Don't Break the Bank When Adding Functionality and Security to AD FS

by Jay Ouellette 0 Comments


When considering a service, you may be wondering how to determine which option is right for you. We discuss the advantages and limitations of Microsoft's AD FS below. Read this post to discover why you might want to opt for PortalGuard's solution instead.

AD FS What to Know Before Implementation

Microsoft’s Active Directory Federation Service (AD FS) is available for any organization to use as an accessible implementation option for Single Sign-On. Microsoft’s big name and popularity all but guarantee a top-notch product that many consumers will trust implicitly. Additionally, AD FS takes advantage of two popular industry standard protocols: WS Federation and SAML.  This allows for more functionality through token-based SSO to other systems. All of which creates an organized login for end users.

However, this federation service is not without its own limitations.  For instance, AD FS only runs on Windows Server and requires and additional installation of IIS (Internet Information Services). Before jumping into any implementation, it is important to know what the product can and cannot do for you.  AD FS is no different and must be considered carefully in advance.

What is your organization looking to achieve?

Picture your organization's needs and think about what is required from an identity management point of view. Managing application access to a single login point is just the tip of the iceberg. For example, keep in mind that AD FS only provides a Single Sign-On solution.  Other features that may be of use to your organization are:

  • Multifactor Authentication
  • Self-Service Password Reset
  • Password Recovery
  • Single Logout

AD FS is flexible to an extent, allowing for added services such as 2FA and SSPR. Unfortunately, however, these services typically come from Microsoft at an added premium cost. That doesn’t have to be the case.  Once you know what features your organization needs, you can implement a solution alongside AD FS without the premium costs associated with Microsoft.  In some cases, it may even make sense to find a single Authentication Package that provides Single Sign-On as well as additional security and usability features.

The Hidden Costs of AD FS: Free White Paper!

Protection and seamless intuitive user experience - at a cost.

The real question here is: how much are you willing to pay?  While Microsoft’s AD FS solution will get your foot in the door, it takes a lot of additional investment to truly build out an environment for both security and usability.  Microsoft hopes to push you towards their full services and everyone knows that free is never really free.

This scenario is comparable to a free game on your phone. The use is fun until you hit a certain level: in this case, the needs of an organization (i.e. increased security and flexible options). Suddenly, the situation becomes pay to win.

For many organizations, AD FS has been integrated within their environment for so long that administrators feel the need to stick with Microsoft for MFA and SSPR. Of course, that’s where they get you. As always, it comes down to price. Cost becomes a hindrance to proceed with necessary functionality that will improve and secure an organization's IT environment. It shouldn’t have to be that way.

Built for on premise environments, AD FS does what any organization needs it to do: it connects users with other applications and services with little hassle. For any small company, this will work just fine. It is when a company begins its inevitable expansion that IT administrators have to begin making the tough choices. Will you move everything to the cloud or keep maintaining the infrastructure on premise.

We have a solution for you!

Thankfully, AD FS is not the only game in town.  A complete offering such as PortalGuard eliminates shopping à la carte. You are not required to pay a premium for Multi-Factor Authentication or a simple Self-Service Password Reset. With PortalGuard, an organization can consolidate multiple login prompts, streamline password resets, and increase security for a single, budget-friendly price. Additional features, such as limiting access to your organization's applications with Contextual Authentication, are among PortalGuard’s full product offering to be used alongside federation for no additional fee. PortalGuard also offers a full set of deployment options. For those organizations happy with AD FS, but just need to provide an easy way to provide a reset/ recovery of passwords for their users, PortalGuard’s Self-Service Password Reset solution is available as a standalone purchase.

 Giving your organization the complete functionality without breaking the budget is why PortalGuard’s all in one shop is the right choice for providing a seamless and secure experience.

 Let's set up a time to connect!  


Tags: contextual authentication, Microsoft, Microsoft Active Directory, On-premise, software as a service, SSO, Self-Service Password Reset, Single-Factor Authentication, Single Sign-On (SSO), SSPR, support, two-factor, Two-Factor Authentication, #twofactor, AD FS, Single Sign-On Options, single logout

Jay Ouellette

Author: Jay Ouellette