Federated Sign-On? What does this mean for me?

April 11, 2011  |  3 Comments  |  by Thomas   |  Blog, News

Cloud computing often gets a bad rep for being insecure. That reputation may be miss-placed. Exchange Online, Lync Online, and SharePoint Online will share a secure federated sign-on process in Office 365. So what does this mean?

Many cloud computing services, such as hotmail for example, are accessed directly from the internet. You visit their site and enter your password. This essentially means your password is flying through cyberspace. It also means your browser may be retaining your password in a less the wholly secure manner. Lastly, as you use other cloud services, you must continue putting in your password redundantly throughout the day.

I’ll give you the name, then back up and explain, so keep reading: Office 365 will support what is called ADFS (Active Directory Federated Services). This represents a massive change in technology. Corporate users will no longer have to remember various passwords for various applications and log in redundantly throughout the day. They instead will log in once. This will automatically validate with a local active directory server rather than via the internet (Microsoft SBS Essentials 2011 is expected to be the most cost effective means of purchasing this). The user can then access secure sites all day long without re-entering passwords. This is because ADFS is dishing out that information on the users behalf.

Why is this great?

It is more secure: I like to use the analogy of going to the airport. You walk up to buy your tickets and they don’t ask for a password. They want to see identification, you provide them a drivers license. You might take it for granted, but the only reason they will take the drivers license is because they trust the state institutions to do a good job validating you. After they have seen this validation they let you on through security.

In the same way, your cloud service provider establishes a relationship with your local server. So you validate locally, then your server sends out a coded response saying it is ok for you to go forward. Much like a drivers license, it only is fit for you, and it doesn’t have an all powerful password on it. Throughout the day, this process is repeated, however the user doesn’t see it going on.

The IT Pros also love this for a number of reasons:

  • We can control access to services as needed per security, for example, we can restrict access to the cloud without running through ADFS, OR we can only permit access via the cloud (after business hours when no one should be at work, for example).
  • It gives us more granular control over the network security functions. We can lock out individual users, manage workstations, and administer password policies, all without going online.
  • Generally, with less passwords, it will mean significantly reduced support calls. And the support calls we do get will likely be more interesting in nature (no offense, but resetting passwords all day is not a lot of fun).
  • There is strong support for two-factor authentication. This allows Office 365 to be deployed in environments where previously cloud computing had no role by providing the ability to scale security as needed.


  • [Return Home]

Posted in Blog, News and tagged , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *