SAML with AD ?

Posted on 2016-07-15
Last Modified: 2016-07-15
Hi all,

We are introducing an SaaS in our company for the first time ever. The product's technical guys have said that in order to integrate with our AD, we will need to setup SAML with AD. So it works like SAML needs to be configured and then they have an AD connector which will do the sync.

My question is, is that different from ADFS ? I thought we need ADFS for trusts like these ? So SAML means no ADFS is required ? Because I have to keep my networking team in the loop due to (expected) DMZ requirements for ADFS ? Please advice.
Question by:Exchange User
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
LVL 14

Expert Comment

by:Shabarinath Ramadasan
ID: 41713101
SAML is an SSO Protocol which is commonly used. ADFS Supports SAML and other protocols like OPATH or MSFed. The SAS company says that they they support SAML and you can make use of any SSO Solution which supports SAML - including ADFS.

Hope that helps !

Author Comment

by:Exchange User
ID: 41713118
So. For design, how would you recommend to accomplish SSO ? We do not have ADFS so I have to do everything from scratch and the SaaS guys support SAML. How can I put together a design approach ?
LVL 14

Accepted Solution

Shabarinath Ramadasan earned 500 total points
ID: 41713305
You need to build the ADFS Farm and ADFS proxy Servers.
ADFS Farm will be placed in the internal network and Proxy servers will be in the DMZ.

To start with, Plan for on ADFS backend server and one ADFS proxy server. If you can accommodate, Have 2 backedn server + 2 ADFS Proxy which will give you HA.

Configuration is specific to the thirdparty entity. Most of the SAS providers would also give us a guide on how to configure SSO using ADFS. So better you get the document from them.

Here is an example for the configuration guide you could expect. I did the federation with Zoom few months back.

Hope that helps !

Author Comment

by:Exchange User
ID: 41713313
I get all that part which you mentioned. But where does SAML come into play ? I totally get the ADFS design and infrastructure part and I understand how to set it up. But got a bit confused when they said that they use SAML for SSO.
LVL 14

Expert Comment

by:Shabarinath Ramadasan
ID: 41713323
SAML is the protocol we use. We dont need to explicitly select on ADFS that SSO protocol is SAML or OPATH or something else. My assumption is that the configuration starts with an metadata xml file which is from the SAS provider. And the details about the protocol will be defined there. Its my assumption. But I am sure that we dont need to configure on the protocol which will be used for SSO.

Featured Post

Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

While rebooting windows server 2003 server , it's showing "active directory rebuilding indices please wait" at startup. It took a little while for this process to complete and once we logged on not all the services were started so another reboot is …
This article outlines the process to identify and resolve account lockout in an Active Directory environment.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.

739 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question