My Company is planning for SSO with our Deployment of Office 365. Is ADFS Right for Us or is There a better Solution?
Many customers struggle with security and at no time has security becomes more of a focus than now, with the move to the Cloud. Office 365 provides a seamless user experience while offloading the burden of on-premises infrastructure needed to meet availability requirements. There are several options for deployment of Identity Single Sign-on in the Market Place. Active Directory Federation Services (ADFS) provides SSO for Office 365 as well as on-premises applications.
ADFS can be deployed on-premises but this defeats the efforts of moving to the cloud due to the required infrastructure needed. This infrastructure includes at least 2 STS/ internal and 2 Web Proxies in at least 2 data centers. Additionally load balancing, 3rd party certificates, and daily management to ensure local and site resiliency is required. Also rule of thumb sizing is to size ADFS servers for up to 15K users per server. Once the STS grows to greater than 5 servers for the farm, SQL is required. And there is a planning and deployment phase that can take several months before live deployment is complete, resulting in significant project costs.
But another option is to host ADFS in Azure. This is a great idea when you look at it initially because it allows for removal of the on-premises hardware. But then we read further and see this documented on Microsoft’s website:
“Enterprise customers who adopt Office 365 often want to minimize their on-premises infrastructure requirements.
Many enterprise customers want to use single sign-on (SSO) through Active Directory Federation Services (AD FS) and the Azure Active Directory Sync tool. These technologies allow users to access the Office 365 service with their existing Active Directory credentials (user name and password). Traditionally, enabling SSO requires deploying servers and services on-premises.
With the introduction of Azure Virtual Machines, customers who require Active Directory federation have another Microsoft-supported choice for hosting these services.
Integrating Office 365 with your existing on-premises platforms requires careful planning, regardless of whether they’re implemented on-premises or in Azure. Planning the implementation and management of these infrastructure components in the cloud is almost identical to the on-premises infrastructure.”
Part of the benefit to moving to the cloud is also to get out of all the complex deployments and management still required with ADFS, whether deployed on premises or the cloud. Okta can be deployed with minimal planning and downtime and there is no management needed of the infrastructure regardless of where it is hosted.
As a customer looking at solutions, the first order of business is to make sure you have a solid understanding of the requirements for SSO now and into the future to ensure you select the right vendor to do the job. Once you understand the requirements, you can easily rule out solutions and focus in on the ones that can handle the job. Okta is available for free to test the ease of setup and user assignment. Check it out at www.Okta.com