or MSFed. The SAS company says that they they support SAML and you can make use of any SSO Solution which supports SAML - including ADFS.

Hope that helps !
0
 
LVL 3

Author Comment

by:Exchange User
ID: 41713118
So. For design, how would you recommend to accomplish SSO ? We do not have ADFS so I have to do everything from scratch and the SaaS guys support SAML. How can I put together a design approach ?
Thanks
0
 
LVL 14

Accepted Solution

by:
Shabarinath Ramadasan earned 500 total points
ID: 41713305
You need to build the ADFS Farm and ADFS proxy Servers.
ADFS Farm will be placed in the internal network and Proxy servers will be in the DMZ.

To start with, Plan for on ADFS backend server and one ADFS proxy server. If you can accommodate, Have 2 backedn server + 2 ADFS Proxy which will give you HA.


Configuration is specific to the thirdparty entity. Most of the SAS providers would also give us a guide on how to configure SSO using ADFS. So better you get the document from them.

Here is an example for the configuration guide you could expect. I did the federation with Zoom few months back.

https://support.zoom.us/hc/en-us/articles/202374287-Configuring-Zoom-With-ADFS

Hope that helps !
0
 
LVL 3

Author Comment

by:Exchange User
ID: 41713313
I get all that part which you mentioned. But where does SAML come into play ? I totally get the ADFS design and infrastructure part and I understand how to set it up. But got a bit confused when they said that they use SAML for SSO.
0
 
LVL 14

Expert Comment

by:Shabarinath Ramadasan
ID: 41713323
SAML is the protocol we use. We dont need to explicitly select on ADFS that SSO protocol is SAML or OPATH or something else. My assumption is that the configuration starts with an metadata xml file which is from the SAS provider. And the details about the protocol will be defined there. Its my assumption. But I am sure that we dont need to configure on the protocol which will be used for SSO.
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

While rebooting windows server 2003 server , it's showing "active directory rebuilding indices please wait" at startup. It took a little while for this process to complete and once we logged on not all the services were started so another reboot is …
In-place Upgrading Dirsync to Azure AD Connect
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

740 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question