Webcast: Windows Server 2003 R2: Active Directory Federation Services

  • Article

Question:

Is there any connection between ADFS and MIIS? I was surprised MIIS didn't come up in you presentation.

Answer:

ADFS is provides single-signon to web applications whereas MIIS is for more complex, non-web, identity management. Hope the links and excerpts from those links help…

 

 

Excerpt from the Overview of Active Directory Federation Services (ADFS) in Windows Server 2003 R2 at https://www.microsoft.com/WindowsServer2003/R2/Identity_Management/ADFSwhitepaper.mspx

 

 

Active Directory Federation Services (ADFS) is a component in Microsoft® Windows Server™ 2003 R2 that provides Web single-sign-on (SSO) technologies to authenticate a user to multiple Web applications over the life of a single online session. ADFS accomplishes this by securely sharing digital identity and entitlement rights, or "claims," across security and enterprise boundaries.

ADFS is not:

• .NET Passport.

• A database or repository for employee or customer identity data.

• An extension of the Active Directory™ directory service schema.

• A type of Windows domain or forest trust.

ADFS in Windows Server 2003 R2 supports the WS-Federation Passive Requestor Profile (WS-F PRP).

 

From MIIS 2003 Product Overview at https://www.microsoft.com/windowsserversystem/miis2003/evaluation/overview/default.mspx

 

MIIS 2003 is the third major release of our identity management and integration product—encompassing more than four years of experience solving complex identity management problems for customers. In answer to customer requests for a product that helps reduce the cost of managing identity information spread throughout their enterprise, MIIS 2003 enables you to:

• Synchronize identity information. With MIIS 2003, you can synchronize identity information across a wide variety of heterogeneous directory and non-directory identity stores. This allows you to automate the process of updating identity information across disparate platforms while maintaining the integrity and ownership of that data across the enterprise.

• Provision and de-provision accounts. MIIS 2003 allows you to easily provision and de-provision user’s accounts and identity information such as distribution, e-mail, and security groups across systems and platforms. New accounts for employees can be created quickly based on events or changes in authoritative stores like the human resources system. Additionally, when employees leave a company, they can be immediately de-provisioned from those same systems.

• Synchronize and manage passwords. MIIS 2003 enables password synchronization, self-service, and help desk-initiated password management and reset from a Web browser. End users and help desk staff no longer have to use multiple tools to change passwords across multiple systems as MIIS automates the synchronization of passwords. Password management capabilities allow passwords to be easily reset across multiple systems from one easy-to-use Web interface.