Federation as a Service

Resilient Cloud Federation & Single Sign-On without ADFS

Identity Federation & Single Sign-On through the cloud without ADFS

Identity Federation is the process where applications delegate the responsibility of user authentications to a third party system. By delegating access for all your applications through a single federation system, you can achieve single sign-on – where users only need to login once to be able to access any number of their applications. But federation is much more important than single sign-on (read our post on this), as it allows organisations to centralise the access management function. This can have benefits to user experience, security, application on-boarding, service logging and monitoring, operational efficiency in IT, and a lot more.

The hidden costs and burdens of ADFS

Many people associate Federation with Microsoft’s ADFS ‘Active Directory Federation Service’ product – but there are a large number well documented drawbacks in using ADFS. First is the burden of ownership. Is your organisation a specialist in identity management – or is it an educational institution, business, charity, or public sector/government body etc? Running your own identity service is a major undertaking and if something goes wrong the stakes are high. If you don’t have internal identity specialists, you’re likely to require external support from a professional services company. If that’s the case, just watch those bills escalate every time you need a fix or change making. And if ADFS or your AD falls over, every second counts, your implementation partner might not have any availability until next week. Not good enough.

Another major issue is the considerable hidden cost associated with ADFS. People can be enticed by the fact that the software is free, but that’s a major illusion. A bit like getting excited that the Coke bottle comes for free with the Coke. It’s not free at all – you’re still indirectly paying for it. Don’t believe us? We’re not the only Microsoft competitors who have noticed this. Both Okta and OneLogin have created extensive white-papers covering the hidden costs of ADFS as well. Check them out! Just come back to IAMCloud.com once you’re done 😉

The Hidden Costs of ADFS – Hardware & Licensing

ADFS needs infrastructure – physical servers on-prem or IaaS – and that needs money.

Servers and IaaS both need licensing for Windows Server – this needs more money.

To run ADFS with high availability you need a redundant service. So you need to double up your costs.

Don’t forget the proxy! ADFS needs a web application proxy (WAP) server.

Don’t forget DirSync. Want identity workflows? You’ll need MIM + SQL Server too.

Want password write-back to Active Directory? You’ll still need to upgrade to Azure AD Premium.

The Hidden Costs of ADFS – Management & Support

Authentication infrastructure needs monitoring & alerting software to stay resilient

ADFS is on Version 4. That’s 3 major service upgrades to manage so far. More will follow.

ADFS is complex. Any future customisation or application onboarding will need expertise or professional services.

ADFS on-prem? Are you considering the energy & space costs? In IaaS? That’s even pricier.

How about those time costs spent on researching, planning, implementing & managing ADFS?

Things go wrong. Better have a decent disaster recovery system & process in place.

IAM Cloud vs ADFS

IAM Cloud is a leading cloud-based alternative to ADFS. It doesn’t require any on-premises servers, proxies, fail-overs, monitoring, ancillary platforms, upgrades, professional services, energy costs, physical space or disaster recovery systems. Everything is taken care of and managed by a team of professional identity management specialists. And better yet, it’s got a lower cost of ownership than ADFS… Oh, and unlike ADFS, IAM Cloud is also completely Hurricane-proof (see blog post).

IAM Cloud Platform Pricing

IAMCloud-masthead

Using ADFS to federate Office 365?
Discover everything IAM Cloud can do with Office 365…

Want to federate different applications?
See a list of our federated application connectors…