Integrate AD with the Cloud

Achieve SSO without Managing Multiple Trust Relationships

Federation promises to link disparate identity sources, making it easier to add applications or securely share information with your partners. The first step is to make sure you can connect to some of your most important users: your employees stored in Active Directory. Most businesses today are centered around a Microsoft Windows network, so your employees are generally stored in Active Directory, and benefit from the advanced protection of Kerberos security. But even though it’s an essential part of the infrastructure, Microsoft doesn’t always integrate well with the rest of the world.

To achieve SSO with cloud applications for users in AD, your enterprise could:

  1. Establish trust relationships between multiple AD domains—but managing all of those trusts can be difficult.
  2. Use Active Directory Federation Service (ADFS), which only manages your Microsoft identity stores, so you would have to manage trusts between different domains and forests—leaving identities beyond Active Directory out of SSO.

A component within the RadiantOne suite, the Cloud Federation Service (CFS) can either work with your existing ADFS infrastructure or replace it entirely, allowing you to integrate Active Directory without having to manage multiple trust relationships. CFS establishes single sign-on for users authenticated in Active Directory. Radiant Trust Connectors installed on AD domains send tokens to CFS, and then those tokens are transformed into the specific format the application expects—extending access to non-Microsoft applications for users in AD, without asking them to re-authenticate.

RadiantOne CFS

Thanks to the Radiant Trust Connectors, users stored in AD can get SSO to claims-aware applications.

CFS enables users in any AD domain to be authenticated using Windows Integrated Authentication, then translates the Kerberos token into a SAML token and sends it to the appropriate Relying Party, securely enabling SSO to claims-aware applications. So users can leverage their AD credentials to access non-Microsoft applications—without the IT team having to synchronize AD user accounts into another data source.

Dig Deeper: