7 Things Your Boss Should Know About Federation

Federation, Single Sign On, or Web SSO, refer to the concepts and standards around enabling the re-use of your on-premise Active Directory credentials for external and partner applications.  Federation and the associated standards, have been around for quite a while and are mature.  Here are 7 things your boss and you should know about federation and your organization.

1. Federation is all about the end-user experience

With federation, you are essentially using your own on-premise active directory usernames and passwords.  From a user perspective, this really means less credentials to use, memorize, and manage (i.e. what’s my username and password again?).  This helps to reduce or eliminate those pesky sticky notes under the user’s keyboards.

2. Federation eases identity management issues

A common challenge with SaaS and partner applications is provisioning and terminating access to applications, not to mention password changes and the inevitable forgotten password.  And don’t even mention differing application password complexity requirements.  Federation eliminates all those issues, as the identity management process is bound to your own Active Directory, and your internal management processes.  Terminated users?  No problems, once their AD account has been disabled.

3. Federation increases your security posture

Since federation leverages your own on-premise infrastructure, and your own investments in monitoring, processes, and security layers, you can seamlessly integrate federation into your own environment, and still take advantage of your tools.  Need to provide audit reports?  You can do that from the federation servers.  Need to use strong authentication? Federation supports those as well.  Concerns about a cloud provider’s authentication methods?  Not an issue, since you now control that process.

4. Federation can decrease support costs

One of the most common issues Help Desk technicians face, is the password reset issue.  Combine that with SaaS applications (who can change user passwords again?), this can result in an overwhelming amount of calls.  With federation leveraging on-premise credentials, and combined with a self-service password reset tool, organizations can dramatically decrease these expenses, lost productivity, and burden on the support staff.

5. Federation can be used for partners or mergers as well

Federation is not only for SaaS and hosted cloud providers.  If you need to allow access to applications for partners, federation is a simple way to provide that.  If you are in a merger and acquisition scenario, federation enables access without needing to synchronize directories.

6. Federation is becoming easier to implement

Federation is becoming wide spread, and easier to implement as well.  From on-premise solutions to cloud identity providers, organizations can choose the one that fits their needs and requirements, the best.  Having multiple services is not a bad practice either, as that will provide you with the right tools and services for your business users.

7. Federation is becoming part of how we provide IT services

Gone are the days when organizations ‘walled’ off their network and applications.  Today, the flexibility for business to choose their own applications, rather than IT handing over a bunch of applications to them, is extremely important.  In order to be able to provide the security required, and help the security team sleep a night, federation is a must have service in every organization.  Even if you are not planning to implement any SaaS applications, or have partner requirements at present, you can get a head start for the future.


Hopefully, by now, you have a better idea of what role federation plays in your IT services setup.  To learn about how Celestix ADFS Bridge Appliance can help you achieve your goals around federation, or single sign on for Office 365 or other SaaS applications, get in touch with us. Call sales on 510.668.0700 or email sales@celestix.com. You can also learn more about our ADFS Bridge Appliance here.


Exit mobile version