SAML with AD ?

Posted on 2016-07-15
Last Modified: 2016-07-15
Hi all,

We are introducing an SaaS in our company for the first time ever. The product's technical guys have said that in order to integrate with our AD, we will need to setup SAML with AD. So it works like SAML needs to be configured and then they have an AD connector which will do the sync.

My question is, is that different from ADFS ? I thought we need ADFS for trusts like these ? So SAML means no ADFS is required ? Because I have to keep my networking team in the loop due to (expected) DMZ requirements for ADFS ? Please advice.
Question by:Exchange User
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
LVL 14

Expert Comment

by:Shabarinath Ramadasan
ID: 41713101
SAML is an SSO Protocol which is commonly used. ADFS Supports SAML and other protocols like OPATH or MSFed. The SAS company says that they they support SAML and you can make use of any SSO Solution which supports SAML - including ADFS.

Hope that helps !

Author Comment

by:Exchange User
ID: 41713118
So. For design, how would you recommend to accomplish SSO ? We do not have ADFS so I have to do everything from scratch and the SaaS guys support SAML. How can I put together a design approach ?
LVL 14

Accepted Solution

Shabarinath Ramadasan earned 500 total points
ID: 41713305
You need to build the ADFS Farm and ADFS proxy Servers.
ADFS Farm will be placed in the internal network and Proxy servers will be in the DMZ.

To start with, Plan for on ADFS backend server and one ADFS proxy server. If you can accommodate, Have 2 backedn server + 2 ADFS Proxy which will give you HA.

Configuration is specific to the thirdparty entity. Most of the SAS providers would also give us a guide on how to configure SSO using ADFS. So better you get the document from them.

Here is an example for the configuration guide you could expect. I did the federation with Zoom few months back.

Hope that helps !

Author Comment

by:Exchange User
ID: 41713313
I get all that part which you mentioned. But where does SAML come into play ? I totally get the ADFS design and infrastructure part and I understand how to set it up. But got a bit confused when they said that they use SAML for SSO.
LVL 14

Expert Comment

by:Shabarinath Ramadasan
ID: 41713323
SAML is the protocol we use. We dont need to explicitly select on ADFS that SSO protocol is SAML or OPATH or something else. My assumption is that the configuration starts with an metadata xml file which is from the SAS provider. And the details about the protocol will be defined there. Its my assumption. But I am sure that we dont need to configure on the protocol which will be used for SSO.

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A hard and fast method for reducing Active Directory Administrators members.
Here's a look at newsworthy articles and community happenings during the last month.
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.

635 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question