When your deployment goal is to provide single-sign-on (SSO) access for customer accounts to hosted applications that are secured by Active Directory Federation Services (AD FS):
- Customers who are logged on to the
Active Directory Lightweight Directory Services (AD LDS)
account store, which is hosted in your perimeter network, can
access multiple AD FS-secured applications, which are also
hosted in your perimeter network, by logging on one time from
client computers that are located on the Internet.
In other words, when you host customer accounts to enable access to applications in your perimeter network, customers that you host in an account store can access one or more applications in the perimeter network simply by logging on once to the Federation Service.
- Information in the AD LDS account store
can be populated into customers' AD FS tokens.
To set up this environment, you perform administrative tasks for installing a federation server, configuring the Federation Service, and installing an AD FS-enabled Web server. The following table provides links to the checklists that you need to follow to install the first federation server in your organization, configure the Federation Service, and configure an AD FS-enabled Web server for SSO access.
Preparing and configuring a federation server and AD FS-enabled Web server for SSO access
Step | Reference | |
---|---|---|
|
Read about each of the servers and requirements necessary to implement a Web SSO environment in your organization. |
|
|
Configure the federation server to work with Domain Name System (DNS), install and configure certificates, and verify that the server is functional. |
|
|
Configure the AD FS-enabled Web server to work with DNS, install certificates and the appropriate AD FS Web Agent, and verify that the server is functional. After you complete the tasks in this checklist, you can set up the AD FS-enabled Web server to host claims-aware applications or Windows NT token–based applications. |
|
|
Depending on your organizational needs, install a claims-aware application on the AD FS-enabled Web server and verify that it is operational. |
|
|
Depending on your organizational needs, install a Windows NT token–based application on the AD FS-enabled Web server and verify that it is operational. |