When to Use Authorization Manager

Applies To: Windows Server 2008

Authorization Manager is a component of Windows Server 2008 that provides role-based access control (RBAC) infrastructure for applications. When Authorization Manager is used with Active Directory Federation Services (AD FS), it offers the following advantages:

  • Administrative efficiency: Administrators can use Authorization Manager to map AD FS claims to specific application roles to more easily control and enforce corporate access policy, rather than have corporate access policy built directly into a claims-aware application.

  • Developer flexibility: Developers can create claims-aware applications that take advantage of the application authorization framework of Authorization Manager. The applications can then use RBAC policy and claims to make authorization decisions.

Federated claims-aware applications must be written specifically to take advantage of RBAC. For information about how to map AD FS claims to Authorization Manager roles, see Deploying Applications Using Windows Authorization Manager (http://go.microsoft.com/fwlink/?LinkId=77376).