Was this page helpful?
Your feedback about this content is important. Let us know what you think.
Additional feedback?
1500 characters remaining
Export (0) Print
Expand All

Web SSO design

Updated: December 15, 2006

Applies To: Windows Server 2003 R2

In the Web Single-Sign-On (SSO) design in Active Directory Federation Services (ADFS), users must authenticate only once to access multiple ADFS-secured applications. In this design all users are external, and no federation trust exists because there are no partners. Typically, you deploy this design when you want to provide customer access to one or more ADFS-secured applications over the Internet, as shown in the following illustration.

Web SSO (B2C) design

With the Web SSO design, an organization that typically hosts an ADFS-secured application in a perimeter network can maintain a separate store of customer accounts in the perimeter network, which makes it easier to isolate customer accounts and employee accounts.

You can manage the local accounts for customers in the perimeter network by using either Active Directory or Active Directory Application Mode (ADAM) as the account store.

This design coincides with the deployment goal to provide SSO access for customers to your hosted applications. For more information, see Provide single-sign-on access for customers to your hosted applications.

To learn more about the flow of ADFS communications in this design, see Web SSO example.

For a list of detailed tasks that you can use to plan and deploy your Web SSO design, see Checklist: Implementing a Web SSO Design.

Was this page helpful?
(1500 characters remaining)
Thank you for your feedback

Community Additions

© 2015 Microsoft