ADFS Dedicated Server

James Escober 81 Reputation points
2020-04-24T08:19:32.82+00:00

Can ADFS server be installed on a machine with other server roles installed or non-MS application services? Or is should be dedicated to ADFS only? I'm trying to look for article or documentation that will support this scenario but could not find any. Thanks.

Active Directory Federation Services
Active Directory Federation Services
An Active Directory technology that provides single-sign-on functionality by securely sharing digital identity and entitlement rights across security and enterprise boundaries.
954 questions
No comments
{count} votes

Accepted answer
  1. Pierre Audonnet - MSFT 9,976 Reputation points Microsoft Employee
    2020-04-24T13:45:04.453+00:00

    Yes you can.

    It creates some challenges The main two are the following:

    • Delegation Hard to delegate the management of only a service on a server having multiple services. And the local administrator of that mutualized server will have full control on all the installed services. Also, ADFS is often considered as a very sensitive service (tier-0), the administrator of ADFS can impersonate whoever she or he wants against any of the relying party trust. That is sometimes pushing customer to have its dedicated server.
    • Port conflicts The ADFS service needs to bind to TCP ports: 80 (if you use WID), 443, 49443 (if you use device authentication without the ADFS 2016 or above). If the other service needs those ports you won't be able to make them live together (although you can configure alternate ports to some extend on ADFS, it complexifies the solution).

0 additional answers

Sort by: Most helpful