Is ADFS Really Saving You Money?

by Jay Ouellette 0 Comments

ADFS-No-Free-Lunch-Portal-Guard-Blog-1Active Directory Federated Services (ADFS) from Microsoft is well known for its simplicity and ease of use. Many organizations and schools adopt ADFS for these reasons, only to realize that it does not always play well other applications.

For example, getting the online education platform Blackboard to integrate with Active Directory Federation Services is next to impossible, as ADFS does not support single signon protocol CAS (Central Authentication Service). CAS, which allows a user to access multiple applications with a single set of credentials, is commonly used in the higher education sector. This is a big gap.

In other industries (outside of the education sector), users need to access other applications that are not within the ADFS umbrella.

Another challenge associated with Active Directory Federation Services is that any updates or new features for it require full Windows OS upgrades -- a daunting task for any large organization or institution.

 

Growth often requires change

As organizations grow, the limited capabilities of ADFS will have greater impact, and the IT resources to keep it running will increase. Unanticipated consultant fees will start piling up and suddenly, a system that once was free and easy to use becomes a nightmare for organizations.

There are times when a free solution is not exactly free. And cybersecurity is not an area to shortcut. The challenge for organizations is in determining the tipping point, when migrating to a more robust solution is the cost-effective (not to mention safest) answer.

The right solution can cater to specific roles and access within an organization, provide enhanced MFA capabilities and enable inline self-service password reset solution.

 

Stay with Microsoft or leave for another 3rd party vendor, if budget allows.

Staying with the global giant has it perks, but those perks come with a premium price tag. Microsoft’s paid version includes per-feature costs for features one would think would come standard, such as password reset functionalities and 2FA (two-factor authentication). These key features are needed and valued, but require upgrading to the not so free Azure Premium.

The above migration path, from ADFS to Microsoft Azure, is a common scenario for on-premises ADFS customers. Yet even with the premium version, there are functionality gaps. Azure password resets lack direct feedback on password quality based upon an organization’s password policy. Users can unintentionally undermine an organization’s security with weak passwords.

Built for on premise environments, Active Directory Federation Services does what any organization needs it to do: it connects users with other applications and services with little hassle. For a small company, it will generally provide a solid solution. It is when a company experiences growth and expansion that IT administrators face the tough choice of moving everything to the cloud or continuing to maintain the infrastructure on premise.

 

We have a solution for you!

Thankfully, Active Directory Federation Services is not the only game in town. PortalGuard is a complete offering that eliminates shopping à la carte. Clients are not required to pay a premium for Multi-Factor Authentication (MFA) or a simple Self-Service Password Reset. With PortalGuard, an organization can consolidate multiple login prompts, streamline password resets, and increase security – all for a single, budget-friendly price.

Additional features, such as limiting access to your organization's applications with Contextual Authentication, are among PortalGuard’s full product offering, and may be used alongside Federation for no additional fee.

PortalGuard also offers a full set of deployment options. For organizations happy with ADFS, but just seeking an easy way to provide a reset/recovery of passwords for their users, PortalGuard’s Self-Service Password Reset solution is also available as a standalone purchase.

Giving your organization the complete functionality without breaking the budget is why PortalGuard’s all in one shop is the right choice for providing a seamless and secure experience.

Questions? We’re here to help!

 

Tags: Microsoft, Single Sign-On, Single Sign-On (SSO), Windows 10, Single Sign-On Options, security compliance

Jay Ouellette

Author: Jay Ouellette