Export (0) Print
Expand All

Web SSO Design

Published: February 24, 2012

Updated: February 24, 2012

Applies To: Windows Server 2012



In the Web Single-Sign-On (SSO) design in Active Directory Federation Services (AD FS), users must authenticate only once to access multiple AD FS-secured applications or services. In this design all users are external, and no federation trust exists because there are no partner organizations. Typically, you deploy this design when you want to provide individual consumer or customer access to one or more AD FS–secured services or applications over the Internet, as shown in the following illustration.

Web SSO

With the Web SSO design, an organization that typically hosts an AD FS-secured application or service in a perimeter network can maintain a separate store of customer accounts in the perimeter network, which makes it easier to isolate customer accounts from employee accounts.

You can manage the local accounts for customers in the perimeter network by using either Active Directory Domain Services (AD DS), SQL Server, or a custom attribute store.

This design coincides with the deployment goal in Provide Your Active Directory Users Access to Your Claims-Aware Applications and Services.

For a list of detailed tasks that you can use to plan and deploy your Web SSO design, see Checklist: Implementing a Web SSO Design.

Was this page helpful?
(1500 characters remaining)
Thank you for your feedback

Community Additions

ADD
Show:
© 2014 Microsoft