ADFS for two forest with two way bi-directional trust

Parin Das 1 Reputation point

Hello Experts,

I have a scenario, in which we have two seperate forests A and forest B. There is a two way bi-directional trust between them.

I have ADFS in forest A and there are many relying party applications ( SAML based ) in forest A.

I want my users in forest B, to access applications in forest A.


  1. Will it require to have ADFS in forest B or forest trust will do the job?
  2. Does it make sense to have Forest trust and also create ADFS trust between the two ADFS A and B for such a scenario ?

Thank You

Active Directory Federation Services
Active Directory Federation Services
An Active Directory technology that provides single-sign-on functionality by securely sharing digital identity and entitlement rights across security and enterprise boundaries.
1,034 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Pierre Audonnet - MSFT 10,091 Reputation points Microsoft Employee
    1. The forest trust is enough. You'll have single sign-on without adding an ADFS in forest B.
    2. If your goal is to provide SSO, then it is required. But you might have other requirements such as delegation, or internal policies that would make the use of a "central" ADFS farm difficult. Note that when an ADFS farm trusts another one, the users will be asked to pick which farm they are from. It is called Home Realm Discovery, it can be tuned to some extend but ultimately it might change the way the authentication work for users in both sides.