Active Directory Federation Services (AD FS) uses sign-on (SS) technology which entitles users to access applications in a separate network or forest without the need of secondary credentials for a web server. AD FS is optimal for organizations who regular perform business-to-business transactions with other companies outside their own server but do not want any chance of their security compromised. AD FS formulates a trust relationship between two businesses which allows users to access servers in both organizations using their own existing Active Directory accounts. Each organization is responsible for managing the identity of their users and accepting the identities of users from other organizations through AD FS.
AD FS is only available in Windows Server 2008.
Navigate to Start – Administrative Tools – Server Manager. In Server Manager, select Roles and then click on Add Roles in the right hand pane.
The Add Roles Wizard commences. Click Next to continue. On the Select Server Roles page, tick the check box for Active Directory Federation Services and click Next.
The Active Directory Federation Services (AD FS) introductory page appears. Click Next to continue.
On the Select Role Services page, tick the checkbox for Federation Service. An Add Roles Wizard dialog box pops up requesting if you want to add role services and features required for AD FS. Click Add Required Role Services to continue.
Tick the checkbox for AD FS Web Agents and then click Next.
On the Choose a Server Authentication Certificate for SSL Encryption page, you need to choose a server authentication certificate suitable for SSL encryption to add to the default site in Internet Information Services (IIS). The options available are:
- Choose an Existing Certificate for SSL Encryption (Recommended)
- Create a Self-Signed Certificate for SSL Encryption
On the Specify Federation Server page, enter in the name of the server in the Federation Server text box. Click Validate and then Click Next to continue.
Note: Alternatively, you can type the IP address of the server if you prefer.
The Select Trust Policy page appears where you can either accept the default selection to create a new trust policy or select an existing trust policy. Click Next to continue.
The Web Server (IIS) introductory page displays. Click Next.
The Select Role Services page appears. We recommend to accept the default services and click Next.
On the Confirmation page, you can review the configuration settings for the AD FS. If you are fine with the settings, click Install.
When installation is complete, click Close. AD FS is now installed on the server.