Introducing AD FS 2.0

Applies To: Active Directory Federation Services (AD FS) 2.0

Active Directory Federation Services (AD FS) 2.0 provides support for claims-aware identity solutions that involve Windows Server® and Active Directory technology. AD FS 2.0 supports the WS-Trust, WS-Federation, and Security Assertion Markup Language (SAML) protocols.

AD FS 2.0 features

AD FS 2.0 has the following features:

  • An enterprise claims provider for claims-based applications

    Applications that are built on the claims-based identity model have several advantages for information technology (IT) professionals. These applications:

    • Provide a single-sign-on (SSO) experience across multiple claims-aware applications.

    • Provide access to a claims-aware application to users in another organization.

    • Reduce concern about developers of custom applications making processor-intensive authentication requests that unexpectedly burden an organization’s directory services.

  • A Federation Service for identity federation across domains

    You can configure AD FS 2.0 in the Federation Service role so that Web browser and Web service applications can use federated Web SSO across domains. This helps reduce administrative overhead, reduce security vulnerabilities as a result of lost or stolen passwords, and improve user productivity through SSO.

  • Improved support for federation trusts

    AD FS 2.0 has improved support for federation trusts that can speed up the process of establishing the trusts. AD FS 2.0 uses industry-standard metadata formats when it establishes trusts between federation partners. This makes it possible for you to add trusts quickly. It also makes certificate management easier between partners because AD FS 2.0 automatically provides the appropriate certificates to the partner when it creates the trust. For more information, see Claims Providers and Relying Parties.

  • An enhanced snap-in management console

    The AD FS 2.0 snap-in is a single Microsoft Management Console (MMC) 3.0 snap-in. It provides a graphical user interface (GUI) for configuring service and policy settings that are used most commonly with AD FS 2.0. For more information, see AD FS 2.0 Console.

AD FS 2.0 benefits

AD FS 2.0:

  • Enables organizations to collaborate securely across Active Directory domains by using identity federation.

  • Reduces the need for duplicate accounts and other credential management overhead by enabling federated SSO across organizations, platforms, and applications.

  • Provides for identity delegation so that authorized applications can impersonate their users when they access infrastructure services, even when the original users do not have local accounts.

  • Enables step-up authentication so that Web sites can easily request smart-card authentication for particular operations.