Can we authenticate a third party's users with our ADFS? RRS feed

  • Question

  • We have a working implementation of ADFS authenticating our users with a cloud based Learning Management System.

    We have a potential new contract that would require us to authenticate another organization's users using their AD and a CAC card. 

    I know that this would be possible by moving to a cloud-based authentication provider like Okta, and scrapping ADFS. But is there any way we could do it in-house with our ADFS? Or possibly an add-on to ADFS?

    Any advice would be appreciated!


    Saturday, October 19, 2019 1:44 PM

All replies

  • ADFS can trust other organization yes.

    If the organization has already a STS (like ADFS, Ping Federate, Shibboleth….) you can "simply" create a claim provider trust (and they will have to create a trust on their side too).

    If the organization has no STS, well they could install one for the purpose of this trust.

    I am not sure how moving to a cloud-based provider solve anything though. Is your learning app trusting ADFS or a cloud-base provider?  

    Note: Posts are provided “AS IS” without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.

    Friday, October 25, 2019 10:07 PM