When you are the account partner administrator and you have a deployment goal to provide federated access for employees on your corporate network:
- Employees who are logged on to an
Active Directory Domain Services (AD DS) forest in the
corporate network can use single sign-on (SSO) to access multiple
applications, which are secured by Active Directory Federation
Services (AD FS), when the applications are in a different
organization.
For example, A. Datum Corporation may want corporate network employees to have federated access to applications that are hosted in Trey Research.
- Employees who are logged on to an AD DS
forest in the corporate network can use SSO to access multiple
applications, which are secured by AD FS, in the perimeter
network in your own organization.
For example, A. Datum Corporation may want corporate network employees to have federated access to applications that are hosted in the A. Datum Corporation perimeter network.
- Information in the AD DS account store
can be populated into the employees' AD FS tokens.
To set up this environment, you perform administrative tasks for installing a federation server and configuring the Federation Service in the account partner organization. The following table provides links to the checklists that you need to follow to install the first federation server in your organization, configure the Federation Service, and set up a federation trust with a resource partner.
Preparing and configuring a federation server for federation
Step | Reference | |
---|---|---|
|
Configure the federation server to work with Domain Name System (DNS), install and configure certificates, and verify that the server is functional. |
|
|
Configure the federation trust with a resource partner organization. |