5 Things You Need to Know about ADFS

When it comes right down to it, finding an effective way of cutting unnecessary losses might be just as good as generating a profit. Sounds obvious? That’s because it is – at least until you actually start looking into it. Alas, yes. It is easy to tell oneself to start saving money (or to start doing anything, really), but figuring out exactly how and where to do it is actually pretty challenging, especially for larger businesses. The more assets and people you manage, the more likely you are to see profit “leaks”. This problem is exacerbated as the variety of assets and people you manage increases, too.

Adopting ADFS is one way businesses have recently managed to significantly plug profit leaks. This is done through improving the way we manage accesses to the plethora of systems and applications exploited daily. Don’t know what ADFS is? No worries; our team has you covered. Here’s our list of key things you should certainly know about ADFS and related systems.

1. What Is ADFS?

Active Directory Federation Services, or ADFS, is a software component that saw its first version published by Microsoft in 2003. Its main purpose is to provide Windows users with Single Sign-On (SSO) access to a variety of compatible systems and applications. The more recent versions of ADFS are built upon the SAML 2.0 protocol (Security Assertion Markup Language), which allows the secure exchange of authentication and authorization data.

2. What is Single Sign-On?

Single Sign-On is the name given to a particular method for users to seamlessly access multiple restricted systems and applications with the use of a single username and password combination. This method exploits information found in a repository of user data (usually composed of multiple unique combinations – known as “identities” – of full names and employee numbers, as well as additional information such as phone numbers and email addresses) to compare and confirm that a given user is who they claim to be. The method also checks for the list of systems and application a given user has access to or not using a system of hierarchy.

3. What are the benefits of SSO for end users?

Bringing an entire team on board with sweeping technological changes can be challenging. Employees are often reluctant to adopt new technologies because they want to spend their energy on what really matters to them. Generally speaking, that’s their job. Technology too often ends up being seen as a burden – and rightly so – when it impedes one’s regular workflow rather than actually provide help. If you then consider the training time and efforts required to make use of this so-called hindering technology, you end up with employees that are unsatisfied with their work, less productive, and that circumvent standard procedures to avoid having to deal with what they perceive as negative. Needless to say, this is disastrous from both a personnel and from a financial point of view. In the end, good technology should feel invisible and seamless, perhaps as an extension of one’s will – and never as a barrier. Don’t let your employees fall prey to password fatigue.

For end users, the main benefits of SSOs are tied to their ability to turn a number of user credentials (username and password) into a single set of credentials. Take nurses and physicians, for instance, who nowadays might use up to 100 different applications in their work. Picture yourself having to log onto every single one of these applications to perform each individual routine tasks… in the frenzied world of healthcare, where every second matters. That sounds rather unwieldy, right? Now imagine also having to remember your credentials for every single one of these apps. Of course, you could always cheat and reuse credentials across multiple applications, or be tempted to scribble them down on sticky notes that end up lost and found… by the wrong person. Then, you’d have successfully created an important security breach, on top of having failed to meet basic security protocols.

4. What are the benefits of SSO for managers?

If the disadvantages of multi-application non-SSO environments are hardly quantifiable for your average end user, they certainly are for managers. Did you know that the #1 source of online customer service issues was forgotten or lost user credentials? Never mind the productivity time wasted by employees trying to figure out what their password is (did I properly capitalize the family pet’s name?), then spending more time having to wait for ticket responses. Some employees literally depend on applications to do any work, and remain at the sole mercy of sometimes inefficient customer support to help them get back on track. Said customer support often isn’t free of cost either, so you really end up losing on all fronts.

Even without taking user errors into consideration, credentials take real time to set up and use. How many passwords do you need to set up for each employee? How many employees do you have? How many passwords does your average employee use daily? How fast can they type them? How much loading time is involved in each of these steps? What is the likelihood that they will make mistakes? With some educated guesswork, you can really see how SSO systems lead to concrete ROIs for years to follow if not forever, depending on your plans. Just remember that credentials in of themselves are not the issue; managing many of them is what can become problematic. SSOs attack this problem at its core.

Another great feature is the ability to quickly disable employee access to their applications. This one is particularly useful for larger businesses that often see newer and older employees come and go. Say that each of these employees uses 15 different apps. That’s 15 sets of credentials you need to enable anddisable whenever someone shows up or leaves the company. With SSO, that task becomes much faster and obviously less repetitive.

5. Where have I seen this before?

Several commonly used websites have started to use what is known as “social login” to authenticate their users. Social logins essentially allow you to use your social media credentials – such as your Facebook email and password combination – to log onto select websites without having to create and activate an entirely new account. Social login is growing rapidly, with 20% of people using them over traditional login methods. Understandably, too: the average person has upwards to 25 online accounts and some 6.5 different passwords to manage, although 66% of people use only one or two passwords! Talk about exposing oneself to potential security issues, or even, fraud… Password fatigue is, of course, the main reason for this.

Although social logins share some attributes with SSO, and notably, that a single master set of credentials allows one to access a number of applications, they are not to be confused. First of all, social logins do not provide seamless navigation. Even though only one set of credentials is used, this set must be provided again and again as different tasks are performed unless that “Remember me” box is checked. Second, social logins do not use a third party to confirm a user’s initial identity. SSO, on the other hand, uses a database to confirm that a given user (with a given set of credentials) is actually allowed to access what it is they’re trying to access. Third, SSO can be controlled by hierarchy to grant or revoke access to specific assets. Nobody is ever going to do that with your Twitter account.

Our very own Cimpl solution is a great example of a platform that benefits from ADFS and SSO. Whether managers or employees are trying to get information about their personal or their business’ IT expenses, inventories, or ROIs, Cimpl’s seamless SSO integration makes the task as quick and simple as it can… and should be. We constantly strive to make our solutions feel integral to our user’s tasks, as opposed to an added burden. Do you need to keep track of your IT assets, how much data they use, and how much they costCome check us out.

View All Resources »