Single Sign-On (SSO) and Access Control is represented by two pieces of technology: for Federation Services,
Active Directory Federation Services 2.0 (ADFS2) provides standard SAML 2.0 compliance and WS* Federation compliance.
ADFS 2.0 provides the Security Token Service (STS) that can provide different claims formats, including SAML 2.0 and WS Federation.
ADFS 2.0 by itself allows for Federation against a single domain or single Active Directory forest without trusts built to multiple domains or forests.
Additionally, complex claims augmentations can be supported by Virtual Identity Server by Optimal IDM
. This allows for an easier management of claims without complex scripting to support claims augmentation.
Unified Access Gateway (UAG) allows for the organization to provide SSO to external users for web-based applications hosted by the client. UAG brings other services, but for the purpose of this discussion we will limit it to the SSO capabilities.
UAG incorporates remote access technologies such as reverse proxy, virtual private network (VPN), DirectAccess and Remote Desktop Services. UAG was released in 2010, and is the successor for Microsoft Intelligent Application Gateway (IAG) which was released in 2007.
Identity Management is provided by FIM 2010, which includes User Management across disparate systems. In the illustration, two Active Directory Forests — without trusts established — can be managed. FIM 2010 provides an interface for User Management, externally and internally, if necessary. Finally, Access Request can be managed via the FIM Portal. These Access Requests can be for any data system supported by FIM directly or indirectly.
Some Microsoft IDM Products History
More Information #
There might be more information for this subject on one of the following: