none
Difference and similarity between ADFS and FIM RRS feed

  • Question

  • WHAT IS THE DIFFERENCE BETWEEN ADFS AND FIM? CAN I USE FIM FOR SINGLE SIGN ON? WHAT ARE THE USE CASES OF FIM?
    Thursday, July 31, 2014 9:19 PM

All replies

  • FIM doesn't do single sign on like ADFS or other types SAML based tools.  FIM can provision identities in LDAP/AD which can then be used as an ID repository for ADFS.  From there ADFS issues the SAML tokens based on claims(attributes) coming from something like Active Directory.

    If this post has been useful please click the green arrow to the left or click Propose as answer

    Thursday, July 31, 2014 9:29 PM
  • Dear Scot,

    Thanks for your reply, both names look somewhat similar to each other (Active directory federation services & Federated Identity Management) and I couldn't find any article relating ADFS and FIM.
     
    I read that ADFS support multi-domain environment, ADFS 2.0 with a patch, In this case or any other scenarios how FIM can complement ADFS?
     
    Regards,

    Friday, August 1, 2014 4:51 AM
  • Hi invisible qubit.

    It is Forefront Identity Manager not Federated IM :)

    The main difference between them is that ADFS would authenticate you in local Active Directory of your company, so Here you would have SSO considered as Single-Sign On. FIM could do something different. It would synchronize users data to connected system (for example Office365) so you would use the same username/password for login, but it would not require continuous availability of server (as in ADFS scenario).

    Here you have some pros and cons of ADFS: Active Directory Federation Services (ADFS) vs. Password Sync

    And here you have a great comparison between ADFS and DirSync (so... ADFS vs FIM) scenario for end user: ADFS/SSO versus Password Sync End User Experience for Office 365

    If you would like to provide SSO for your website or Office 365 accounts, I would recommend a close look between ADFS and DirSync. FIM can do much more than DirSync but if you would like only SSO, there is no need to use "whole" FIM for it.


    If you found my post helpful, please give it a Helpful vote. If it answered your question, remember to mark it as an Answer.

    • Proposed as answer by Mike Crowley Tuesday, August 5, 2014 4:47 AM
    Friday, August 1, 2014 5:36 AM