Planning Your Deployment

Applies To: Active Directory Federation Services (AD FS) 2.0

When you plan for cross-organizational (federation-based) collaboration using Active Directory Federation Services (AD FS) 2.0, first determine if your organization will host a Web resource to be accessed by other organizations across the Internet or if you will provide access to the Web resource for employees in your organization. This determination affects how you deploy AD FS 2.0, and it is fundamental in the planning of your AD FS 2.0 infrastructure.


Make sure that the role that organization plays in the federation agreement is clearly understood by all parties.

For the Federated Web SSO Design, AD FS 2.0 uses terms such as account partner (also referred to as identity provider in the AD FS 2.0 Management snap-in) and resource partner (also referred to as relying party in the AD FS 2.0 Management snap-in) to help differentiate the organization that hosts the accounts (the account partner) from the organization that hosts the Web-based resources (the resource partner).

In the Web SSO Design, the organization acts in both the account partner and resource partner roles because it is providing its users with access to its applications.

The following topics explain some of the AD FS 2.0 partner organization concepts. They also contain links to topics in the AD FS 2.0 Deployment Guide that contain information about setting up and configuring account partner organizations and resource partner organizations based on your AD FS 2.0 deployment goals.

In this section