Provide Your Users with Access to Federated Applications by Configuring the Federation Service
Applies To: Windows Server 2008, Windows Server 2008 R2
When you are the account partner administrator and you have a deployment goal to provide federated access for employees on your corporate network:
Employees who are logged on to an Active Directory Domain Services (AD DS) forest in the corporate network can use single sign-on (SSO) to access multiple applications, which are secured by Active Directory Federation Services (AD FS), when the applications are in a different organization.
For example, A. Datum Corporation may want corporate network employees to have federated access to applications that are hosted in Trey Research.
Employees who are logged on to an AD DS forest in the corporate network can use SSO to access multiple applications, which are secured by AD FS, in the perimeter network in your own organization.
For example, A. Datum Corporation may want corporate network employees to have federated access to applications that are hosted in the A. Datum Corporation perimeter network.
Information in the AD DS account store can be populated into the employees' AD FS tokens.
To set up this environment, you perform administrative tasks for installing a federation server and configuring the Federation Service in the account partner organization. The following table provides links to the checklists that you need to follow to install the first federation server in your organization, configure the Federation Service, and set up a federation trust with a resource partner.
Preparing and configuring a federation server for federation
Configure the federation server to work with Domain Name System (DNS), install and configure certificates, and verify that the server is functional.
Configure the federation trust with a resource partner organization.