Solved

ADFS with two email domains.

Posted on 2016-09-22
2
33 Views
Last Modified: 2016-10-11
Current setup: One AD domain with one ADFS server, and one ADFS proxy server. This ADFS setup is used for employees with an email domain of abc.com to access CRM. We would like to setup AD authentication for other employees in our company to access a different application, and their email domain is cde.com. The current ADFS server is setup with a certificate for the abc.com email domain.

My question is should I build an ADFS connection on the current server with cde.com, should I build an additional server and create an ADFS farm, or should I build an additional server but not in a farm (since the email domains are different)?

Thanks,
Bill
0
Comment
Question by:whbaxter
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
2 Comments
 
LVL 40

Accepted Solution

by:
Adam Brown earned 500 total points (awarded by participants)
ID: 41811491
If these users are in the same Domain/Forest, the Email domain doesn't really matter so much. The certificate you have is still valid, you would just need to make sure the trust relationship between the new application and the ADFS server uses the URL on the certificate. For the most part, that certificate is just used for encrypting the connection to ADFS's HTTPS portal, so it doesn't normally get used for the actual ADFS functions. You can use the same ADFS server for both applications and email domains without a problem, it's just a more complex setup that requires you to include rules to exclude users that don't have the proper alias from connecting to the application they aren't supposed to use.
0
 
LVL 40

Expert Comment

by:Adam Brown
ID: 41838086
no response
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Last week, our Skyport webinar on “How to secure your Active Directory” (https://www.experts-exchange.com/videos/5810/Webinar-Is-Your-Active-Directory-as-Secure-as-You-Think.html?cid=Gene_Skyport) provided 218 attendees with a step-by-step guide for…
This article outlines the process to identify and resolve account lockout in an Active Directory environment.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question