Single Sign-On with Force.com and Microsoft Active Directory Federation Services
As I’ve mentioned before here at the Force.com blog, single sign-on (SSO) has become a must-have feature for cloud deployments – users love being able to access cloud-based resources without having to juggle another username/password combination, and IT operations love the control it gives them over users’ access to those resources – when an employee leaves the company, marking them as inactive in the enterprise’s identity store also puts associated cloud-based services out of reach.
In practice, the most common enterprise identity store is Microsoft’s Active Directory. Since the release of Active Directory Federation Services (AD FS) version 2.0 about a year ago, it has been possible to configure SSO from an AD domain to Salesforce and customer apps running on Force.com. In researching an article on setting up SSO with AD FS, I came across Rhys Goodwin‘s excellent blog entry on the topic. With Rhys’ kind permission, I extended and adapted the blog entry as a Developer Force article: Single Sign-On with Force.com and Microsoft Active Directory Federation Services. If you’re seeing co-workers furtively referring to password cheat-sheets as you walk around the office, you might want to take a look at it!