• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 48
  • Last Modified:

SAML with AD ?

Hi all,

We are introducing an SaaS in our company for the first time ever. The product's technical guys have said that in order to integrate with our AD, we will need to setup SAML with AD. So it works like SAML needs to be configured and then they have an AD connector which will do the sync.

My question is, is that different from ADFS ? I thought we need ADFS for trusts like these ? So SAML means no ADFS is required ? Because I have to keep my networking team in the loop due to (expected) DMZ requirements for ADFS ? Please advice.
0
Exchange User
Asked:
Exchange User
  • 3
  • 2
1 Solution
 
Shabarinath RamadasanInfrastructure ArchitectCommented:
SAML is an SSO Protocol which is commonly used. ADFS Supports SAML and other protocols like OPATH or MSFed. The SAS company says that they they support SAML and you can make use of any SSO Solution which supports SAML - including ADFS.

Hope that helps !
0
 
Exchange UserSystems AdministratorAuthor Commented:
So. For design, how would you recommend to accomplish SSO ? We do not have ADFS so I have to do everything from scratch and the SaaS guys support SAML. How can I put together a design approach ?
Thanks
0
 
Shabarinath RamadasanInfrastructure ArchitectCommented:
You need to build the ADFS Farm and ADFS proxy Servers.
ADFS Farm will be placed in the internal network and Proxy servers will be in the DMZ.

To start with, Plan for on ADFS backend server and one ADFS proxy server. If you can accommodate, Have 2 backedn server + 2 ADFS Proxy which will give you HA.


Configuration is specific to the thirdparty entity. Most of the SAS providers would also give us a guide on how to configure SSO using ADFS. So better you get the document from them.

Here is an example for the configuration guide you could expect. I did the federation with Zoom few months back.

https://support.zoom.us/hc/en-us/articles/202374287-Configuring-Zoom-With-ADFS

Hope that helps !
0
 
Exchange UserSystems AdministratorAuthor Commented:
I get all that part which you mentioned. But where does SAML come into play ? I totally get the ADFS design and infrastructure part and I understand how to set it up. But got a bit confused when they said that they use SAML for SSO.
0
 
Shabarinath RamadasanInfrastructure ArchitectCommented:
SAML is the protocol we use. We dont need to explicitly select on ADFS that SSO protocol is SAML or OPATH or something else. My assumption is that the configuration starts with an metadata xml file which is from the SAS provider. And the details about the protocol will be defined there. Its my assumption. But I am sure that we dont need to configure on the protocol which will be used for SSO.
0

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now