locked
Workplace Join and Identity Manager RRS feed

  • Question

  • I am trying to understand the changing role of Identity Manager (nee ForeFront Identity Manager). It appears it is somewhat replacing the Windows Server Active Directory Federation Server (ADFS) role.

    If you deploy Identity Manager to do the DirSync and Federation between an Windows Server AD and Azure AD, will you still need to deploy ADFS to workplace join devices?

    Thanks.

    Saturday, May 17, 2014 5:47 PM

Answers

  • Hi Michael,

    I am not in a position to comment on any later released at this moment in time, but in essence if you are going to using a synchronization engine this will purely ONLY sync the Active Directory Objects. Today if you are to use Forefront Identity Manager to do this then  you will not be able to synchronize the password hash's you would need to manage the passwords via cloud or/ you would need to use Active Directory Federation Services for SSO experience.

    If you do not want to deploy AD FS, and you purely want to use just the synchronization product for both AD Objects and Passwords then today you would need to use DirSync (Directory Sync Tool) or/ you can use AAD Sync which is the new product which is due to be generally available in the forthcoming future. {AAD Sync handles most of the scenarios that DirSync previously couldn't meaning you needed to use FIM}.

    In terms of Identity Manager and weather that is or is not the next version of FIM it's not currently defined as to weather Password Sync will be possible when the next version of this enterprise product is released. If you are involved in this product life-cycle then be sure to check for updates on the relevant blogs for announcements.

    Please Note: Password Synchronization & Federated Identity are two different identity scenarios and both have different sign-in behavior and sign-in experiences for end-users. so it will depend on your requirements as to what option you should choose to opt-in for.

    I hope that helps, if you need any further information or. if I have not answered your question be sure to let me know.

    Thanks,

    James.

    Tuesday, July 15, 2014 10:54 PM

All replies

  • Hi,

    I am not sure if I understand your question correctly? If you want to use Workplace Join you will need to deploy Active Directory Federation Services.

    If you can elaborate on what you mean by Identity Manager I maybe able to help you further. :-)

    Thanks,

    James.

    Tuesday, July 15, 2014 4:55 PM
  • I think Identity Manager is the new name for the Forefront Identity Manager. I guess what I am trying to figure out is whether it can be used to totally replace ADFS, or if an organization would use both.

    Thanks.

    Tuesday, July 15, 2014 5:04 PM
  • Hi Michael,

    I am not in a position to comment on any later released at this moment in time, but in essence if you are going to using a synchronization engine this will purely ONLY sync the Active Directory Objects. Today if you are to use Forefront Identity Manager to do this then  you will not be able to synchronize the password hash's you would need to manage the passwords via cloud or/ you would need to use Active Directory Federation Services for SSO experience.

    If you do not want to deploy AD FS, and you purely want to use just the synchronization product for both AD Objects and Passwords then today you would need to use DirSync (Directory Sync Tool) or/ you can use AAD Sync which is the new product which is due to be generally available in the forthcoming future. {AAD Sync handles most of the scenarios that DirSync previously couldn't meaning you needed to use FIM}.

    In terms of Identity Manager and weather that is or is not the next version of FIM it's not currently defined as to weather Password Sync will be possible when the next version of this enterprise product is released. If you are involved in this product life-cycle then be sure to check for updates on the relevant blogs for announcements.

    Please Note: Password Synchronization & Federated Identity are two different identity scenarios and both have different sign-in behavior and sign-in experiences for end-users. so it will depend on your requirements as to what option you should choose to opt-in for.

    I hope that helps, if you need any further information or. if I have not answered your question be sure to let me know.

    Thanks,

    James.

    Tuesday, July 15, 2014 10:54 PM